windows: xp rwlock fallback is unsound #515
Labels
Comments
piscisaureus
added a commit
to piscisaureus/libuv
that referenced
this issue
Sep 8, 2015
Before this patch an uv_mutex_t (backed by a critical section) could be released by a tread different from the thread that acquired it, which is not allowed. This is fixed by using a semaphore instead. BUG: libuv#515
piscisaureus
added a commit
to piscisaureus/libuv
that referenced
this issue
Sep 11, 2015
Before this patch an uv_mutex_t (backed by a critical section) could be released by a tread different from the thread that acquired it, which is not allowed. This is fixed by using a semaphore instead. Note that the affected code paths were used on Windows XP and Windows Server 2003 only. Fixes: libuv#515 PR-URL: libuv#516 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
piscisaureus
added a commit
to piscisaureus/libuv
that referenced
this issue
Sep 11, 2015
Before this patch an uv_mutex_t (backed by a critical section) could be released by a tread different from the thread that acquired it, which is not allowed. This is fixed by using a semaphore instead. Note that the affected code paths were used on Windows XP and Windows Server 2003 only. Fixes: libuv#515 PR-URL: libuv#516 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
|
Fixed by #516. |
|
For posterity, this seems to have been a known issue since at least November 2014: https://groups.google.com/d/msg/libuv/KyNnGEXR0OA/NWb605ev2LUJ |
bnoordhuis
pushed a commit
to bnoordhuis/libuv
that referenced
this issue
Sep 11, 2015
Before this patch an uv_mutex_t (backed by a critical section) could be released by a tread different from the thread that acquired it, which is not allowed. This is fixed by using a semaphore instead. Note that the affected code paths were used on Windows XP and Windows Server 2003 only. This is a back-port of commit 3eb6764 from th v1.x branch. Fixes: libuv#515
bnoordhuis
pushed a commit
to bnoordhuis/libuv
that referenced
this issue
Sep 11, 2015
Before this patch an uv_mutex_t (backed by a critical section) could be released by a tread different from the thread that acquired it, which is not allowed. This is fixed by using a semaphore instead. Note that the affected code paths were used on Windows XP and Windows Server 2003 only. This is a back-port of commit 3eb6764 from the v1.x branch. Fixes: libuv#515
piscisaureus
added a commit
to piscisaureus/libuv
that referenced
this issue
Sep 17, 2015
Previously, on Windows Vista and later, we'd use the Windows native SRWLock APIs. However they turned out to be semantically incompatible with pthread read-write locks and/or plain buggy. This patch makes sure that the custom implementation that was previously only used on old Windows versions is now used everywhere. This patch fixes a number of issues with the old fallback implementation. Specifically: * The reader count would not be incremented when a thread successfully acquired a read lock while another thread *also* held a read lock. * `uv_rwlock_tryrdlock()` and `uv_rwlock_trywrlock()` now consistently return UV_EBUSY when a lock couldn't be acquired. * Any unexpected errors now cause libuv to abort, with the exception of `uv_rwlock_init()`. See also libuv#515. PR-URL: libuv#525
piscisaureus
added a commit
to piscisaureus/libuv
that referenced
this issue
Sep 22, 2015
Previously, on Windows Vista and later, we'd use the Windows native SRWLock APIs. However they turned out to be semantically incompatible with pthread read-write locks and/or plain buggy. This patch makes sure that the custom implementation that was previously only used on old Windows versions is now used everywhere. This patch fixes a number of issues with the old fallback implementation. Specifically: * The reader count would not be incremented when a thread successfully acquired a read lock while another thread *also* held a read lock. * `uv_rwlock_tryrdlock()` and `uv_rwlock_trywrlock()` now consistently return UV_EBUSY when a lock couldn't be acquired. * Any unexpected errors now cause libuv to abort, with the exception of `uv_rwlock_init()`. See also libuv#515. PR-URL: libuv#525 Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
evanlucas
pushed a commit
to evanlucas/libuv
that referenced
this issue
Dec 5, 2015
Before this patch an uv_mutex_t (backed by a critical section) could be released by a tread different from the thread that acquired it, which is not allowed. This is fixed by using a semaphore instead. Note that the affected code paths were used on Windows XP and Windows Server 2003 only. Fixes: libuv#515 PR-URL: libuv#516 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
evanlucas
pushed a commit
to evanlucas/libuv
that referenced
this issue
Dec 5, 2015
Previously, on Windows Vista and later, we'd use the Windows native SRWLock APIs. However they turned out to be semantically incompatible with pthread read-write locks and/or plain buggy. This patch makes sure that the custom implementation that was previously only used on old Windows versions is now used everywhere. This patch fixes a number of issues with the old fallback implementation. Specifically: * The reader count would not be incremented when a thread successfully acquired a read lock while another thread *also* held a read lock. * `uv_rwlock_tryrdlock()` and `uv_rwlock_trywrlock()` now consistently return UV_EBUSY when a lock couldn't be acquired. * Any unexpected errors now cause libuv to abort, with the exception of `uv_rwlock_init()`. See also libuv#515. PR-URL: libuv#525 Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
saghul
pushed a commit
to saghul/libuv
that referenced
this issue
Jun 9, 2016
Before this patch an uv_mutex_t (backed by a critical section) could be released by a tread different from the thread that acquired it, which is not allowed. This is fixed by using a semaphore instead. Note that the affected code paths were used on Windows XP and Windows Server 2003 only. This is a back-port of commits 3eb6764, 1ad6ad7, 9a4fd26, 9823922 85adf43 and bd1777f from the v1.x branch. Fixes: libuv#515 Refs: libuv#525
saghul
pushed a commit
to saghul/libuv
that referenced
this issue
Jun 9, 2016
Before this patch an uv_mutex_t (backed by a critical section) could be released by a tread different from the thread that acquired it, which is not allowed. This is fixed by using a semaphore instead. Note that the affected code paths were used on Windows XP and Windows Server 2003 only. This is a back-port of commits 3eb6764, 1ad6ad7, 9a4fd26, 9823922 85adf43 and bd1777f from the v1.x branch. Fixes: libuv#515 Refs: libuv#525
saghul
pushed a commit
to saghul/libuv
that referenced
this issue
Jun 11, 2016
Before this patch an uv_mutex_t (backed by a critical section) could be released by a tread different from the thread that acquired it, which is not allowed. This is fixed by using a semaphore instead. Note that the affected code paths were used on Windows XP and Windows Server 2003 only. This is a back-port of commits 3eb6764, 1ad6ad7, 9a4fd26, 9823922 85adf43 and bd1777f from the v1.x branch. Fixes: libuv#515 Refs: libuv#525 PR-URL: libuv#903 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Bert Belder <bertbelder@gmail.com>
rvagg
added a commit
to nodejs/node
that referenced
this issue
Jun 23, 2016
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * libuv: (CVE-2014-9748) Fixes a bug in the read/write locks implementation for Windows XP and Windows 2003 that can lead to undefined and potentially unsafe behaviour. More information can be found at libuv/libuv#515 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. * V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability discovered in V8, more details can be found in the CVE CVE-2016-1669 at https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. Commits: * [3374f57] - deps: update libuv to 0.10.37 (Saúl Ibarra Corretgé) #7293 * [fcb9145] - deps: backport 3a9bfec from v8 upstream (Myles Borins) nodejs-private/node-private#43 PR-URL: nodejs-private/node-private#52
rvagg
added a commit
to nodejs/node
that referenced
this issue
Jun 23, 2016
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * libuv: (CVE-2014-9748) Fixes a bug in the read/write locks implementation for Windows XP and Windows 2003 that can lead to undefined and potentially unsafe behaviour. More information can be found at libuv/libuv#515 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. * V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability discovered in V8, more details can be found in the CVE at https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. PR-URL: nodejs-private/node-private#53
bradleythughes
added a commit
to bradleythughes/freebsd-ports
that referenced
this issue
Jun 24, 2016
Notable changes: This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ for details on patched vulnerabilities. - libuv: (CVE-2014-9748) Fixes a bug in the read/write locks implementation for Windows XP and Windows 2003 that can lead to undefined and potentially unsafe behaviour. More information can be found at libuv/libuv#515 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. - V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability discovered in V8, more details can be found in the CVE at https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. See the full release announcement here: https://nodejs.org/en/blog/release/v0.10.46/
bradleythughes
added a commit
to bradleythughes/freebsd-ports
that referenced
this issue
Jun 24, 2016
Notable changes: This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ for details on patched vulnerabilities. - libuv: (CVE-2014-9748) Fixes a bug in the read/write locks implementation for Windows XP and Windows 2003 that can lead to undefined and potentially unsafe behaviour. More information can be found at libuv/libuv#515 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. - V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability discovered in V8, more details can be found in the CVE at https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. See the full release announcement here: https://nodejs.org/en/blog/release/v0.12.15/
imyller
added a commit
to imyller/meta-nodejs
that referenced
this issue
Jun 25, 2016
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * libuv: (CVE-2014-9748) Fixes a bug in the read/write locks implementation for Windows XP and Windows 2003 that can lead to undefined and potentially unsafe behaviour. More information can be found at libuv/libuv#515 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. * V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability discovered in V8, more details can be found in the CVE CVE-2016-1669 at https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. Signed-off-by: Ilkka Myller <ilkka.myller@nodefield.com>
imyller
added a commit
to imyller/meta-nodejs
that referenced
this issue
Jun 25, 2016
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * libuv: (CVE-2014-9748) Fixes a bug in the read/write locks implementation for Windows XP and Windows 2003 that can lead to undefined and potentially unsafe behaviour. More information can be found at libuv/libuv#515 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. * V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability discovered in V8, more details can be found in the CVE at https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. Signed-off-by: Ilkka Myller <ilkka.myller@nodefield.com>
imyller
added a commit
to imyller/meta-nodejs
that referenced
this issue
Jun 25, 2016
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * libuv: (CVE-2014-9748) Fixes a bug in the read/write locks implementation for Windows XP and Windows 2003 that can lead to undefined and potentially unsafe behaviour. More information can be found at libuv/libuv#515 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. * V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability discovered in V8, more details can be found in the CVE CVE-2016-1669 at https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. Signed-off-by: Ilkka Myller <ilkka.myller@nodefield.com>
imyller
added a commit
to imyller/meta-nodejs
that referenced
this issue
Jun 25, 2016
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * libuv: (CVE-2014-9748) Fixes a bug in the read/write locks implementation for Windows XP and Windows 2003 that can lead to undefined and potentially unsafe behaviour. More information can be found at libuv/libuv#515 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. * V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability discovered in V8, more details can be found in the CVE at https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. Signed-off-by: Ilkka Myller <ilkka.myller@nodefield.com>
uqs
pushed a commit
to freebsd/freebsd-ports
that referenced
this issue
Jun 30, 2016
This is a security release. Please read https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ for details. - libuv: (CVE-2014-9748) Fixes a bug in the read/write locks implementation for Windows XP and Windows 2003 that can lead to undefined and potentially unsafe behaviour. More information can be found at libuv/libuv#515 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. - V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability discovered in V8, more details can be found in the CVE at https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 PR: 210521 Changes: https://nodejs.org/en/blog/release/v0.12.15/ Submitted by: Bradley T. Hughes <bradleythughes@fastmail.fm> (maintainer) git-svn-id: svn+ssh://svn.freebsd.org/ports/head@417809 35697150-7ecd-e111-bb59-0022644237b5
uqs
pushed a commit
to freebsd/freebsd-ports
that referenced
this issue
Jun 30, 2016
This is a security release. Please read https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ for details. - libuv: (CVE-2014-9748) Fixes a bug in the read/write locks implementation for Windows XP and Windows 2003 that can lead to undefined and potentially unsafe behaviour. More information can be found at libuv/libuv#515 - V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability discovered in V8, more details can be found in the CVE at https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 PR: 210522 Changes: https://nodejs.org/en/blog/release/v0.10.46/ Submitted by: Bradley T. Hughes <bradleythughes@fastmail.fm> (maintainer) git-svn-id: svn+ssh://svn.freebsd.org/ports/head@417810 35697150-7ecd-e111-bb59-0022644237b5
uqs
pushed a commit
to freebsd/freebsd-ports
that referenced
this issue
Jun 30, 2016
This is a security release. Please read https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ for details. - libuv: (CVE-2014-9748) Fixes a bug in the read/write locks implementation for Windows XP and Windows 2003 that can lead to undefined and potentially unsafe behaviour. More information can be found at libuv/libuv#515 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. - V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability discovered in V8, more details can be found in the CVE at https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 PR: 210521 Changes: https://nodejs.org/en/blog/release/v0.12.15/ Submitted by: Bradley T. Hughes <bradleythughes@fastmail.fm> (maintainer)
uqs
pushed a commit
to freebsd/freebsd-ports
that referenced
this issue
Jun 30, 2016
This is a security release. Please read https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ for details. - libuv: (CVE-2014-9748) Fixes a bug in the read/write locks implementation for Windows XP and Windows 2003 that can lead to undefined and potentially unsafe behaviour. More information can be found at libuv/libuv#515 - V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability discovered in V8, more details can be found in the CVE at https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 PR: 210522 Changes: https://nodejs.org/en/blog/release/v0.10.46/ Submitted by: Bradley T. Hughes <bradleythughes@fastmail.fm> (maintainer)
jBarz
pushed a commit
to ibmruntimes/node
that referenced
this issue
Nov 4, 2016
Original commit message:
win: fix unsavory rwlock fallback implementation
Before this patch an uv_mutex_t (backed by a critical section) could be
released by a tread different from the thread that acquired it, which is
not allowed. This is fixed by using a semaphore instead.
Note that the affected code paths were used on Windows XP and Windows
Server 2003 only.
Fixes: libuv/libuv#515
PR-URL: libuv/libuv#516
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
PR-URL: https://github.com/nodejs/node-private/pull/54
Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
jBarz
pushed a commit
to ibmruntimes/node
that referenced
this issue
Nov 4, 2016
Original commit message:
win: redo/fix the uv_rwlock APIs
Previously, on Windows Vista and later, we'd use the Windows native
SRWLock APIs. However they turned out to be semantically incompatible
with pthread read-write locks and/or plain buggy. This patch makes sure
that the custom implementation that was previously only used on old
Windows versions is now used everywhere.
This patch fixes a number of issues with the old fallback
implementation. Specifically:
* The reader count would not be incremented when a thread successfully
acquired a read lock while another thread *also* held a read lock.
* `uv_rwlock_tryrdlock()` and `uv_rwlock_trywrlock()` now
consistently return UV_EBUSY when a lock couldn't be acquired.
* Any unexpected errors now cause libuv to abort, with the exception of
`uv_rwlock_init()`.
See also libuv/libuv#515.
PR-URL: libuv/libuv#525
Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
PR-URL: https://github.com/nodejs/node-private/pull/54
Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
jBarz
pushed a commit
to ibmruntimes/node
that referenced
this issue
Nov 4, 2016
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * libuv: (CVE-2014-9748) Fixes a bug in the read/write locks implementation for Windows XP and Windows 2003 that can lead to undefined and potentially unsafe behaviour. More information can be found at libuv/libuv#515 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. * V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability discovered in V8, more details can be found in the CVE at https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. PR-URL: https://github.com/nodejs/node-private/pull/53
svmhdvn
pushed a commit
to svmhdvn/freebsd-ports
that referenced
this issue
Jan 10, 2024
This is a security release. Please read https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ for details. - libuv: (CVE-2014-9748) Fixes a bug in the read/write locks implementation for Windows XP and Windows 2003 that can lead to undefined and potentially unsafe behaviour. More information can be found at libuv/libuv#515 or at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/. - V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability discovered in V8, more details can be found in the CVE at https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 PR: 210521 Changes: https://nodejs.org/en/blog/release/v0.12.15/ Submitted by: Bradley T. Hughes <bradleythughes@fastmail.fm> (maintainer)
svmhdvn
pushed a commit
to svmhdvn/freebsd-ports
that referenced
this issue
Jan 10, 2024
This is a security release. Please read https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ for details. - libuv: (CVE-2014-9748) Fixes a bug in the read/write locks implementation for Windows XP and Windows 2003 that can lead to undefined and potentially unsafe behaviour. More information can be found at libuv/libuv#515 - V8: (CVE-2016-1669) Fixes a potential Buffer overflow vulnerability discovered in V8, more details can be found in the CVE at https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669 PR: 210522 Changes: https://nodejs.org/en/blog/release/v0.10.46/ Submitted by: Bradley T. Hughes <bradleythughes@fastmail.fm> (maintainer)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It was pointed out by Zhou Ran that the fallback write mutex can end up getting unlocked by a different thread than the one that locked it, resulting in undefined behavior. Consider a rwlock that is initially unlocked:
Thread A: increments reader count at t0 -> acquires write lock at t0 -> decrements reader count at t2
Thread B: increments reader count at t1 -> decrements reader count at t3 -> releases write lock at t3
See also nodejs/node#2723
The text was updated successfully, but these errors were encountered: