From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=XNoo=LA=lists.denx.de=u-boot-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.3 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,
	SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 56376C47096
	for <u-boot@archiver.kernel.org>; Sun,  6 Jun 2021 18:07:45 +0000 (UTC)
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 4DC926136D
	for <u-boot@archiver.kernel.org>; Sun,  6 Jun 2021 18:07:43 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4DC926136D
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id EFD0C814A4;
	Sun,  6 Jun 2021 20:07:39 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="BKt3UpMs";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 6777481CDE; Sun,  6 Jun 2021 20:07:38 +0200 (CEST)
Received: from mail-qt1-x835.google.com (mail-qt1-x835.google.com
 [IPv6:2607:f8b0:4864:20::835])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 0453380C58
 for <u-boot@lists.denx.de>; Sun,  6 Jun 2021 20:07:35 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=seanga2@gmail.com
Received: by mail-qt1-x835.google.com with SMTP id v6so2114748qta.9
 for <u-boot@lists.denx.de>; Sun, 06 Jun 2021 11:07:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=subject:to:cc:references:from:message-id:date:user-agent
 :mime-version:in-reply-to:content-language:content-transfer-encoding;
 bh=qpIid4/OgYL1sHOz92YhYtCTPmJ/nlFW6/4xmYl7Y6s=;
 b=BKt3UpMsogxNUPFIBZxAtkzaFKqiAj8Co0uBiaIVicXsKA2LdJY4dOHAPGdGL3xewy
 pT4060YhEdIlw5jxTCZx69jHa1tkw/5qvluPMaSjSqLShlbOrmIatBKoUXrLlFVjZtyU
 qQfZtNc4WA98kHfyWCKBGlePHPBGQT/xBWaD0n1fhpAebTklRekpN6a9hnukAJmiPaX/
 VxTdNhibLsQU4f0wXTJjum39mbyhe/gBXzUMjOA0h+QWrCeFdAmjRM0lnTbHKyPp6VZ9
 Rw2c76XlPcmuCgC0Tvbhx/L7/zm26WZg1L/aitekqbrPIa1DDdv15tuXjNwTA0lowmy2
 RZRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:subject:to:cc:references:from:message-id:date
 :user-agent:mime-version:in-reply-to:content-language
 :content-transfer-encoding;
 bh=qpIid4/OgYL1sHOz92YhYtCTPmJ/nlFW6/4xmYl7Y6s=;
 b=sZ26IU5LDK2+BUgrj2pgUDN0jD6X06XihNllbAZj3VmliuFbdlc7WXF16ZXDCJFQV0
 l9s7svyyVVE7N+PkkBKnysc9+5FXhRzV9z+852mBumjy8KlwMq8v0TIVUMmRZsH2tM/h
 x0L4ZOy+ZB+Yh0ASyeK1c/yW3kfkQSj+4UHu3kKBGoSO5MlqoU2m9WYaV0yqkfmhpWmX
 MF4P58BJwhe72uUdPQ6VL6adPGpgztt9ATC7jZQUH99Et+WxaoVoyEEw0gNv4ZBETCX4
 cFnDLPWJmiMcUL3td1vuk/84jKgKzklAYqgduJ6H8JmPiBreWe9pFXx5LU6LLbmMjD2G
 4JlA==
X-Gm-Message-State: AOAM531G+iFQ15xMwASl/yYiy9JDSZxBV5vIL733fp1dpCuJjjTWTGAE
 3yKXlEPS5SYtBjY3x2AlTn4=
X-Google-Smtp-Source: ABdhPJztFrJVFT891V2u7XlzIDwC57+HQSFP1hAREfl34RPVZSr1ZF8ZR8XTghlTq93x4LazqLCzJQ==
X-Received: by 2002:ac8:4654:: with SMTP id f20mr3681988qto.144.1623002852725; 
 Sun, 06 Jun 2021 11:07:32 -0700 (PDT)
Received: from [192.168.1.201] (pool-74-96-87-9.washdc.fios.verizon.net.
 [74.96.87.9])
 by smtp.googlemail.com with ESMTPSA id l7sm8106431qki.135.2021.06.06.11.07.31
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Sun, 06 Jun 2021 11:07:32 -0700 (PDT)
Subject: Re: [PATCH] sandbox: Support signal handling only when requested
To: Heinrich Schuchardt <xypron.glpk@gmx.de>, Simon Glass <sjg@chromium.org>
Cc: U-Boot Mailing List <u-boot@lists.denx.de>,
 Patrick Delaunay <patrick.delaunay@foss.st.com>
References: <20210322052102.2934066-1-sjg@chromium.org>
 <85383227-f24b-1c3f-1a4a-07318d7abd92@gmx.de>
 <CAPnjgZ2pKgFNqOMGbc6=oYGeTnJ3vbEruryHePvpZcEb34ih3g@mail.gmail.com>
 <CAPnjgZ1ZzEo9KhJk-rV1-MCuAKay56VAEKfJBOPJJ45ASoKjyA@mail.gmail.com>
 <a41a7168-ea68-f5db-e512-91a6dc7d6aec@gmx.de>
 <45bb6e1d-3661-f8be-ebc9-defb583add59@gmail.com>
 <88af3221-4386-ff8d-a06d-efec20ee72f7@gmx.de>
From: Sean Anderson <seanga2@gmail.com>
Message-ID: <dbbf97de-4793-d79e-e115-fe535f5fd4ba@gmail.com>
Date: Sun, 6 Jun 2021 14:07:31 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <88af3221-4386-ff8d-a06d-efec20ee72f7@gmx.de>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.102.4 at phobos.denx.de
X-Virus-Status: Clean

On 6/6/21 1:57 PM, Heinrich Schuchardt wrote:
> On 6/6/21 7:52 PM, Sean Anderson wrote:
>> On 6/6/21 1:28 PM, Heinrich Schuchardt wrote:
>>> On 6/6/21 6:44 PM, Simon Glass wrote:
>>>> Hi Heinrich,
>>>>
>>>> On Mon, 22 Mar 2021 at 18:56, Simon Glass <sjg@chromium.org> wrote:
>>>>>
>>>>> Hi Heinrich,
>>>>>
>>>>> On Mon, 22 Mar 2021 at 23:02, Heinrich Schuchardt
>>>>> <xypron.glpk@gmx.de> wrote:
>>>>>>
>>>>>> On 22.03.21 06:21, Simon Glass wrote:
>>>>>>> At present if sandbox crashes it prints a message and tries to
>>>>>>> exit. But
>>>>>>> with the recently introduced signal handler, it often seems to get
>>>>>>> stuck
>>>>>>> in a loop until the stack overflows:
>>>>>>>
>>>>>>> Segmentation violation
>>>>>>>
>>>>>>> Segmentation violation
>>>>>>>
>>>>>>> Segmentation violation
>>>>>>>
>>>>>>> Segmentation violation
>>>>>>>
>>>>>>> Segmentation violation
>>>>>>>
>>>>>>> Segmentation violation
>>>>>>>
>>>>>>> Segmentation violation
>>>>>>> ...
>>>>>>
>>>>>> Hello Simon,
>>>>>>
>>>>>> do you have a reproducible example? I never have seen this.
>>>>>
>>>>> https://source.denx.de/u-boot/custodians/u-boot-dm/-/jobs/242433
>>>>>
>>>>> You need to run that commit with pytest though...it does not happen
>>>>> when run directly.
>>>>>
>>>>> BTW this sems to expose some rather nasty bug in dlmalloc or how it is
>>>>> used. I notice that as soon as the first test is run, the 'top' value
>>>>> in dlmalloc is outside the range of the malloc pool, which seems
>>>>> wrong. I wonder if there is something broken with how
>>>>> dm_test_pre_run() and dm_test_post_run() work.
>>>>>
>>>>>>
>>>>>> Corrupting gd could cause an endless recursive loop, as these lines
>>>>>> follow printing the observed string:
>>>>>>
>>>>>>          printf("pc = 0x%lx, ", pc);
>>>>>>          printf("pc_reloc =0x%lx\n\n", pc - gd->reloc_off);
>>>>>
>>>>> Yes I suspect printf() is dead.
>>>>>
>>>>>>
>>>>>> If we remove SA_NODEFER from the signal mask in arch/sandbox/cpu/os.c,
>>>>>> recursion cannot occur anymore. If a segmentation violation occurs
>>>>>> inside the handler it will be delegated to the default handler.
>>>>>>
>>>>>> Furthermore we could consider removing the signal handler at the start
>>>>>> of os_signal_action().
>>>>>
>>>>> The issue is that if you get a segfault you really don't know if you
>>>>> can continue and do anything else.
>>>>>
>>>>> What is the goal with the signal handler? I don't think the user can
>>>>> do anything about it.
>>>
>>> Hello Simon,
>>>
>>> the signal handler prints out the crash location and this makes
>>> analyzing problems much easier. It proved valuable to me several times.
>>
>> Can't you just rerun with gdb?
> 
> This would require that the problem is easily reproducible which may not
> be the case.

Hm, perhaps you could keep track of how many times we've tried to catch a signal, and bail if this is the second time around. E.g. something like

static void os_signal_handler(int sig, siginfo_t *info, void *con)
{
	/* other variables */
	static int level = 0;

	switch (level++) {
	case 0:
		break;
	case 1:
		sandbox_exit();
	default:
		os_exit(0);
	}

	/* rest of the handler */
}

--Sean

> 
> Best regards
> 
> Heinrich
> 
>>
>>>
>>>>
>>>> I keep hitting this problem during development with sandbox, so I
>>>> think I need to apply this patch.
>>>>
>>>> Does anything need to be updated in the tests?
>>>>
>>>> Regards,
>>>> Simon
>>>>
>>>
>>> Did you try removing SA_NODEFER as proposed?
>>>
>>> Best regards
>>>
>>> Heinrich
>>
>>
>