This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Consensus on MT-, AS- and AC-Safety docs.

On 11/29/2013 04:04 PM, Rich Felker wrote:
On Fri, Nov 29, 2013 at 12:21:02AM -0500, Carlos O'Donell wrote:
All we need to do is extend the kernel infrastructure to create
a signal entry trampoline like it does for signal return. This isn't
impossible, but requires work. The objections are probably about the
cost of the extra instructions in the entry of the signal handler,
which I think are invalid given the amount of code that runs in the
kernel to deliver the signal. Saving errno isn't that much more
expensive relative to all the other work to deliver the signal.

This would be non-conforming. POSIX permits writing errno from a
signal handler (in fact, it requires all the standard functions to
write to it), and therefore, the code interrupted by the signal
handler can see the changed errno.

I disagree. POSIX requires that saving a value to errno is async-signal-safe, and also requires that any libc function can be interrupted by a signal handler which consists only of async-signal-safe operations and still execute as specified by POSIX. I see two ways of ensuring that: do not use errno-based error handling inside libc, or restore errno on exit from the signal handler. I doubt that this was intended.

I think it's fair to say that POSIX leaves the interaction of errno and signals unspecified.

Florian Weimer / Red Hat Product Security Team

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]