From: Laszlo Ersek <lersek@redhat.com>
To: Max Filippov <jcmvbkbc@gmail.com>
Cc: "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] audit needed for signal handlers
Date: Tue, 12 Nov 2013 13:24:40 +0100 [thread overview]
Message-ID: <52821E08.8030508@redhat.com> (raw)
In-Reply-To: <CAMo8Bf+jJuArKvjSTi5wj5HqWkYSVZwmY7YCctJrtOh1qK55Xg@mail.gmail.com>
On 11/11/13 19:03, Max Filippov wrote:
> On Mon, Nov 11, 2013 at 8:50 PM, Eric Blake <eblake@redhat.com> wrote:
>> Quick - identify the bug in this code (from ui/curses.c):
>>
>> static void curses_winch_handler(int signum)
>> {
>> struct winsize {
>> unsigned short ws_row;
>> unsigned short ws_col;
>> unsigned short ws_xpixel; /* unused */
>> unsigned short ws_ypixel; /* unused */
>> } ws;
>>
>> /* terminal size changed */
>> if (ioctl(1, TIOCGWINSZ, &ws) == -1)
>
> An unsafe function is called in a signal. See man 7 signal,
> section 'Async-signal-safe functions'. This should be avoided.
>
>> return;
>>
>> resize_term(ws.ws_row, ws.ws_col);
>> curses_calc_pad();
>> invalidate = 1;
>>
>> /* some systems require this */
>> signal(SIGWINCH, curses_winch_handler);
>> }
>>
>> Here's a hint: ioctl() can clobber errno.
>
> I believe it cannot, at least in linux, as technically the signal
> handler is always called in a new thread, specifically created
> to only handle that signal, and errno should be thread-local.
That's incorrect (*). The handler runs on a new *stack frame*, but
inside the same thread. You can specify an alternate stack for signal
handlers to run on in advance (see SA_ONSTACK / sigaltstack()), in which
case the new stack frame will be "allocated" there. Otherwise the system
will just use the normal stack. The handler indeed runs like an
"unexpected", "out-of-the-blue" normal function call.
It is actually pretty vital that the handler is run by the specific
thread that the signal has been delivered to.
(*) Example code (not a correct/portable program due to the race on
"errno", but it does disprove the idea that errno is "protected" on Linux):
#define _XOPEN_SOURCE 600
#include <unistd.h>
#include <errno.h>
#include <signal.h>
#include <stdio.h>
static void ringring(int signum)
{
errno = -12;
}
int main(void)
{
sigaction(SIGALRM,
&(struct sigaction){ .sa_handler = &ringring },
NULL);
alarm(1);
errno = 0;
/* pause() would clobber errno */
while (errno == 0)
;
printf("%d\n", errno);
return 0;
}
Thanks
Laszlo
prev parent reply other threads:[~2013-11-12 12:22 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-11 16:50 [Qemu-devel] audit needed for signal handlers Eric Blake
2013-11-11 16:56 ` Anthony Liguori
2013-11-11 17:03 ` Eric Blake
2013-11-11 17:05 ` Paolo Bonzini
2013-11-11 17:08 ` Eric Blake
2013-11-11 17:11 ` Paolo Bonzini
2013-11-11 17:13 ` Peter Maydell
2013-11-11 17:22 ` Eric Blake
2013-11-11 17:47 ` Paolo Bonzini
2013-11-12 8:18 ` Gerd Hoffmann
2013-11-12 12:07 ` Laszlo Ersek
2013-11-11 17:11 ` Peter Maydell
2013-11-11 18:03 ` Max Filippov
2013-11-12 12:24 ` Laszlo Ersek [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52821E08.8030508@redhat.com \
--to=lersek@redhat.com \
--cc=jcmvbkbc@gmail.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.