From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com [IPv6:2607:f8b0:4864:20::32c]) by sourceware.org (Postfix) with ESMTPS id DB32E3858D1E for ; Wed, 2 Aug 2023 12:48:15 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org DB32E3858D1E Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org Received: by mail-ot1-x32c.google.com with SMTP id 46e09a7af769-6bca7d82d54so2428689a34.3 for ; Wed, 02 Aug 2023 05:48:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1690980495; x=1691585295; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:from:to:cc:subject:date:message-id:reply-to; bh=0G4SNoyxHWXBh0SxBWqpoLdZzrI4WDZNUy8hJYpW21s=; b=pvwByy2NmSnd1cxskLNn6EMtKm9fI0in0mMjDZ9TsQeLUCHoPVkK9YeQ248vIF61YI XBKSJcpETVkRFtA+XGMKyI2rKLJYnpEFrMp2e/pYFmRrOl3INcRo1R7875g/R8AIGql4 HkRLZ/AGBSebXYNTY1KChPXT/C4u6m/JBAdQ6p26RngQFdQVRyuiBNxCZcL+qq1jdLdy XDbr5RZyKPFIQuiOPG6yuojj/Qxozho7qJxW+0282vQ2AM4pxBcMTbEhSHXTOLh1MVNX VUzyrFzn62mjY+XRjGeztee3uLBBuqHSzfzUqfh9Cvk1TLjdkw6V5VYHFreT0G9Nf/QC BzZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690980495; x=1691585295; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=0G4SNoyxHWXBh0SxBWqpoLdZzrI4WDZNUy8hJYpW21s=; b=dA3vRFslRYGQnr0LkhtS4YdLloooNcvSuDYZLjC0ycmdKx16fQ1AyJJC2vjROnxztA WxYm0BtOKZ8UqtTHn24DfxsDeW5n0KUlh6PqslYcOKfXXwxxAZEF9gWJWG8FRTY7iDmW coVvvZqxQ8R0auF4eXYnVjlscdL1kYnWGtKYj0rSs4QHRKg/24+Ffy8MzuIKCby1nd0R OsGDdx8Gel0PrKRwcayjxiprwrLGeLd9yQgJUxaWJjs4xNgzxcTJQ85TJbZpO9mjnq0K ejGrw2OiQU2TgoLf17yVVhfUdrdODt8xblwC+zegZoH1QFZ0XsKrF0rBX48BVVhHN3yF m8AQ== X-Gm-Message-State: ABy/qLYOZKY/LyiMRsY7ZaLvY6f0y16DKZAHX1/BOqbtvkZ3YjJsRUd8 qZpXH5CKTMfMN/iYh0+cnZcWUVouL2toNA0pgNkhjg== X-Google-Smtp-Source: APBJJlFkG4pTMbVkn0DOFN2l/M4yjtFPMN+Y6/VuSq9gr5Bd9n9mv0ALapzrJ/XbCEBSrUc8wYVKyw== X-Received: by 2002:a05:6870:1486:b0:1bb:b337:fdc7 with SMTP id k6-20020a056870148600b001bbb337fdc7mr16656696oab.59.1690980495060; Wed, 02 Aug 2023 05:48:15 -0700 (PDT) Received: from ?IPV6:2804:1b3:a7c1:9aa9:84f6:53b3:4cd0:ffe6? ([2804:1b3:a7c1:9aa9:84f6:53b3:4cd0:ffe6]) by smtp.gmail.com with ESMTPSA id f3-20020a056870d30300b001b36699bd5fsm6491816oag.35.2023.08.02.05.48.13 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 02 Aug 2023 05:48:14 -0700 (PDT) Message-ID: Date: Wed, 2 Aug 2023 09:48:11 -0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 Subject: Re: [PATCH 1/2] setjmp: Use BSD sematic as default for setjmp Content-Language: en-US To: Florian Weimer Cc: Adhemerval Zanella via Libc-alpha , Carlos O'Donell References: <20230731171900.4065501-1-adhemerval.zanella@linaro.org> <20230731171900.4065501-2-adhemerval.zanella@linaro.org> <871qgn5fds.fsf@oldenburg.str.redhat.com> <40947004-fcac-d50c-feea-3a6512a10d69@linaro.org> <87cz05yivp.fsf@oldenburg.str.redhat.com> <87r0olsjiq.fsf@oldenburg.str.redhat.com> From: Adhemerval Zanella Netto Organization: Linaro In-Reply-To: <87r0olsjiq.fsf@oldenburg.str.redhat.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-5.3 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 02/08/23 09:42, Florian Weimer wrote: > * Adhemerval Zanella Netto: > >> On 02/08/23 04:59, Florian Weimer wrote: >>> * Adhemerval Zanella Netto: >>> >>>> On 01/08/23 05:35, Florian Weimer wrote: >>>>> * Adhemerval Zanella via Libc-alpha: >>>>> >>>>>> POSIX relaxed the relation of setjmp/longjmp and the signal mask >>>>>> save/restore, meaning that setjmp does not require to be routed to >>>>>> _setjmp to be standard compliant. >>>>>> >>>>>> This is done to avoid breakage of SIGABRT handlers, since to fully >>>>>> make abort AS-safe, it is required to remove the recurisve lock >>>>>> used to unblock SIGABRT prior raised the signal. >>>>>> >>>>>> Also, it allows caller to actually use setjmp, since from >>>>>> 7011c2622fe3e10a29dbe74f06aaebd07710127d the symbol is unconditionally >>>>>> routed to _setjmp. >>>>> >>>>> Doesn't this have non-trivial performance impact? >>>> >>>> Yes, it is two extra sigprocmask to get/set the signal mask. This is >>>> not *strictly* required, but the SIGABRT on abort generates racy >>>> conditions on process creation and. This patch can be dropped, but it >>>> would mean that to get expected semantic for abort handlers will need >>>> to use sigsetjmp (..., 1) instead of setjmp. >>> >>> Sorry, I don't understand? With the current locking, this change should >>> really not be required because the user SIGABRT handler does not run >>> with the signal mask changed. >>> >> >> This change is only required to keep the same semantic of setjmp/longjmp >> regarding SIGABRT handler, where current code keeps subsequent SIGABRT >> installed with default flags to not keep the signal masked. Otherwise, >> users that callers that handle SIGABRT will need to either a different >> sigaction mask that do no change the blocked signals while handling >> the signal, call sigprocmask after SIGABRT returns from longjmp, or >> use sigsetjmp. > > Sorry, I still don't see it. The new code switches the handler to > SIG_DFL atomically and blocks further sigaction calls. This extends to > subprocesses because creating them is inhibited, too. I think this > means that the difference in signal handler masking is not observable. But this change it no to handle if raise returns, but rather if you have a SIGABRT handler that does not (like the fortify tests) installed with default flags. In this case, the kernel will add SIGABRT on the masked signal, longjmp will return to setjmp with the SIGBRT handler set mask, and the next SIGABRT won't trigger the handler