Message ID | 20210617125241.1415287-1-adhemerval.zanella@linaro.org |
---|---|
State | New |
Headers | show |
Series | nptl: Use SA_RESTART for SIGCANCEL handler | expand |
On Jun 17 2021, Adhemerval Zanella via Libc-alpha wrote: > diff --git a/nptl/pthread_cancel.c b/nptl/pthread_cancel.c > index 0698cd2046..cc25ff21f3 100644 > --- a/nptl/pthread_cancel.c > +++ b/nptl/pthread_cancel.c > @@ -72,7 +72,11 @@ __pthread_cancel (pthread_t th) > { > struct sigaction sa; > sa.sa_sigaction = sigcancel_handler; > - sa.sa_flags = SA_SIGINFO; > + /* The signal handle should be non-interruptible to avoid the risk of The signal handler should be non-interrupting Andreas.
On 17/06/2021 10:03, Andreas Schwab wrote: > On Jun 17 2021, Adhemerval Zanella via Libc-alpha wrote: > >> diff --git a/nptl/pthread_cancel.c b/nptl/pthread_cancel.c >> index 0698cd2046..cc25ff21f3 100644 >> --- a/nptl/pthread_cancel.c >> +++ b/nptl/pthread_cancel.c >> @@ -72,7 +72,11 @@ __pthread_cancel (pthread_t th) >> { >> struct sigaction sa; >> sa.sa_sigaction = sigcancel_handler; >> - sa.sa_flags = SA_SIGINFO; >> + /* The signal handle should be non-interruptible to avoid the risk of > > The signal handler should be non-interrupting Ack, I fixed it locally.
* Adhemerval Zanella via Libc-alpha: > The usage of signals to implementation pthread cancellation is an > implementation detail and should not be visible through cancellation > entrypoints. > > However now that pthread_cancel always send the SIGCANCEL, some > entrypoint might be interruptable and return EINTR to the caller > (for instance on sem_wait). > > Using SA_RESTART hides this, since the cancellation handler should > either act uppon cancellation (if asynchronous cancellation is enable) > or ignore the cancellation internal signal. I think this still needs a NEWS entry because there have been kernel bugs in this area (e.g. in CIFS). > Checked on x86_64-linux-gnu and i686-linux-gnu. > --- > nptl/pthread_cancel.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/nptl/pthread_cancel.c b/nptl/pthread_cancel.c > index 0698cd2046..cc25ff21f3 100644 > --- a/nptl/pthread_cancel.c > +++ b/nptl/pthread_cancel.c > @@ -72,7 +72,11 @@ __pthread_cancel (pthread_t th) > { > struct sigaction sa; > sa.sa_sigaction = sigcancel_handler; > - sa.sa_flags = SA_SIGINFO; > + /* The signal handle should be non-interruptible to avoid the risk of > + spurious EINTR caused by SIGCANCEL sent to process or if > + pthread_cancel() is called while cancellation is disabled in the > + target thread. */ > + sa.sa_flags = SA_SIGINFO | SA_RESTART; > __sigemptyset (&sa.sa_mask); > __libc_sigaction (SIGCANCEL, &sa, NULL); > atomic_store_relaxed (&init_sigcancel, 1); I really don't feel comfortable reviewing this. However I think it is still consistent with the (buggy) SYSCALL_CANCEL implementation: int sc_cancel_oldtype = LIBC_CANCEL_ASYNC (); \ sc_ret = INLINE_SYSCALL_CALL (__VA_ARGS__); \ LIBC_CANCEL_RESET (sc_cancel_oldtype); \ We temporary enable async cancellation, in which case we unwind through the signal handler if canceled. We do not rely on a EINTR error return from the system call and a cancellation check outside of the signal handler. So adding SA_RESTART should really be okay. Thanks, Florian
On 18/06/2021 08:38, Florian Weimer wrote: > * Adhemerval Zanella via Libc-alpha: > >> The usage of signals to implementation pthread cancellation is an >> implementation detail and should not be visible through cancellation >> entrypoints. >> >> However now that pthread_cancel always send the SIGCANCEL, some >> entrypoint might be interruptable and return EINTR to the caller >> (for instance on sem_wait). >> >> Using SA_RESTART hides this, since the cancellation handler should >> either act uppon cancellation (if asynchronous cancellation is enable) >> or ignore the cancellation internal signal. > > I think this still needs a NEWS entry because there have been kernel > bugs in this area (e.g. in CIFS). Ok, I have added the following on "Deprecated and removed features, and other changes affecting compatibility" * The pthread cancellation handler is now setup with SA_RESTART. It should not be visible to application since the cancellation handler should either act uppon cancellation (if asynchronous cancellation is enabled) or ignore the cancellation internal signal. > >> Checked on x86_64-linux-gnu and i686-linux-gnu. >> --- >> nptl/pthread_cancel.c | 6 +++++- >> 1 file changed, 5 insertions(+), 1 deletion(-) >> >> diff --git a/nptl/pthread_cancel.c b/nptl/pthread_cancel.c >> index 0698cd2046..cc25ff21f3 100644 >> --- a/nptl/pthread_cancel.c >> +++ b/nptl/pthread_cancel.c >> @@ -72,7 +72,11 @@ __pthread_cancel (pthread_t th) >> { >> struct sigaction sa; >> sa.sa_sigaction = sigcancel_handler; >> - sa.sa_flags = SA_SIGINFO; >> + /* The signal handle should be non-interruptible to avoid the risk of >> + spurious EINTR caused by SIGCANCEL sent to process or if >> + pthread_cancel() is called while cancellation is disabled in the >> + target thread. */ >> + sa.sa_flags = SA_SIGINFO | SA_RESTART; >> __sigemptyset (&sa.sa_mask); >> __libc_sigaction (SIGCANCEL, &sa, NULL); >> atomic_store_relaxed (&init_sigcancel, 1); > > I really don't feel comfortable reviewing this. However I think it is > still consistent with the (buggy) SYSCALL_CANCEL implementation: > > int sc_cancel_oldtype = LIBC_CANCEL_ASYNC (); \ > sc_ret = INLINE_SYSCALL_CALL (__VA_ARGS__); \ > LIBC_CANCEL_RESET (sc_cancel_oldtype); \ > > We temporary enable async cancellation, in which case we unwind through > the signal handler if canceled. We do not rely on a EINTR error return > from the system call and a cancellation check outside of the signal > handler. So adding SA_RESTART should really be okay. Yes, we still cancel the thread even for partial results (BZ#12683).
* Adhemerval Zanella: > On 18/06/2021 08:38, Florian Weimer wrote: >> * Adhemerval Zanella via Libc-alpha: >> >>> The usage of signals to implementation pthread cancellation is an >>> implementation detail and should not be visible through cancellation >>> entrypoints. >>> >>> However now that pthread_cancel always send the SIGCANCEL, some >>> entrypoint might be interruptable and return EINTR to the caller >>> (for instance on sem_wait). >>> >>> Using SA_RESTART hides this, since the cancellation handler should >>> either act uppon cancellation (if asynchronous cancellation is enable) >>> or ignore the cancellation internal signal. >> >> I think this still needs a NEWS entry because there have been kernel >> bugs in this area (e.g. in CIFS). > > Ok, I have added the following on "Deprecated and removed features, and > other changes affecting compatibility" > > * The pthread cancellation handler is now setup with SA_RESTART. It should > not be visible to application since the cancellation handler should either > act uppon cancellation (if asynchronous cancellation is enabled) or > ignore the cancellation internal signal. The key change is: The cancellation signal is now sent in more cases, but this should be transparent to the application due to SA_RESTART. Thanks, Florian
On 22/06/2021 15:33, Florian Weimer wrote: > * Adhemerval Zanella: > >> On 18/06/2021 08:38, Florian Weimer wrote: >>> * Adhemerval Zanella via Libc-alpha: >>> >>>> The usage of signals to implementation pthread cancellation is an >>>> implementation detail and should not be visible through cancellation >>>> entrypoints. >>>> >>>> However now that pthread_cancel always send the SIGCANCEL, some >>>> entrypoint might be interruptable and return EINTR to the caller >>>> (for instance on sem_wait). >>>> >>>> Using SA_RESTART hides this, since the cancellation handler should >>>> either act uppon cancellation (if asynchronous cancellation is enable) >>>> or ignore the cancellation internal signal. >>> >>> I think this still needs a NEWS entry because there have been kernel >>> bugs in this area (e.g. in CIFS). >> >> Ok, I have added the following on "Deprecated and removed features, and >> other changes affecting compatibility" >> >> * The pthread cancellation handler is now setup with SA_RESTART. It should >> not be visible to application since the cancellation handler should either >> act uppon cancellation (if asynchronous cancellation is enabled) or >> ignore the cancellation internal signal. > > The key change is: The cancellation signal is now sent in more cases, > but this should be transparent to the application due to SA_RESTART. I am not sure if we really need to describe this implementation detail on a NEWS entry.
* Adhemerval Zanella: > On 22/06/2021 15:33, Florian Weimer wrote: >> * Adhemerval Zanella: >> >>> On 18/06/2021 08:38, Florian Weimer wrote: >>>> * Adhemerval Zanella via Libc-alpha: >>>> >>>>> The usage of signals to implementation pthread cancellation is an >>>>> implementation detail and should not be visible through cancellation >>>>> entrypoints. >>>>> >>>>> However now that pthread_cancel always send the SIGCANCEL, some >>>>> entrypoint might be interruptable and return EINTR to the caller >>>>> (for instance on sem_wait). >>>>> >>>>> Using SA_RESTART hides this, since the cancellation handler should >>>>> either act uppon cancellation (if asynchronous cancellation is enable) >>>>> or ignore the cancellation internal signal. >>>> >>>> I think this still needs a NEWS entry because there have been kernel >>>> bugs in this area (e.g. in CIFS). >>> >>> Ok, I have added the following on "Deprecated and removed features, and >>> other changes affecting compatibility" >>> >>> * The pthread cancellation handler is now setup with SA_RESTART. It should >>> not be visible to application since the cancellation handler should either >>> act uppon cancellation (if asynchronous cancellation is enabled) or >>> ignore the cancellation internal signal. >> >> The key change is: The cancellation signal is now sent in more cases, >> but this should be transparent to the application due to SA_RESTART. > > I am not sure if we really need to describe this implementation detail > on a NEWS entry. It's the cause of additional EINTR errors. People who have that buggy CIFS module and use thread cancellation could see those spurious EINTR errors. Right, without mentioning EINTR it is probably not useful. 8-/ Thanks, Florian
On 22/06/2021 15:52, Florian Weimer wrote: > * Adhemerval Zanella: > >> On 22/06/2021 15:33, Florian Weimer wrote: >>> * Adhemerval Zanella: >>> >>>> On 18/06/2021 08:38, Florian Weimer wrote: >>>>> * Adhemerval Zanella via Libc-alpha: >>>>> >>>>>> The usage of signals to implementation pthread cancellation is an >>>>>> implementation detail and should not be visible through cancellation >>>>>> entrypoints. >>>>>> >>>>>> However now that pthread_cancel always send the SIGCANCEL, some >>>>>> entrypoint might be interruptable and return EINTR to the caller >>>>>> (for instance on sem_wait). >>>>>> >>>>>> Using SA_RESTART hides this, since the cancellation handler should >>>>>> either act uppon cancellation (if asynchronous cancellation is enable) >>>>>> or ignore the cancellation internal signal. >>>>> >>>>> I think this still needs a NEWS entry because there have been kernel >>>>> bugs in this area (e.g. in CIFS). >>>> >>>> Ok, I have added the following on "Deprecated and removed features, and >>>> other changes affecting compatibility" >>>> >>>> * The pthread cancellation handler is now setup with SA_RESTART. It should >>>> not be visible to application since the cancellation handler should either >>>> act uppon cancellation (if asynchronous cancellation is enabled) or >>>> ignore the cancellation internal signal. >>> >>> The key change is: The cancellation signal is now sent in more cases, >>> but this should be transparent to the application due to SA_RESTART. >> >> I am not sure if we really need to describe this implementation detail >> on a NEWS entry. > > It's the cause of additional EINTR errors. People who have that buggy > CIFS module and use thread cancellation could see those spurious EINTR > errors. Right, without mentioning EINTR it is probably not useful. 8-/ What about: * The pthread cancellation handler is now installed with SA_RESTART and pthread_cancel will always send the internal SIGCANCEL on a cancellation request. It should not be visible to application since the cancellation handler should either act upon cancellation (if asynchronous cancellation is enabled) or ignore the cancellation internal signal. However there is buggy kernel interfaces (for instance some CIFS modules) that could still see spurious EINTR error when cancellation interrupts a blocking syscall.
* Adhemerval Zanella: > * The pthread cancellation handler is now installed with SA_RESTART > and pthread_cancel will always send the internal SIGCANCEL on a > cancellation request. It should not be visible to application since > the cancellation handler should either act upon cancellation (if > asynchronous cancellation is enabled) or ignore the cancellation > internal signal. However there is buggy kernel interfaces (for > instance some CIFS modules) that could still see spurious EINTR > error when cancellation interrupts a blocking syscall. Suggest: “some CIFS [versions]” Rest looks okay to me, thanks. Florian
On 22/06/2021 16:51, Florian Weimer wrote: > * Adhemerval Zanella: > >> * The pthread cancellation handler is now installed with SA_RESTART >> and pthread_cancel will always send the internal SIGCANCEL on a >> cancellation request. It should not be visible to application since >> the cancellation handler should either act upon cancellation (if >> asynchronous cancellation is enabled) or ignore the cancellation >> internal signal. However there is buggy kernel interfaces (for It should be 'there are' here. >> instance some CIFS modules) that could still see spurious EINTR >> error when cancellation interrupts a blocking syscall. > > Suggest: “some CIFS [versions]” > > Rest looks okay to me, thanks. Ack, I will change and push upstream.
diff --git a/nptl/pthread_cancel.c b/nptl/pthread_cancel.c index 0698cd2046..cc25ff21f3 100644 --- a/nptl/pthread_cancel.c +++ b/nptl/pthread_cancel.c @@ -72,7 +72,11 @@ __pthread_cancel (pthread_t th) { struct sigaction sa; sa.sa_sigaction = sigcancel_handler; - sa.sa_flags = SA_SIGINFO; + /* The signal handle should be non-interruptible to avoid the risk of + spurious EINTR caused by SIGCANCEL sent to process or if + pthread_cancel() is called while cancellation is disabled in the + target thread. */ + sa.sa_flags = SA_SIGINFO | SA_RESTART; __sigemptyset (&sa.sa_mask); __libc_sigaction (SIGCANCEL, &sa, NULL); atomic_store_relaxed (&init_sigcancel, 1);