Re: [PATCH 2.5.73] Signal stack fixes #1 introduce PF_SS_ACTIVE

Jörn Engel (joern@wohnheim.fh-wedel.de)
Sun, 6 Jul 2003 12:17:54 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Margit Schubert-While: "Re: Linux 2.4.22-pre3"
Previous message: juan: "Re: 2.4.21 and 2.5.74 freeze on cardmgr start"

On Sun, 6 July 2003 18:47:50 +1000, Paul Mackerras wrote:
>
> You can get the same effect by doing kill(0, SIGINT) inside a handler
> for SIGINT. All you seem to be saying is "if you behave stupidly then
> bad things happen to you". I don't see that this example exposes any
> bug or vulnerability in the kernel.

Maybe we are just working under different assumptions, so let me
explain my background a little.

Two of the reasons, why open source works well, are frequent releases
and lots of feedback. In the embedded world, a typical number of
releases is one and a typical amount of feedback is none. So you
either create a perfect product or you arrange for feedback yourself.

Without any user interaction tools around, the best feedback you can
get is a core dump plus maybe some information from /proc. Remember
the borken patch for ppc I sent to you? We didn't get a core dump and
people were quite unhappy, so the investigation began.

In the course of the investigation, I found another spot, where we
didn't get a core dump, which started this whole thread. Guess what,
people aren't happy either. One workaround would be to never use the
signal stack, but if this can be fixed properly, I would see more
happy faces at work. And I like happy faces.

> You had to go to some trouble to get this effect - you had to use an
> asm statement to change the stack pointer, which is well and truly
> into "undefined behaviour" territory, and so you deserve all you
> get. :) It's a very contrived example IMHO.

There is an open source web server that, combined with a closed source
library, fscks up your stack pointer. I don't know how they did it
and I don't even care. What I do care about is that it happened, that
it can happen again any time, and that we handle this problem as
gracefully as possible. A core dump is graceful, a do_exit(SIGSEGV),
as it was in the ppc code is not, and an inifite loop is anything but
graceful.

I agree that my initial patch can cause other problems, but the
problem itself should still get fixed.

Jörn

-- 
More computing sins are committed in the name of efficiency (without
necessarily achieving it) than for any other single reason - including
blind stupidity.
-- W. A. Wulf 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Margit Schubert-While: "Re: Linux 2.4.22-pre3"
Previous message: juan: "Re: 2.4.21 and 2.5.74 freeze on cardmgr start"