This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] abort: Do not flush stdio streams [BZ #15436]

From: Florian Weimer <fweimer at redhat dot com>
To: libc-alpha at sourceware dot org
Date: Wed, 30 Aug 2017 21:37:19 +0200
Subject: Re: [PATCH] abort: Do not flush stdio streams [BZ #15436]
Authentication-results: sourceware.org; auth=none
Authentication-results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=fweimer at redhat dot com
Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com C4548285A8
References: <20170817133507.CEA5341DB79B0@oldenburg.str.redhat.com> <5453e6d9-11dd-5dce-f38f-4c8793864ddc@redhat.com> <1ded54c6-5796-b844-3cc5-9dbf21671c2d@redhat.com> <5e2d5837-3344-8710-f2c8-265d404c2205@redhat.com> <d916944d-479f-a13a-db47-e6a9736d60ef@redhat.com> <b1bd01cf-7298-c495-8e03-d5148f7219cc@redhat.com> <0f8e9f6b-18bb-f045-c662-ea6c468c78d6@redhat.com> <cde3dfad-fb6d-5e9a-15b8-4e2db863abc2@linaro.org>

On 08/30/2017 09:17 PM, Adhemerval Zanella wrote:
> 
> 
> On 30/08/2017 12:52, Florian Weimer wrote:
>> Here's an alternative patch which removes flushing completely.  This is
>> what Andreas suggested.
>>
>> I've added a short NEWS entry.
> 
> So the idea is still partial flush, but without internal locking? Regarding 
> partial flushing, I still think we can remove malloc altogether in 
> open_memstream overflow, so there is no need to make is only for file
> operations (I have it my backlog to send a patch for it).
> 
> Also I think you missed the NEWS entry.

No, I posted a patch generated from the wrong branch.

Thanks,
Florian

Do not flush stdio streams on abort [BZ #15436]

2017-08-30  Florian Weimer  <fweimer@redhat.com>

	[BZ #15436]
	Do not flush stdio streams on abort.
	* stdlib/abort.c (fflush): Remove macro definition.
	(abort): Remove stages related to stdio flushing.

diff --git a/NEWS b/NEWS
index 625bcc60b6..221015bd4b 100644
--- a/NEWS
+++ b/NEWS
@@ -20,6 +20,10 @@ Major new features:
   leads to lower overall process restart latency, so there is benefit both
   from a security and performance perspective.
 
+* The abort function terminates the process immediately, without flushing
+  stdio streams.  Previous glibc versions used to flush streams, resulting
+  in deadlocks and further data corruption.
+
 Deprecated and removed features, and other changes affecting compatibility:
 
 * On GNU/Linux, the obsolete Linux constant PTRACE_SEIZE_DEVEL is no longer
diff --git a/stdlib/abort.c b/stdlib/abort.c
index 19882f3e3d..117a507ff8 100644
--- a/stdlib/abort.c
+++ b/stdlib/abort.c
@@ -31,9 +31,6 @@
 # define ABORT_INSTRUCTION
 #endif
 
-#include <libio/libioP.h>
-#define fflush(s) _IO_flush_all_lockp (0)
-
 /* Exported variable to locate abort message in core files etc.  */
 struct abort_msg_s *__abort_msg __attribute__ ((nocommon));
 libc_hidden_def (__abort_msg)
@@ -67,16 +64,8 @@ abort (void)
       __sigprocmask (SIG_UNBLOCK, &sigs, 0);
     }
 
-  /* Flush all streams.  We cannot close them now because the user
-     might have registered a handler for SIGABRT.  */
-  if (stage == 1)
-    {
-      ++stage;
-      fflush (NULL);
-    }
-
   /* Send signal which possibly calls a user handler.  */
-  if (stage == 2)
+  if (stage == 1)
     {
       /* This stage is special: we must allow repeated calls of
 	 `abort' when a user defined handler for SIGABRT is installed.
@@ -94,7 +83,7 @@ abort (void)
     }
 
   /* There was a handler installed.  Now remove it.  */
-  if (stage == 3)
+  if (stage == 2)
     {
       ++stage;
       memset (&act, '\0', sizeof (struct sigaction));
@@ -104,30 +93,22 @@ abort (void)
       __sigaction (SIGABRT, &act, NULL);
     }
 
-  /* Now close the streams which also flushes the output the user
-     defined handler might has produced.  */
-  if (stage == 4)
-    {
-      ++stage;
-      __fcloseall ();
-    }
-
   /* Try again.  */
-  if (stage == 5)
+  if (stage == 3)
     {
       ++stage;
       raise (SIGABRT);
     }
 
   /* Now try to abort using the system specific command.  */
-  if (stage == 6)
+  if (stage == 4)
     {
       ++stage;
       ABORT_INSTRUCTION;
     }
 
   /* If we can't signal ourselves and the abort instruction failed, exit.  */
-  if (stage == 7)
+  if (stage == 5)
     {
       ++stage;
       _exit (127);

References:
- [PATCH] abort: Only flush file-based stdio streams before termination
  - From: Florian Weimer
- Re: [PATCH] abort: Only flush file-based stdio streams before termination
  - From: Carlos O'Donell
- Re: [PATCH] abort: Only flush file-based stdio streams before termination
  - From: Florian Weimer
- Re: [PATCH] abort: Only flush file-based stdio streams before termination
  - From: Carlos O'Donell
- Re: [PATCH] abort: Only flush file-based stdio streams before termination
  - From: Florian Weimer
- Re: [PATCH] abort: Only flush file-based stdio streams before termination
  - From: Carlos O'Donell
- Re: [PATCH] abort: Do not flush stdio streams [BZ #15436]
  - From: Florian Weimer
- Re: [PATCH] abort: Do not flush stdio streams [BZ #15436]
  - From: Adhemerval Zanella

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]