This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 4/5] linux: Optimize posix_spawn spurious sigaction calls
- From: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>
- To: Florian Weimer <fweimer at redhat dot com>
- Cc: libc-alpha at sourceware dot org
- Date: Mon, 7 Oct 2019 14:50:56 -0300
- Subject: Re: [PATCH 4/5] linux: Optimize posix_spawn spurious sigaction calls
- References: <20190731183136.21545-1-adhemerval.zanella@linaro.org> <20190731183136.21545-4-adhemerval.zanella@linaro.org> <875zmg9xjr.fsf@oldenburg2.str.redhat.com> <4266b563-5433-8bb9-78a2-af0ff14cab59@linaro.org> <87ftlj6k69.fsf@oldenburg2.str.redhat.com> <c38546d4-1349-edfc-1d74-33f024cdf8cb@linaro.org> <87v9uavnzs.fsf@oldenburg2.str.redhat.com> <95503672-bc82-c0bc-0a30-5724644b0037@linaro.org>
Florian, do you still hold objection to this patch?
On 02/09/2019 16:47, Adhemerval Zanella wrote:
>
>
> On 02/09/2019 10:14, Florian Weimer wrote:
>> * Adhemerval Zanella:
>>
>>> The problem is in fact false negatives, where posix_spawn will get a mask
>>> *without* the bit set, but with a set signal disposition.
>>
>> Hmm. Right. Incidentally, the Go routine should be fine with that:
>>
>> | // When using cgo, call the C library for sigaction, so that we call into
>> | // any sanitizer interceptors. This supports using the memory
>> | // sanitizer with Go programs. The memory sanitizer only applies to
>> | // C/C++ code; this permits that code to see the Go runtime's existing signal
>> | // handlers when registering new signal handlers for the process.
>> |
>> | //go:cgo_import_static x_cgo_sigaction
>> | //go:linkname x_cgo_sigaction x_cgo_sigaction
>> | //go:linkname _cgo_sigaction _cgo_sigaction
>> | var x_cgo_sigaction byte
>> | var _cgo_sigaction = &x_cgo_sigaction
>>
>> libjsig also keeps calling to glibc.
>>
>> Is there anything else we should check?
>
> No idea, my take on that is once you start to calling syscall directly
> where libbc provide a wrapper you are in your own. We had a similar
> discussing with clone usage by some container applications and their
> expectation regarding libc internal state afterwards.
>
>>
>>> In fact I think due the syscall, even relaxed operations would work
>>> (since the syscall acts a strong memory barrier).
>>
>> Only as a signal fence, not a thread fence. Some architectures can even
>> keep cache inconsistency across fork system calls.
>>
>> I find it a bit counter-intuitive that calling sigaction or signal
>> directly without the glibc wrappers could lead to data corruption, even
>> when done for standard signals such as SIGINT. But that's what's going
>> to happen with this change, unfortunately.
>
> What is counter-intuitive imho is to rely on libc to keep its internal
> consistency by bypassing it. This might be even worse if glibc start to
> wrapper the signal handler as a way to implement BZ#19702, for instance.
>
> One thing we may do it to make it clean on manual that an application is
> *not* expect to call sigaction using syscall().
>
>>
>>>>>> I wonder if we can get kernel support for this in the new clone system
>>>>>> call with more flags. Then we don't have to complicate the sigaction
>>>>>> implementation.
>>>>>
>>>>> Maybe a CLONE_RESET_SIGNALS where the cloned process sets its signal
>>>>> disposition to default SIG_IGN/SIG_DFL values may help us here. However
>>>>> afaik clone now is out of space on 'flags' for newer ones (it already
>>>>> defines 24 flags plus it reserve 8 bits for signal to be sent at process
>>>>> exit) and it would take time to use this feature on glibc.
>>>>
>>>> Christian Brauner has been working on fixing this.
>>>
>>> Which strategy he is proposing? Even with proper kernel support, it would
>>> take time to enable glibc to use it.
>>
>> Lots of flag arguments, with the reset of the arguments located
>> indirectly via a pointer argument.
>>
>> For a pure optimization, I think it's not too bad to require kernel
>> backports of system calls.
>>
>> Thanks,
>> Florian
>>