From: Eric Blake <eblake@redhat.com>
To: "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>
Subject: [Qemu-devel] audit needed for signal handlers
Date: Mon, 11 Nov 2013 09:50:50 -0700 [thread overview]
Message-ID: <52810AEA.5020806@redhat.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1747 bytes --]
Quick - identify the bug in this code (from ui/curses.c):
static void curses_winch_handler(int signum)
{
struct winsize {
unsigned short ws_row;
unsigned short ws_col;
unsigned short ws_xpixel; /* unused */
unsigned short ws_ypixel; /* unused */
} ws;
/* terminal size changed */
if (ioctl(1, TIOCGWINSZ, &ws) == -1)
return;
resize_term(ws.ws_row, ws.ws_col);
curses_calc_pad();
invalidate = 1;
/* some systems require this */
signal(SIGWINCH, curses_winch_handler);
}
Here's a hint: ioctl() can clobber errno. But if a signal handler is
called in the middle of other code that is using errno, then the handler
MUST restore the value of errno before returning, if it is to guarantee
that the interrupted context won't be corrupted.
More reading on the topic:
https://plus.google.com/+LennartPoetteringTheOneAndOnly/posts/gHSscCJkakd
I have not done a full audit of qemu's signal handlers, so much as a
quick look to see if I could find violations; it was surprisingly easy
to find a bad example. A signal handler that resets the signal to
SIG_DFL then calls raise() is exempt from caring about errno, but any
signal handler that can fall through to the end and return execution to
the caller MUST ensure that errno is left unchanged, for errno to be
useful in the remaining body of code. Which is why the best signal
handlers tend to be the one that only flag a volatile variable that is
later checked at safe points of execution, rather than trying to make
complex calls from within the handler context.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 621 bytes --]
next reply other threads:[~2013-11-11 16:51 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-11 16:50 Eric Blake [this message]
2013-11-11 16:56 ` [Qemu-devel] audit needed for signal handlers Anthony Liguori
2013-11-11 17:03 ` Eric Blake
2013-11-11 17:05 ` Paolo Bonzini
2013-11-11 17:08 ` Eric Blake
2013-11-11 17:11 ` Paolo Bonzini
2013-11-11 17:13 ` Peter Maydell
2013-11-11 17:22 ` Eric Blake
2013-11-11 17:47 ` Paolo Bonzini
2013-11-12 8:18 ` Gerd Hoffmann
2013-11-12 12:07 ` Laszlo Ersek
2013-11-11 17:11 ` Peter Maydell
2013-11-11 18:03 ` Max Filippov
2013-11-12 12:24 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52810AEA.5020806@redhat.com \
--to=eblake@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).