From: Alexandre Oliva <aoliva-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Peng Haitao <penght-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
Cc: Carlos O'Donell <carlos-v2tUB8YBRSi3e3T8WW9gsA@public.gmane.org>,
"Michael Kerrisk (man-pages)"
<mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
"linux-man@vger.kernel.org"
<linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Torvald Riegel <triegel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Subject: Re: Differences between man-pages and libc manual safety markings
Date: Thu, 23 Oct 2014 04:16:42 -0200 [thread overview]
Message-ID: <oroat3wbsl.fsf@free.home> (raw)
In-Reply-To: <54461F16.2080705-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org> (Peng Haitao's message of "Tue, 21 Oct 2014 16:53:42 +0800")
On Oct 21, 2014, Peng Haitao <penght-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org> wrote:
> The codes of ctermid() and cuserid() are similar to tmpnam(),
Not quite.
ctermid copies a constant string to the static buffer, so any thread
calls it with a NULL string will cause the copy to be done, and when it
is complete, nothing different will ever be stored in that buffer, so
the thread that completed the call can safely read from the static
buffer, and expect to get the constant string.
tmpnam does not copy a constant string to the static buffer, so each
call may store a different string in it, so race protection is
necessary.
cuserid is somewhere in between: as long as euid doesn't change, and the
same login name is found for that euid, the string will remain the same.
I'm concerned I may have missed the static buffer in the analysis,
though, because I didn't mention it in the comments, and I don't
remember having taking it into account (but then, I don't remember the
analysis of this particular function in any other way ;-).
I'm inclined to decide the glibc manual entry is missing a MT-Unsafe
race:cuserid/!string annotation for cuserid.
As for ctermid, I admit that, strictly speaking, there's a potential
race as defined by POSIX: one thread may be reading from the static
buffer while another is overwriting it with the same bytes, without any
intervening synchronization operation. I decided that this is a
harmless race. However, should a machine be unable to perform
char-sized writes, and instead resorted to larger-sized
read-modify-write cycles, then a strcpy implementation that modified one
byte at a time with such cycles could race with itself, even writing the
same sequence of bytes in the same order. However, if we had such a
machine, and we didn't optimize strcpy to coalesce writes to bytes in
the same word into a single read-modify-write cycle, we'd be failing at
a far more fundamental level. So I crossed my fingers and hoped we'd
always have such optimizations, so that the potential race would never
become a real problem in this case.
--
Alexandre Oliva, freedom fighter http://FSFLA.org/~lxoliva/
You must be the change you wish to see in the world. -- Gandhi
Be Free! -- http://FSFLA.org/ FSF Latin America board member
Free Software Evangelist|Red Hat Brasil GNU Toolchain Engineer
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2014-10-23 6:16 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-17 13:26 Differences between man-pages and libc manual safety markings Michael Kerrisk (man-pages)
[not found] ` <544118FA.3070003-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2014-10-20 15:47 ` Carlos O'Donell
[not found] ` <CAE2sS1jbGRT4uvBBVAPJkX2Mi4gHG=ii_G713MHhQzyGxO4yyw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-10-21 8:53 ` Peng Haitao
[not found] ` <54461F16.2080705-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2014-10-23 6:16 ` Alexandre Oliva [this message]
[not found] ` <oroat3wbsl.fsf-pcXFJVXz+5uzQB+pC5nmwQ@public.gmane.org>
2014-10-23 9:29 ` Torvald Riegel
[not found] ` <1414056576.8483.79.camel-I2ZjUw8blINjztcc/or7kQ@public.gmane.org>
2014-10-24 11:48 ` Alexandre Oliva
[not found] ` <or38adofh9.fsf-pcXFJVXz+5uzQB+pC5nmwQ@public.gmane.org>
2014-10-24 12:12 ` Torvald Riegel
[not found] ` <1414152747.18538.26.camel-I2ZjUw8blINjztcc/or7kQ@public.gmane.org>
2014-10-24 16:31 ` Alexandre Oliva
[not found] ` <orioj9bfaa.fsf-pcXFJVXz+5uzQB+pC5nmwQ@public.gmane.org>
2014-10-24 19:15 ` Torvald Riegel
[not found] ` <1414178101.18538.53.camel-I2ZjUw8blINjztcc/or7kQ@public.gmane.org>
2014-10-30 18:24 ` Alexandre Oliva
[not found] ` <orbnottnzb.fsf-pcXFJVXz+5uzQB+pC5nmwQ@public.gmane.org>
2014-10-30 19:01 ` Torvald Riegel
[not found] ` <1414695671.10085.180.camel-I2ZjUw8blINjztcc/or7kQ@public.gmane.org>
2014-11-01 8:48 ` Alexandre Oliva
[not found] ` <ora94b8fxl.fsf-pcXFJVXz+5uzQB+pC5nmwQ@public.gmane.org>
2014-11-01 10:47 ` Torvald Riegel
[not found] ` <1414838867.10085.431.camel-I2ZjUw8blINjztcc/or7kQ@public.gmane.org>
2014-11-01 18:32 ` Alexandre Oliva
[not found] ` <orwq7e22n2.fsf-pcXFJVXz+5uzQB+pC5nmwQ@public.gmane.org>
2014-11-01 18:58 ` Torvald Riegel
[not found] ` <1414868298.10085.488.camel-I2ZjUw8blINjztcc/or7kQ@public.gmane.org>
2014-11-03 5:13 ` Alexandre Oliva
[not found] ` <or4mug27f7.fsf-pcXFJVXz+5uzQB+pC5nmwQ@public.gmane.org>
2014-11-03 16:10 ` Torvald Riegel
[not found] ` <1415031006.4531.44.camel-I2ZjUw8blINjztcc/or7kQ@public.gmane.org>
2014-11-04 0:18 ` Alexandre Oliva
2014-10-27 20:46 ` Mark Thompson
[not found] ` <544EAF20.8050509-W77v16wj1OVeoWH0uzbU5w@public.gmane.org>
2014-10-29 8:55 ` Alexandre Oliva
[not found] ` <ork33jqmqe.fsf-pcXFJVXz+5uzQB+pC5nmwQ@public.gmane.org>
2014-10-29 9:12 ` Torvald Riegel
[not found] ` <1414573935.18538.74.camel-I2ZjUw8blINjztcc/or7kQ@public.gmane.org>
2014-10-30 18:00 ` Alexandre Oliva
[not found] ` <orfve5tp3e.fsf-pcXFJVXz+5uzQB+pC5nmwQ@public.gmane.org>
2014-10-30 18:41 ` Torvald Riegel
[not found] ` <1414694486.10085.165.camel-I2ZjUw8blINjztcc/or7kQ@public.gmane.org>
2014-11-01 8:24 ` Alexandre Oliva
[not found] ` <oregtn8h23.fsf-pcXFJVXz+5uzQB+pC5nmwQ@public.gmane.org>
2014-11-01 12:40 ` Torvald Riegel
[not found] ` <1414845631.10085.474.camel-I2ZjUw8blINjztcc/or7kQ@public.gmane.org>
2014-11-01 18:22 ` Alexandre Oliva
[not found] ` <or1tpm3hn5.fsf-pcXFJVXz+5uzQB+pC5nmwQ@public.gmane.org>
2014-11-01 19:54 ` Torvald Riegel
[not found] ` <1414871691.10085.529.camel-I2ZjUw8blINjztcc/or7kQ@public.gmane.org>
2014-11-03 5:43 ` Alexandre Oliva
[not found] ` <orzjc8zvn6.fsf-pcXFJVXz+5uzQB+pC5nmwQ@public.gmane.org>
2014-11-03 13:07 ` Mark Thompson
[not found] ` <54577E17.7000109-W77v16wj1OVeoWH0uzbU5w@public.gmane.org>
2014-11-19 0:26 ` Alexandre Oliva
2014-11-03 15:55 ` Torvald Riegel
2014-10-24 12:14 ` Torvald Riegel
2014-10-21 8:31 ` Peng Haitao
2015-01-07 6:12 ` Michael Kerrisk (man-pages)
2015-01-07 6:16 ` Michael Kerrisk (man-pages)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=oroat3wbsl.fsf@free.home \
--to=aoliva-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=carlos-v2tUB8YBRSi3e3T8WW9gsA@public.gmane.org \
--cc=linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=penght-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org \
--cc=triegel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).