This is the mail archive of the cygwin-developers mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: sem_init() fails (when used in a certain way)

From: Christopher Faylor <cgf-use-the-mailinglist-please at cygwin dot com>
To: cygwin-developers at cygwin dot com
Date: Wed, 30 Mar 2011 01:35:42 -0400
Subject: Re: sem_init() fails (when used in a certain way)
References: <4D91E177.70006@dronecode.org.uk> <20110329155331.GB7527@calimero.vinschen.de> <20110329172412.GA28593@ednor.casa.cgf.cx> <20110329213832.GC7527@calimero.vinschen.de>
Reply-to: cygwin-developers at cygwin dot com

On Tue, Mar 29, 2011 at 11:38:32PM +0200, Corinna Vinschen wrote:
>On Mar 29 13:24, Christopher Faylor wrote:
>> On Tue, Mar 29, 2011 at 05:53:31PM +0200, Corinna Vinschen wrote:
>> >On Mar 29 14:41, Jon TURNEY wrote:
>> >> $ ./sem_init_malloc_testcase
>> >> sem_init: Device or resource busy
>> >> [...]
>> >> I'm not sure how to fix this:
>> >> 
>> >> Changing sem_t from a pointer to an instance of class semaphore is not a good
>> >> idea as it would change a lot of code, and a non-starter as it breaks ABI by
>> >> changing sizeof(sem_t), and I have to assume there is a reason it was
>> >> implemented using a pointer in the first place.
>> >> 
>> >> Removing the is_good_object() check from semaphore::init() (and thus changing
>> >> the undefined behaviour when a sem_init() is used twice from 'return EBUSY' to
>> >> 'leak some memory') would work.  Perhaps downgrading the error to strace
>> >> output "potential repeated semaphore initialization"?
>> >
>> >This sounds like a good idea to me.  Given that the test can accidentally
>> >identify the content of the semaphore as valid, the test is somewhat
>> >dangerous.
>> >
>> >> I hope someone has some better ideas?
>> >
>> >I don't think there's any other way.  Glibc does not check the semaphore
>> >storage at all when calling sem_init and SUSv4 states
>> >
>> >  "Attempting to initialize an already initialized semaphore results in
>> >   undefined behavior."
>> >
>> >I'd say, just go ahead.
>> 
>> I think we should put a
>> 
>>  myfault efault;
>>  if (efault.faulted ())
>>     ...
>> 
>> in place of the is_good_object() test and sprinkle those throughout the
>> other sem_* functions, if they're not already there.
>
>You can't just replace all is_good_object tests with myfault handlers,
>afaics.  The only case where the is_good_object test doesn't make sense
>for the reason outlined in Jon's mail are the init methods of the
>various object types.  In all other methods the is_good_object test is
>still necessary to check the object pointer and to generate the EINVAL
>error code reliably.  So the myfault handler could (and probably
>should) be added to these methods while keeping the is_good_object
>test.

The reason I mentioned putting them in the functions rather than an init
function is to catch any subsequent problems with dereferencing invalid
pointers.  If you put a handler in the init function then it is only
valid for the life of the init function.  I wasn't suggesting replacing
all of the is_good_object tests, though, just the one that Jon
identified.

cgf

Follow-Ups:
- Re: sem_init() fails (when used in a certain way)
  - From: Corinna Vinschen

References:
- sem_init() fails (when used in a certain way)
  - From: Jon TURNEY
- Re: sem_init() fails (when used in a certain way)
  - From: Corinna Vinschen
- Re: sem_init() fails (when used in a certain way)
  - From: Christopher Faylor
- Re: sem_init() fails (when used in a certain way)
  - From: Corinna Vinschen

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]