From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-Status: No, score=-3.9 required=3.0 tests=AWL,BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_PASS, SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 2010B1F4B4 for ; Thu, 1 Oct 2020 14:55:39 +0000 (UTC) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 3183E3987930; Thu, 1 Oct 2020 14:55:38 +0000 (GMT) Received: from brightrain.aerifal.cx (brightrain.aerifal.cx [216.12.86.13]) by sourceware.org (Postfix) with ESMTPS id 24A4D398581A for ; Thu, 1 Oct 2020 14:55:35 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 24A4D398581A Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=libc.org Authentication-Results: sourceware.org; spf=none smtp.mailfrom=dalias@libc.org Date: Thu, 1 Oct 2020 10:55:34 -0400 From: Rich Felker To: Carlos O'Donell Subject: Re: [musl] Re: [PATCH] Make abort() AS-safe (Bug 26275). Message-ID: <20201001145533.GO17637@brightrain.aerifal.cx> References: <20200927141952.121047-1-carlos@redhat.com> <871rinm1fx.fsf@mid.deneb.enyo.de> <20200928234833.GC17637@brightrain.aerifal.cx> <87d025jcn0.fsf@mid.deneb.enyo.de> <20200929144207.GD17637@brightrain.aerifal.cx> <20201001023018.GL17637@brightrain.aerifal.cx> <87o8lmeaw7.fsf@mid.deneb.enyo.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Carlos O'Donell via Libc-alpha , Florian Weimer , musl@lists.openwall.com Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" On Thu, Oct 01, 2020 at 10:49:42AM -0400, Carlos O'Donell wrote: > On 10/1/20 2:08 AM, Florian Weimer wrote: > > * Rich Felker: > > > >> Even without fork, execve and posix_spawn can also see the SIGABRT > >> disposition change made by abort(), passing it on to a process that > >> should have started with a disposition of SIG_IGN if you hit exactly > >> the wrong spot in the race. > > > > My feeling is that it's not worth bothering with this kind of leakage. > > We've had this bug forever in glibc, and no one has complained about > > it. > > > > Carlos is investigating removal of the abort lock from glibc, I think. > > I am investigating the removal, but I think the replacement solution > might be needing to have a helper thread carry out specific tasks. I'm confused what a helper thread could achieve here. The underlying problem is that the kernel forces CLONE_SIGHAND on threads (EINVAL without it) so that the disposition can't be changed in a thread-local manner. Any new thread would have that same issue. It also would not be something you could reliably create at abort time (especially since abort is most often used on resource exhaustion and other unexpected failures). Rich