Re: [PATCH v2 1/2] setjmp: Use BSD sematic as default for setjmp

public inbox for libc-alpha@sourceware.org
 help / color / mirror / Atom feed

From: Florian Weimer <fweimer@redhat.com>
To: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
Cc: libc-alpha@sourceware.org,  Carlos O'Donell <carlos@redhat.com>
Subject: Re: [PATCH v2 1/2] setjmp: Use BSD sematic as default for setjmp
Date: Mon, 07 Aug 2023 15:40:51 +0200	[thread overview]
Message-ID: <87y1indl7g.fsf@oldenburg.str.redhat.com> (raw)
In-Reply-To: <a84654ab-aab5-42bd-5f65-94af87326b4c@linaro.org> (Adhemerval Zanella Netto's message of "Mon, 7 Aug 2023 09:59:01 -0300")

* Adhemerval Zanella Netto:

> On 07/08/23 09:54, Florian Weimer wrote:
>> * Adhemerval Zanella Netto:
>> 
>>> On 04/08/23 05:43, Florian Weimer wrote:
>>>> * Adhemerval Zanella:
>>>>
>>>>> POSIX relaxed the relation of setjmp/longjmp and the signal mask
>>>>> save/restore, meaning that setjmp does not require to be routed to
>>>>> _setjmp to be standard compliant.
>>>>>
>>>>> This is done to avoid breakage of SIGABRT handlers, since to fully
>>>>> make abort AS-safe, it is required to remove the recurisve lock
>>>>> used to unblock SIGABRT prior raised the signal.
>>>>>
>>>>> Also, it allows caller to actually use setjmp, since from
>>>>> 7011c2622fe3e10a29dbe74f06aaebd07710127d the symbol is unconditionally
>>>>> routed to _setjmp.
>>>>
>>>> I still think we shouldn't do this due to the performance implications.
>>>
>>> By not changing it and with the abort AS-safe fix, the following code
>>> will always abort the program:
>>>
>>> --
>>>  static jmp_buf jb;
>>>
>>>  static void
>>>  sigabrt_handler (int sig)
>>>  {
>>>    longjmp (jb, 1);
>>>  }
>>>
>>>  struct sigaction sa = { .sa_handler = sigabrt_handler, .sa_flags = 0 };
>>>  sigemptyset (&sa.sa_mask);
>>>  assert (sigaction (SIGABRT, &sa, 0) == 0);
>>>
>>>  if (setjmp (jb) == 0)
>>>    abort ();
>>>
>>>  if (setjmp (jb) == 0)
>>>    abort ();
>>>
>>>  // No reached.
>>> --
>>>
>>> Callers will need to change to sigsetjmp (..., 1) to have the same semantic.
>>> That's the main reason I am suggesting this patch.
>> 
>> Could we just unconditionally unblock SIGABRT at the start of abort,
>> before the raise (SIGABRT) call?  Other signal handlers could still
>> observe this, but I think this change isn't really part of the core
>> async signal safety fix.
>
> My understanding is this still subject to same race condition with fork
> and posix_spawn signal handling setup, and that's why I have removed it.

Concurrent fork from another thread does not matter here because that
copies the signal mask from the fork-calling thread, not the
abort-calling thread.  Does this address your concern?

I think the only gap is another signal being delivered to the
abort-calling thread, and there the unblocking is sort-of implied by
current POSIX anyway, so it's arguably to be observably.

Thanks,
Florian

next prev parent reply	other threads:[~2023-08-07 13:40 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-08-03 17:34 [PATCH v2 0/2] Make abort AS-safe Adhemerval Zanella
2023-08-03 17:34 ` [PATCH v2 1/2] setjmp: Use BSD sematic as default for setjmp Adhemerval Zanella
2023-08-03 18:06   ` Joe Simmons-Talbott
2023-08-03 22:09   ` Joseph Myers
2023-08-04  8:43   ` Florian Weimer
2023-08-04 12:36     ` Adhemerval Zanella Netto
2023-08-05  7:21       ` Paul Zimmermann
2023-08-07 12:54       ` Florian Weimer
2023-08-07 12:59         ` Adhemerval Zanella Netto
2023-08-07 13:40           ` Florian Weimer [this message]
2023-08-07 18:33             ` Adhemerval Zanella Netto
2023-08-07 19:51               ` Florian Weimer
2023-08-07 20:49                 ` Adhemerval Zanella Netto
2023-08-03 17:34 ` [PATCH v2 2/2] stdlib: Make abort AS-safe (BZ 26275) Adhemerval Zanella
2023-08-03 18:05   ` Joe Simmons-Talbott

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87y1indl7g.fsf@oldenburg.str.redhat.com \
    --to=fweimer@redhat.com \
    --cc=adhemerval.zanella@linaro.org \
    --cc=carlos@redhat.com \
    --cc=libc-alpha@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).