Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <75d1d0f9-950b-6bb1-0ed5-f1d28df0cef8@redhat.com>
Date: Wed, 16 Feb 2022 14:56:12 -0500
From: Carlos O'Donell <carlos@...hat.com>
To: musl@...ts.openwall.com, Markus Wichmann <nullplan@....net>
Subject: Re: Is errno signal-safe?

On 2/16/22 14:40, Markus Wichmann wrote:
> Hi all,
> 
> today I had a flash of inspiration while staring at some code: errno is
> a global variable, right? OK, it is thread-local, but still a global
> variable in the context of one thread. And looking at a global variable
> while it may (or may not) be modified in a signal handler is not safe to
> do.

It is required that errno, if changed, must be restored by the signal handler before exit
(though note that for glibc the underlying lazy TLS allocation implementation makes errno
AS-unsafe for first use in a signal handler because calloc is used to allocate the storage).
 
> So now I have to wonder. There are a bunch of functions that set errno,
> that are on the ostensibly async-signal-safe list, like for example
> write(). And to my knowledge, changes to errno are not turned back by
> sigreturn(). So, are changes to errno made in a signal handler
> propagated to the main program? If so, how do I inspect errno correctly
> in the main program? I could block signals, but for one thing, doing so
> every time errno might be relevant is going to be overkill, and for two,
> if the system call I want the errno from is also blocking and I want to
> allow signals while the call is blocking, there is no way to do that
> without race condition.

You don't need to do any of that. A correctly written signal handler must save and
restore errno or not modify it all.

It has been discussed before by both glibc and musl developers that it might be a good
idea all around to wrap signal handlers and save and restore errno in the wrapper
to avoid this entire class of problems (but this is easier said than done).

> But then again, now that I thought of it, this is so obvious that surely
> someone else must have stumbled across it before, right? A solution must
> exist, right?

It's not entirely obvious (like [1] is not always obvious), but it has been discussed and
considered, and the solution is emergent given the standards requirements :}

-- 
Cheers,
Carlos.

[1] https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/commit/?id=dbb01cbbdb60c34a16d9d48cb58ed3680a5dd36d

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.