From: Bruno Haible <bruno@clisp.org>
To: Paul Eggert <eggert@cs.ucla.edu>
Cc: bug-gnulib@gnu.org, Eric Blake <eblake@redhat.com>
Subject: Re: sigsegv, c-stack: Avoid compilation error with glibc >= 2.34
Date: Sun, 23 May 2021 14:14:16 +0200 [thread overview]
Message-ID: <1908880.QXOAEIHH3n@omega> (raw)
In-Reply-To: <226f42c0-1e9b-3fe0-791d-5487d19e1ca2@cs.ucla.edu>
[-- Attachment #1: Type: text/plain, Size: 1827 bytes --]
Paul Eggert wrote:
> > Now, you are arguing "let's ignore whether programs use nested functions".
>
> Not at all. All I'm saying is, stack-overflow handlers shouldn't call
> via pointers to nested functions.
>
> There are already several restrictions on stack-overflow handlers; for
> example, you can't call 'exit'. A restriction against calling via
> pointers to nested functions is just another restriction - one that's
> easier to comply with than the 'exit' restriction, in my experience.
I agree that these handlers are _usually_ small and don't have nested
functions. But a restriction is a restriction, and should be documented
as such. Find attached a proposed patch.
> If stack-overflow handlers absolutely can't live without calling via
> pointers to nested functions, one can work around the problem by
> compiling with gcc -fno-trampolines.
No, "gcc -fno-trampolines" doesn't get rid of the need to have an executable
stack. In the attached sample code gcc-closure.c, GCC 11.1 produces identical
code with "gcc -fno-trampolines" than with "gcc -ftrampolines".
> > being close to POSIX would mean to use SIGSTKSZ for the allocation
> > of an alternate stack, most likely through malloc.
>
> That would also be a reasonable change to the test cases. I didn't do
> that, partly because I thought it simpler just to allocate an enormous
> alternate signal stack, partly because I wasn't yet entirely clear on
> exactly when malloc is bad for allocating alternate signal stacks so I
> wanted to avoid malloc entirely. But if you'd prefer that the test cases
> use malloc I can rewrite them to do that.
Thanks for the offer. I think we should get clarity first, regarding which
of the three approaches (static allocation, malloc, alloca) is preferrable.
I'll try to write documentation for it.
Bruno
[-- Attachment #2: c-stack-doc.diff --]
[-- Type: text/x-patch, Size: 849 bytes --]
diff --git a/lib/c-stack.h b/lib/c-stack.h
index 56d74f1..8bf773c 100644
--- a/lib/c-stack.h
+++ b/lib/c-stack.h
@@ -34,8 +34,10 @@
A null ACTION acts like an action that does nothing.
ACTION must be async-signal-safe. ACTION together with its callees
- must not require more than 64 KiB of stack space. Also,
- ACTION should not call longjmp, because this implementation does
+ must not require more than 64 KiB of stack space. ACTION must not create
+ nested functions <https://gcc.gnu.org/onlinedocs/gcc/Nested-Functions.html>,
+ because this implementation does not guarantee an executable stack.
+ Also, ACTION should not call longjmp, because this implementation does
not guarantee that it is safe to return to the original stack.
This function may install a handler for the SIGSEGV signal or for the SIGBUS
[-- Attachment #3: gcc-closure.c --]
[-- Type: text/x-csrc, Size: 697 bytes --]
/* Test whether a lexical closure created by GCC requires an executable stack.
Compile this file with
cross <target> gcc -O2 -S -fomit-frame-pointer gcc-closure.c
*/
extern int callback (void (*) (void));
int foo (void)
{
int x = 0;
void increment_x (void) { x++; }
callback (increment_x);
return x;
}
/* Result:
i386 yes
x86_64 yes
m68k yes
mips yes
mips64 yes
sparc yes
sparc64 yes
alpha yes
hppa ?
hppa64 ?
arm yes
arm64 yes
powerpc no
powerpc64 no
powerpc64-elfv2 no
ia64 no
s390 yes
s390x yes
riscv32 yes
riscv64 yes
*/
next prev parent reply other threads:[~2021-05-23 15:05 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-17 0:33 sigsegv, c-stack: Avoid compilation error with glibc >= 2.34 Bruno Haible
2021-05-17 2:45 ` Paul Eggert
2021-05-18 17:34 ` Bruno Haible
2021-05-21 22:49 ` Paul Eggert
2021-05-22 22:59 ` Bruno Haible
2021-05-23 5:12 ` Paul Eggert
2021-05-23 12:14 ` Bruno Haible [this message]
2021-05-24 2:40 ` Paul Eggert
2021-05-24 10:37 ` Bruno Haible
2021-05-23 0:00 ` sigsegv.h interface Bruno Haible
2021-05-23 5:14 ` Paul Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.gnu.org/mailman/listinfo/bug-gnulib
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1908880.QXOAEIHH3n@omega \
--to=bruno@clisp.org \
--cc=bug-gnulib@gnu.org \
--cc=eblake@redhat.com \
--cc=eggert@cs.ucla.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).