From: Laszlo Ersek <lersek@redhat.com>
To: Max Filippov <jcmvbkbc@gmail.com>
Cc: "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] audit needed for signal handlers
Date: Tue, 12 Nov 2013 13:24:40 +0100 [thread overview]
Message-ID: <52821E08.8030508@redhat.com> (raw)
In-Reply-To: <CAMo8Bf+jJuArKvjSTi5wj5HqWkYSVZwmY7YCctJrtOh1qK55Xg@mail.gmail.com>
On 11/11/13 19:03, Max Filippov wrote:
> On Mon, Nov 11, 2013 at 8:50 PM, Eric Blake <eblake@redhat.com> wrote:
>> Quick - identify the bug in this code (from ui/curses.c):
>>
>> static void curses_winch_handler(int signum)
>> {
>> struct winsize {
>> unsigned short ws_row;
>> unsigned short ws_col;
>> unsigned short ws_xpixel; /* unused */
>> unsigned short ws_ypixel; /* unused */
>> } ws;
>>
>> /* terminal size changed */
>> if (ioctl(1, TIOCGWINSZ, &ws) == -1)
>
> An unsafe function is called in a signal. See man 7 signal,
> section 'Async-signal-safe functions'. This should be avoided.
>
>> return;
>>
>> resize_term(ws.ws_row, ws.ws_col);
>> curses_calc_pad();
>> invalidate = 1;
>>
>> /* some systems require this */
>> signal(SIGWINCH, curses_winch_handler);
>> }
>>
>> Here's a hint: ioctl() can clobber errno.
>
> I believe it cannot, at least in linux, as technically the signal
> handler is always called in a new thread, specifically created
> to only handle that signal, and errno should be thread-local.
That's incorrect (*). The handler runs on a new *stack frame*, but
inside the same thread. You can specify an alternate stack for signal
handlers to run on in advance (see SA_ONSTACK / sigaltstack()), in which
case the new stack frame will be "allocated" there. Otherwise the system
will just use the normal stack. The handler indeed runs like an
"unexpected", "out-of-the-blue" normal function call.
It is actually pretty vital that the handler is run by the specific
thread that the signal has been delivered to.
(*) Example code (not a correct/portable program due to the race on
"errno", but it does disprove the idea that errno is "protected" on Linux):
#define _XOPEN_SOURCE 600
#include <unistd.h>
#include <errno.h>
#include <signal.h>
#include <stdio.h>
static void ringring(int signum)
{
errno = -12;
}
int main(void)
{
sigaction(SIGALRM,
&(struct sigaction){ .sa_handler = &ringring },
NULL);
alarm(1);
errno = 0;
/* pause() would clobber errno */
while (errno == 0)
;
printf("%d\n", errno);
return 0;
}
Thanks
Laszlo
prev parent reply other threads:[~2013-11-12 12:22 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-11 16:50 [Qemu-devel] audit needed for signal handlers Eric Blake
2013-11-11 16:56 ` Anthony Liguori
2013-11-11 17:03 ` Eric Blake
2013-11-11 17:05 ` Paolo Bonzini
2013-11-11 17:08 ` Eric Blake
2013-11-11 17:11 ` Paolo Bonzini
2013-11-11 17:13 ` Peter Maydell
2013-11-11 17:22 ` Eric Blake
2013-11-11 17:47 ` Paolo Bonzini
2013-11-12 8:18 ` Gerd Hoffmann
2013-11-12 12:07 ` Laszlo Ersek
2013-11-11 17:11 ` Peter Maydell
2013-11-11 18:03 ` Max Filippov
2013-11-12 12:24 ` Laszlo Ersek [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52821E08.8030508@redhat.com \
--to=lersek@redhat.com \
--cc=jcmvbkbc@gmail.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).