From: Florian Weimer <fweimer@redhat.com>
To: Zack Weinberg <zackw@panix.com>
Cc: "Carlos O'Donell" <carlos@redhat.com>,
GNU C Library <libc-alpha@sourceware.org>
Subject: Re: Removing longjmp error handling from the dynamic loader
Date: Mon, 11 Mar 2019 18:08:08 +0100 [thread overview]
Message-ID: <87d0mxwd8n.fsf@oldenburg2.str.redhat.com> (raw)
In-Reply-To: <CAKCAbMgRUyev0N1Q9Leh2V5PWteb6SBO01Eh_18+GtC6pva=7Q@mail.gmail.com> (Zack Weinberg's message of "Mon, 11 Mar 2019 12:53:11 -0400")
* Zack Weinberg:
> On Mon, Mar 11, 2019 at 12:13 PM Carlos O'Donell <carlos@redhat.com> wrote:
>> On 3/11/19 11:29 AM, Florian Weimer wrote:
>> > It requires moving the unwinder implementation from libgcc_s to libc,
>> > though. The last time we discussed this (related to unwinder
>> > performance issues and the dl_iterate_phdr interface), this idea was not
>> > well-received.
>>
>> It might still be the best technical choice.
>> I do not think we should discard this idea so easily.
>> Why wouldn't we pursue this option?
>
> I haven't thought about this much, but I don't like the idea of
> increasing the set of functions potentially executed during symbol
> resolution to the tune of the entire unwinder, because of the unusual
> constraints on code executed in that context (e.g. must not take
> locks, must protect itself from cancellation, must not touch the
> normal errno).
This is a good point which I had not considered.
My position is that errors during symbol resolution in lazy binding are
never recoverable. If the error is not recoverable, there is no need to
do any unwinding at all. We currently get this wrong for init/fini
(bug 24304).
Rich Felker brought up this matter in conjunction with IFUNC resolvers.
These can be called during relocation processing (from dlopen) or lazy
binding, when they themselves trigger lazy binding. I think these
errors should not be recoverable, either, whether they happen during
relocation processing or lazy binding. But there is a narrow edge case
(IFUNC resolver called during relocation processing which triggers lazy
binding which fails in symbol lookup) where we actually have user code
(the IFUNC resolver) on the stack, and we would have to unwind through
the trampoline/IFUNC resolver/dlopen sequence if wanted to make this
error recoverable. (Which I think we should not do, but the discussion
is still open.)
But even that edge case only happens after dlopen, so at least it's not
in an async-signal-safe context. But the user stack frame pretty much
kills the DWARF-based unwinding approach if it's something we need to
support.
Thanks,
Florian
next prev parent reply other threads:[~2019-03-11 17:08 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-05 16:37 Removing longjmp error handling from the dynamic loader Florian Weimer
2019-03-06 15:40 ` Rich Felker
2019-03-07 14:03 ` Adhemerval Zanella
2019-03-11 13:45 ` Florian Weimer
2019-03-11 22:52 ` Rich Felker
2019-03-12 10:30 ` Florian Weimer
2019-03-12 12:00 ` Szabolcs Nagy
2019-03-11 14:07 ` Carlos O'Donell
2019-03-11 15:29 ` Florian Weimer
2019-03-11 16:13 ` Carlos O'Donell
2019-03-11 16:53 ` Zack Weinberg
2019-03-11 17:08 ` Florian Weimer [this message]
2019-03-11 18:39 ` Zack Weinberg
2019-03-11 18:49 ` Florian Weimer
2019-03-11 18:39 ` Florian Weimer
2019-03-11 19:30 ` Carlos O'Donell
2019-03-13 15:51 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/libc/involved.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87d0mxwd8n.fsf@oldenburg2.str.redhat.com \
--to=fweimer@redhat.com \
--cc=carlos@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=zackw@panix.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).