From: Paul Eggert <eggert@cs.ucla.edu>
To: Bruno Haible <bruno@clisp.org>
Cc: bug-gnulib@gnu.org, Eric Blake <eblake@redhat.com>
Subject: Re: sigsegv, c-stack: Avoid compilation error with glibc >= 2.34
Date: Sat, 22 May 2021 22:12:22 -0700 [thread overview]
Message-ID: <226f42c0-1e9b-3fe0-791d-5487d19e1ca2@cs.ucla.edu> (raw)
In-Reply-To: <33099571.YkAmQK1H3J@omega>
On 5/22/21 3:59 PM, Bruno Haible wrote:
> Now, you are arguing "let's ignore whether programs use nested functions".
Not at all. All I'm saying is, stack-overflow handlers shouldn't call
via pointers to nested functions.
There are already several restrictions on stack-overflow handlers; for
example, you can't call 'exit'. A restriction against calling via
pointers to nested functions is just another restriction - one that's
easier to comply with than the 'exit' restriction, in my experience.
If stack-overflow handlers absolutely can't live without calling via
pointers to nested functions, one can work around the problem by
compiling with gcc -fno-trampolines. However, I don't recommend this -
just as there are a lot of other common features that I don't recommend
in stack-overflow handlers, such as recursion.
> It adds complexity to the calling program. The developer has to check whether
> their code uses nested functions.
Not all code, just stack-overflow handlers. It should be reasonable to
ask developers to do that, as stack-overflow handlers should be simple
and easy to audit anyway.
> - The current POSIX specifies a constant SIGSTKSZ,
> - Eric Blake is proposing that POSIX drops the constant-ness, and that
> SIGSTKSZ becomes a macro that merely expands to an expression. [2]
It's more than that. glibc has already changed to drop the
constant-ness. Gnulib should of course be portable to POSIX, but it's
even more important for Gnulib to be portable to GNU.
> being close to POSIX would mean to use SIGSTKSZ for the allocation
> of an alternate stack, most likely through malloc.
That would also be a reasonable change to the test cases. I didn't do
that, partly because I thought it simpler just to allocate an enormous
alternate signal stack, partly because I wasn't yet entirely clear on
exactly when malloc is bad for allocating alternate signal stacks so I
wanted to avoid malloc entirely. But if you'd prefer that the test cases
use malloc I can rewrite them to do that.
> it would have been more maintainable to write
>
> /* SIGSTKSZ can no longer be guaranteed to be a constant. Until POSIX
> clarifies it, use a large constant anyway. */
> #undef SIGSTKSZ
> #define SIGSTKSZ (1 << 24)
The code I wrote attempted to do the right thing even on (hypothetical)
platforms where MINSIGSTKSZ exceeds 1<<24. A simple #undef/#define
wouldn't do that. Again, using malloc should fix this issue in a less
hoggish way.
> 3) The approach you used now, to use a 16 MB space for sigaltstack(),
> is not portable to multithreaded situations. For example, I have a test
> program (attached) that I consider to add as a unit test to gnulib.
> It uses stack space from the thread itself as alternate signal stack.
> That is a perfectly natural thing to do, because
> - the permissions of the alternate stack are automatically right,
> - this alternate stack gets deallocated automatically when the thread
> dies (no memory leak).
> But allocating 16 MB on a thread's stack is not portable. On Solaris/SPARC,
> the main thread's size is only 8 MB.
The code I wrote didn't have to (and didn't) attempt to address this
scenario. For something like that, have you looked at Florian Weimer's
recent <sys/cstack.h> proposal for glibc
<https://sourceware.org/pipermail/libc-alpha/2021-May/126605.html>? If
that API is added to glibc and can be simulated by Gnulib well-enough on
other platforms, that should be a good way to address the problem that
you mention.
next prev parent reply other threads:[~2021-05-23 5:12 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-17 0:33 sigsegv, c-stack: Avoid compilation error with glibc >= 2.34 Bruno Haible
2021-05-17 2:45 ` Paul Eggert
2021-05-18 17:34 ` Bruno Haible
2021-05-21 22:49 ` Paul Eggert
2021-05-22 22:59 ` Bruno Haible
2021-05-23 5:12 ` Paul Eggert [this message]
2021-05-23 12:14 ` Bruno Haible
2021-05-24 2:40 ` Paul Eggert
2021-05-24 10:37 ` Bruno Haible
2021-05-23 0:00 ` sigsegv.h interface Bruno Haible
2021-05-23 5:14 ` Paul Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.gnu.org/mailman/listinfo/bug-gnulib
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=226f42c0-1e9b-3fe0-791d-5487d19e1ca2@cs.ucla.edu \
--to=eggert@cs.ucla.edu \
--cc=bruno@clisp.org \
--cc=bug-gnulib@gnu.org \
--cc=eblake@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).