Fix signal masking race in worker_loop

talex5 · talex5 · commit 52596733b92b · 2023-07-12T09:50:06.000+01:00
If an OCaml signal handler runs in a Lwt worker thread then the process
will dereference a NULL pointer and crash. The worker tried to avoid
this by masking out all signals after starting, but by then it may be
too late. Now, we mask out signals before creating a worker thread and
then restore the mask in the main thread afterwards.
diff --git a/src/unix/lwt_unix_stubs.c b/src/unix/lwt_unix_stubs.c
@@ -169,16 +169,25 @@ value lwt_unix_system_byte_order() {
 int lwt_unix_launch_thread(void *(*start)(void *), void *data) {
   pthread_t thread;
   pthread_attr_t attr;
+  sigset_t mask, old_mask;
 
   pthread_attr_init(&attr);
 
   /* The thread is created in detached state so we do not have to join
      it when it terminates: */
   pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
 
+  /* Block all signals, otherwise ocaml handlers defined with the
+     module Sys may be executed in the new thread, oops... */
+  sigfillset(&mask);
+  pthread_sigmask(SIG_SETMASK, &mask, &old_mask);
+
   int zero_if_created_otherwise_errno =
       pthread_create(&thread, &attr, start, data);
 
+  /* Restore the signal mask for the calling thread. */
+  pthread_sigmask(SIG_SETMASK, &old_mask, NULL);
+
   pthread_attr_destroy(&attr);
 
   return zero_if_created_otherwise_errno;
@@ -978,18 +987,11 @@ void initialize_threading() {
    | Worker loop                                                     |
    +-----------------------------------------------------------------+ */
 
-/* Function executed by threads of the pool. */
+/* Function executed by threads of the pool.
+ * Note: all signals are masked for this thread. */
 static void *worker_loop(void *data) {
   lwt_unix_job job = (lwt_unix_job)data;
 
-#if defined(HAVE_PTHREAD)
-  /* Block all signals, otherwise ocaml handlers defined with the
-     module Sys may be executed in this thread, oops... */
-  sigset_t mask;
-  sigfillset(&mask);
-  pthread_sigmask(SIG_SETMASK, &mask, NULL);
-#endif
-
   /* Execute the initial job if any. */
   if (job != NULL) execute_job(job);
 
