bin/75258: [patch] dd(1) has not async signal safe interrupt
handlers
Oleg V. Nauman
oleg at reis.zp.ua
Mon Dec 27 14:03:41 PST 2004
On Fri, Dec 24, 2004 at 02:22:19AM +1100, Bruce Evans wrote:
> On Sun, 19 Dec 2004, Oleg V. Nauman wrote:
>
> > On Sun, Dec 19, 2004 at 06:11:06PM +0300, Maxim Konovalov wrote:
> > > [...]
> > > > >Description:
> > > > dd(1) uses not safe interrupt handlers, they may leads to
> > > > strange problems with dd
> > >=20
> > > Are you sure? Do you have a testcase?
> >
> > No, sorry.
>
> However, the patch in the PR would cause strange problems like breaking
> termination of dd when the input is from certain slow devices, e.g.,
> terminals. Input is normally restarted after a signal, so just setting
> a flag in the signal handler normally doesn't work. Most "fixes" for
> unsafe signal handling get this wrong. To get this right, something
> like the following must be done:
> - use sigaction() without SA_RESTART instead of signal(), or use
> siginterrupt() to turn off SA_RESTART. I've only seen this done
> right for fixing unsafe signal handling in ping(8) I've seen it
> done wrong in top(1) (try hitting ^C in command mode in top).
> - handle the resulting EINTR errors from all syscalls that may now
> fail with this error instead of being restarted. This is difficult
> or impossible in large programs. If the signal is checked for and
> acted on after every EINTR, then you have the same problem as acting
> on it directly in signal handlers (the syscall might be in a context
> that doesn't or shouldn't know if it is safe to act), plus
> maintainence problems for checking and acting all over. If the
> acton is delayed, then the program must somehow be structured to
> ensure that control is passed up to a level that can safely act;
> in particular, no more syscalls that might block can be made. I
> suppose the latter could be implemented simply but laboriously by
> wrapping all syscalls with
> { if (signalflag) { errno = EINTR; return (-1); } else { normalcall(); }.
Thank you for your feedback. It looks like I'm could write much more
better patch :)
>
> > >=20
> > > > >How-To-Repeat:
> > > >
> > > > man 2 sigaction
> > >=20
> > > Well, stdio(3) is not signal-safe in general but it seems for me
> > > summary() does not manipulate with the internal state of any file
> > > descriptors (it uses write(2)) and should be safe.
> >
> > But s*printf() family uses malloc(3) for his internal purposes,
> > and there is no any reasons for things like memory allocations in
> > the signal handler, I think.
>
> s*printf() needs to be signal-safe in practice. It is careful to use
> only local storage for this reason. Only asprintf() uses malloc().
It looks like snprintf() calls __vfprintf(), which calls __wcsconv()
and __find_arguments() (/usr/src/lib/libc/stdio/vfprintf.c on my
RELENG_5 system)
These functions directly calls malloc() (without counts how many
calls indirectly)
>
> summary() is obviously attempting to be signal-safe (even in rev.1.1).
> It avoids using printf() but depends on snprintf() being signal safe
> since the formatting would be too hard otherwise.
>
> Bruce
--
NO37-RIPE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 292 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-bugs/attachments/20041228/110668d1/attachment.bin
More information about the freebsd-bugs
mailing list