From: Szabolcs Nagy <nsz@port70.net>
To: musl@lists.openwall.com
Subject: Re: Conditional signal safety?
Date: Sat, 29 Jun 2019 11:33:47 +0200 [thread overview]
Message-ID: <20190629093347.GQ16415@port70.net> (raw)
In-Reply-To: <20190629055405.GA22788@voyager>
* Markus Wichmann <nullplan@gmx.net> [2019-06-29 07:54:05 +0200]:
> Hi all,
>
> at work yesterday I had to build an exception handler (a signal handler
> for SIGSEGV, SIGBUS, SIGILL, and SIGFPE). For my purposes, it was really
> convenient to just use dladdr() to find out at least what module and
> function PC and LR were pointing to when the exception happened, so I
> used that function.
>
> Now, dladdr() is not on the list of signal safe functions, but then,
> dladdr() is a GNU extension. I wondered if it is signal safe and noticed
> that at least musl's implementation is, provided that dlopen() was not
> the function that was pre-empted. That got me thinking: Is there such a
> thing as "conditional signal safety"?
>
> dladdr() takes a rwlock in read mode. At the moment, this means it can
> only block if the lock is write locked, which only dlopen() will ever
> do. dladdr() does nothing else that would impede signal safety. But of
> course, these are implementation details. What is actually defined about
> the interface?
note that the signals you handle (SIGSEGV, SIGBUS, SIGILL, SIGFPE)
are usually not asynchronous but happen at particular instructions.
dlopen does not hold locks while it runs user code, so you only
have issues if the dlopen code itself faults (which can happen e.g.
when invalid arguments are passed to it) so indeed in practice you
may get away with dladdr in the signal handler (e.g. if you know
dlopen won't fault).
in theory this does not help: the only concept the libc defines and
guarantees is async-signal-safety and dladdr is not as-safe so it
may do arbitrary non-as-safe operations, not just taking a dlopen
lock, and conversely arbitrary non-as-safe libc apis may take the
dlopen lock internally.
(btw this is why unwinding from a signal handler does not work
reliably even if there are async unwind tables in the binary: the
unwinder has to look up those tables for a particular elf module
the pc is in and this mechanism needs to synchronize with dlopen
which is currently not lock free and thus can deadlock.)
>
> Ciao,
> Markus
next prev parent reply other threads:[~2019-06-29 9:33 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-29 5:54 Markus Wichmann
2019-06-29 9:33 ` Szabolcs Nagy [this message]
2019-06-29 16:49 ` Rich Felker
2019-07-01 4:21 ` Florian Weimer
2019-07-01 14:06 ` Rich Felker
2019-07-01 15:55 ` Florian Weimer
2019-07-01 16:13 ` Rich Felker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190629093347.GQ16415@port70.net \
--to=nsz@port70.net \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).