[RFC] linux-user: Remove stale "not threadsafe" comments

Peter Maydell posted 1 patch 2 years, 9 months ago
Test checkpatch passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20220114155032.3767771-1-peter.maydell@linaro.org
Maintainers: Laurent Vivier <laurent@vivier.eu>
linux-user/signal.c | 2 --
1 file changed, 2 deletions(-)
[RFC] linux-user: Remove stale "not threadsafe" comments
Posted by Peter Maydell 2 years, 9 months ago
In linux-user/signal.c we have two FIXME comments claiming that
parts of the signal-handling code are not threadsafe. These are
very old, as they were first introduced in commit 624f7979058
in 2008. Since then we've radically overhauled the signal-handling
logic, while carefully preserving these FIXME comments.

It's unclear exactly what thread-safety issue the original
author was trying to point out -- the relevant data structures
are in the TaskStruct, which makes them per-thread and only
operated on by that thread. The old code at the time of that
commit did have various races involving signal handlers being
invoked at awkward times; possibly this was what was meant.

Delete these FIXME comments:
 * they were written at a time when the way we handled
   signals was completely different
 * the code today appears to us to not have thread-safety issues
 * nobody knows what the problem the comments were trying to
   point out was
so they are serving no useful purpose for us today.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
Marked "RFC" because I'm a bit uneasy with deleting FIXMEs
simply because I can't personally figure out why they're
there. This patch is more to start a discussion to see
if anybody does understand the issue -- in which case we
can instead augment the comments to describe it.
---
 linux-user/signal.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/linux-user/signal.c b/linux-user/signal.c
index 32854bb3752..e7410776e21 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -1001,7 +1001,6 @@ int do_sigaction(int sig, const struct target_sigaction *act,
         oact->sa_mask = k->sa_mask;
     }
     if (act) {
-        /* FIXME: This is not threadsafe.  */
         __get_user(k->_sa_handler, &act->_sa_handler);
         __get_user(k->sa_flags, &act->sa_flags);
 #ifdef TARGET_ARCH_HAS_SA_RESTORER
@@ -1151,7 +1150,6 @@ void process_pending_signals(CPUArchState *cpu_env)
     sigset_t *blocked_set;
 
     while (qatomic_read(&ts->signal_pending)) {
-        /* FIXME: This is not threadsafe.  */
         sigfillset(&set);
         sigprocmask(SIG_SETMASK, &set, 0);
 
-- 
2.25.1


Re: [RFC] linux-user: Remove stale "not threadsafe" comments
Posted by Alex Bennée 2 years, 9 months ago
Peter Maydell <peter.maydell@linaro.org> writes:

> In linux-user/signal.c we have two FIXME comments claiming that
> parts of the signal-handling code are not threadsafe. These are
> very old, as they were first introduced in commit 624f7979058
> in 2008. Since then we've radically overhauled the signal-handling
> logic, while carefully preserving these FIXME comments.
>
> It's unclear exactly what thread-safety issue the original
> author was trying to point out -- the relevant data structures
> are in the TaskStruct, which makes them per-thread and only
> operated on by that thread. The old code at the time of that
> commit did have various races involving signal handlers being
> invoked at awkward times; possibly this was what was meant.
>
> Delete these FIXME comments:
>  * they were written at a time when the way we handled
>    signals was completely different
>  * the code today appears to us to not have thread-safety issues
>  * nobody knows what the problem the comments were trying to
>    point out was
> so they are serving no useful purpose for us today.
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
> Marked "RFC" because I'm a bit uneasy with deleting FIXMEs
> simply because I can't personally figure out why they're
> there. This patch is more to start a discussion to see
> if anybody does understand the issue -- in which case we
> can instead augment the comments to describe it.
> ---
>  linux-user/signal.c | 2 --
>  1 file changed, 2 deletions(-)
>
> diff --git a/linux-user/signal.c b/linux-user/signal.c
> index 32854bb3752..e7410776e21 100644
> --- a/linux-user/signal.c
> +++ b/linux-user/signal.c
> @@ -1001,7 +1001,6 @@ int do_sigaction(int sig, const struct target_sigaction *act,
>          oact->sa_mask = k->sa_mask;
>      }
>      if (act) {
> -        /* FIXME: This is not threadsafe.  */
>          __get_user(k->_sa_handler, &act->_sa_handler);
>          __get_user(k->sa_flags, &act->sa_flags);
>  #ifdef TARGET_ARCH_HAS_SA_RESTORER
> @@ -1151,7 +1150,6 @@ void process_pending_signals(CPUArchState *cpu_env)
>      sigset_t *blocked_set;
>  
>      while (qatomic_read(&ts->signal_pending)) {
> -        /* FIXME: This is not threadsafe.  */
>          sigfillset(&set);
>          sigprocmask(SIG_SETMASK, &set, 0);

Looking at the history those FIXMEs could have been for code that they
where attached to. Could the thread safety be about reading the
sigaction stuff? I would have though sigaction updates where atomic by
virtue of the syscall to set them...

Anyway looks old to me:

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>

-- 
Alex Bennée

Re: [RFC] linux-user: Remove stale "not threadsafe" comments
Posted by Warner Losh 2 years, 9 months ago
On Sat, Jan 15, 2022 at 2:49 AM Alex Bennée <alex.bennee@linaro.org> wrote:

>
> Peter Maydell <peter.maydell@linaro.org> writes:
>
> > In linux-user/signal.c we have two FIXME comments claiming that
> > parts of the signal-handling code are not threadsafe. These are
> > very old, as they were first introduced in commit 624f7979058
> > in 2008. Since then we've radically overhauled the signal-handling
> > logic, while carefully preserving these FIXME comments.
> >
> > It's unclear exactly what thread-safety issue the original
> > author was trying to point out -- the relevant data structures
> > are in the TaskStruct, which makes them per-thread and only
> > operated on by that thread. The old code at the time of that
> > commit did have various races involving signal handlers being
> > invoked at awkward times; possibly this was what was meant.
> >
> > Delete these FIXME comments:
> >  * they were written at a time when the way we handled
> >    signals was completely different
> >  * the code today appears to us to not have thread-safety issues
> >  * nobody knows what the problem the comments were trying to
> >    point out was
> > so they are serving no useful purpose for us today.
> >
> > Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> > ---
> > Marked "RFC" because I'm a bit uneasy with deleting FIXMEs
> > simply because I can't personally figure out why they're
> > there. This patch is more to start a discussion to see
> > if anybody does understand the issue -- in which case we
> > can instead augment the comments to describe it.
> > ---
> >  linux-user/signal.c | 2 --
> >  1 file changed, 2 deletions(-)
>




> > diff --git a/linux-user/signal.c b/linux-user/signal.c
> > index 32854bb3752..e7410776e21 100644
> > --- a/linux-user/signal.c
> > +++ b/linux-user/signal.c
> > @@ -1001,7 +1001,6 @@ int do_sigaction(int sig, const struct
> target_sigaction *act,
> >          oact->sa_mask = k->sa_mask;
> >      }
> >      if (act) {
> > -        /* FIXME: This is not threadsafe.  */
> >          __get_user(k->_sa_handler, &act->_sa_handler);
> >          __get_user(k->sa_flags, &act->sa_flags);
> >  #ifdef TARGET_ARCH_HAS_SA_RESTORER
> > @@ -1151,7 +1150,6 @@ void process_pending_signals(CPUArchState *cpu_env)
> >      sigset_t *blocked_set;
> >
> >      while (qatomic_read(&ts->signal_pending)) {
> > -        /* FIXME: This is not threadsafe.  */
> >          sigfillset(&set);
> >          sigprocmask(SIG_SETMASK, &set, 0);
>
> Looking at the history those FIXMEs could have been for code that they
> where attached to. Could the thread safety be about reading the
> sigaction stuff? I would have though sigaction updates where atomic by
> virtue of the syscall to set them...
>
> Anyway looks old to me:
>
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
>

Reviewed-by: Warner Losh <imp@bsdimp.com>

I looked in bsd-user, to where this was also copied, and couldn't figure out
what it was talking about...  Though that's a weak review, imho..


> --
> Alex Bennée
>
>
Re: [RFC] linux-user: Remove stale "not threadsafe" comments
Posted by Laurent Vivier 2 years, 8 months ago
Le 14/01/2022 à 16:50, Peter Maydell a écrit :
> In linux-user/signal.c we have two FIXME comments claiming that
> parts of the signal-handling code are not threadsafe. These are
> very old, as they were first introduced in commit 624f7979058
> in 2008. Since then we've radically overhauled the signal-handling
> logic, while carefully preserving these FIXME comments.
> 
> It's unclear exactly what thread-safety issue the original
> author was trying to point out -- the relevant data structures
> are in the TaskStruct, which makes them per-thread and only
> operated on by that thread. The old code at the time of that
> commit did have various races involving signal handlers being
> invoked at awkward times; possibly this was what was meant.
> 
> Delete these FIXME comments:
>   * they were written at a time when the way we handled
>     signals was completely different
>   * the code today appears to us to not have thread-safety issues
>   * nobody knows what the problem the comments were trying to
>     point out was
> so they are serving no useful purpose for us today.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
> Marked "RFC" because I'm a bit uneasy with deleting FIXMEs
> simply because I can't personally figure out why they're
> there. This patch is more to start a discussion to see
> if anybody does understand the issue -- in which case we
> can instead augment the comments to describe it.
> ---
>   linux-user/signal.c | 2 --
>   1 file changed, 2 deletions(-)

Applied to my linux-user-for-7.0 branch.

Thanks,
Laurent