From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38712) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VfuhV-0007qK-Di for qemu-devel@nongnu.org; Mon, 11 Nov 2013 11:51:02 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VfuhQ-000528-Fy for qemu-devel@nongnu.org; Mon, 11 Nov 2013 11:50:57 -0500 Received: from mx1.redhat.com ([209.132.183.28]:24180) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VfuhQ-00051r-89 for qemu-devel@nongnu.org; Mon, 11 Nov 2013 11:50:52 -0500 Received: from int-mx12.intmail.prod.int.phx2.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rABGooAj017321 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 11 Nov 2013 11:50:50 -0500 Received: from [10.3.113.112] (ovpn-113-112.phx2.redhat.com [10.3.113.112]) by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id rABGoolH000684 for ; Mon, 11 Nov 2013 11:50:50 -0500 Message-ID: <52810AEA.5020806@redhat.com> Date: Mon, 11 Nov 2013 09:50:50 -0700 From: Eric Blake MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="cx78WVHCwKmwl4DcIwcX9R7A36xjMm8OX" Subject: [Qemu-devel] audit needed for signal handlers List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "qemu-devel@nongnu.org" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --cx78WVHCwKmwl4DcIwcX9R7A36xjMm8OX Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Quick - identify the bug in this code (from ui/curses.c): static void curses_winch_handler(int signum) { struct winsize { unsigned short ws_row; unsigned short ws_col; unsigned short ws_xpixel; /* unused */ unsigned short ws_ypixel; /* unused */ } ws; /* terminal size changed */ if (ioctl(1, TIOCGWINSZ, &ws) =3D=3D -1) return; resize_term(ws.ws_row, ws.ws_col); curses_calc_pad(); invalidate =3D 1; /* some systems require this */ signal(SIGWINCH, curses_winch_handler); } Here's a hint: ioctl() can clobber errno. But if a signal handler is called in the middle of other code that is using errno, then the handler MUST restore the value of errno before returning, if it is to guarantee that the interrupted context won't be corrupted. More reading on the topic: https://plus.google.com/+LennartPoetteringTheOneAndOnly/posts/gHSscCJkakd= I have not done a full audit of qemu's signal handlers, so much as a quick look to see if I could find violations; it was surprisingly easy to find a bad example. A signal handler that resets the signal to SIG_DFL then calls raise() is exempt from caring about errno, but any signal handler that can fall through to the end and return execution to the caller MUST ensure that errno is left unchanged, for errno to be useful in the remaining body of code. Which is why the best signal handlers tend to be the one that only flag a volatile variable that is later checked at safe points of execution, rather than trying to make complex calls from within the handler context. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --cx78WVHCwKmwl4DcIwcX9R7A36xjMm8OX Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSgQrqAAoJEKeha0olJ0NqXnoIAInXd4yAE8coJ6v8dQS37YPS Rg3IcSAaia8yvicx26yR0TCfSDvLf9QJa3pg8d2mD6SiicqIWk6OPFdd43O5S/Va pVvPVKSzGH/jvfv5SKaptS+/HMJJ86O2uHydY3AkzIkFhVqWqJbfSYaiBgRJRV9o E/plhVdv4TrRSr8Xyc/s7WObzTHhm9Hty9Odl7TZeIqn3GKQmhK5UVPOqLN0def5 +j03/2N0gW6rnhFuYM8mgpByq9ejURFgnaB4diGTM1DTltTfGMqAYB4W5RuCENyx Tpl5SGRHvnSCBxQpcFXGKTngZTX8hPM1pnh8gtvxif7uXvyYW5OL2WTwtzJDtS0= =Gf8s -----END PGP SIGNATURE----- --cx78WVHCwKmwl4DcIwcX9R7A36xjMm8OX--