New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
caml_leave_blocking section and errno corruption #5982
Comments
Comment author: @diml errno should also be saved in handle_signal since it can be executed while the runtime system lock is released and this could break the C code. It seems to be common practice to save errno in signal handlers that can modify it. |
Comment author: @diml Fixed in commit 13667 and 13668. |
edwintorok
added a commit
to edwintorok/xen
that referenced
this issue
Dec 6, 2022
Use 'uerror' from unixsupport.h to raise an exception containing error. All the functions here (except for 'xenevtchn_fd') claim to set errno properly in xenevtchn.h. Although it may look like errno is already gone due to the call to 'caml_leave_blocking_section' that is how all the Unix bindings are written and the compiler runtime will ensure that function/macro will save/restore errno properly, see ocaml/ocaml#5982 ocaml/ocaml@5de2108 (part of OCaml 4.01.0, and we require 4.02+ so this is safe) The other argument to 'uerror' is passed as Nothing because that is reserved for string input arguments to the underlying C library call, and there are none in this case. Signed-off-by: Edwin Török <edvin.torok@citrix.com>
edwintorok
added a commit
to edwintorok/xen
that referenced
this issue
Dec 8, 2022
Use 'uerror' from unixsupport.h to raise an exception containing error. All the functions here (except for 'xenevtchn_fd') claim to set errno properly in xenevtchn.h. Although it may look like errno is already gone due to the call to 'caml_leave_blocking_section' that is how all the Unix bindings are written and the compiler runtime will ensure that function/macro will save/restore errno properly, see ocaml/ocaml#5982 ocaml/ocaml@5de2108 (part of OCaml 4.01.0, and we require 4.02+ so this is safe) The other argument to 'uerror' is passed as Nothing because that is reserved for string input arguments to the underlying C library call, and there are none in this case. Signed-off-by: Edwin Török <edvin.torok@citrix.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Original bug ID: 5982
Reporter: @diml
Assigned to: @diml
Status: closed (set by @xavierleroy on 2015-12-11T18:18:54Z)
Resolution: fixed
Priority: normal
Severity: minor
Version: 4.01.0+dev
Target version: 4.02.0+dev
Fixed in version: 4.01.0+dev
Category: runtime system and C interface
Monitored by: @ygrek @hcarty
Bug description
This is a widespread idiom for writing C stubs:
Here [uerror] uses the global variable [errno]. The problem is that [leave_blocking_section] can run arbitrary code and so modify [errno]. It can run signal handlers for instance. Attached is an example of program where the call to select is expected to fail with EINTR but instead fails with EROFS.
Obviously bindings should be written this way:
But since this is very common I propose that [leave_blocking_section] saves and restores [errno].
Additional information
let () =
(* Force initialization of the thread library. This modify
[caml_try_leave_blocking_section_hook] so that all
signals are executed by [caml_leave_blocking_section]
and never asynchronously. *)
ignore (Thread.self ());
Sys.set_signal Sys.sigalrm
(Sys.Signal_handle (fun _ ->
try
(* This will modify [errno]. *)
ignore (Unix.openfile "/etc/passwd" [Unix.O_WRONLY] 0)
with _ ->
()));
ignore (Unix.alarm 1);
try
ignore (Unix.select [] [] [] (-1.0))
with exn ->
prerr_endline (Printexc.to_string exn);
exit 2
The text was updated successfully, but these errors were encountered: