From owner-freebsd-threads@FreeBSD.ORG  Mon May 26 21:09:42 2003
Return-Path: <owner-freebsd-threads@FreeBSD.ORG>
Delivered-To: freebsd-threads@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D1C5C37B401
	for <freebsd-threads@freebsd.org>;
	Mon, 26 May 2003 21:09:42 -0700 (PDT)
Received: from mail.pcnet.com (mail.pcnet.com [204.213.232.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 20D6143F93
	for <freebsd-threads@freebsd.org>;
	Mon, 26 May 2003 21:09:42 -0700 (PDT)
	(envelope-from eischen@pcnet1.pcnet.com)
Received: from pcnet1.pcnet.com (localhost [127.0.0.1])
	by mail.pcnet.com (8.12.8/8.12.1) with ESMTP id h4R49fwQ028325;
	Tue, 27 May 2003 00:09:41 -0400 (EDT)
Received: from localhost (eischen@localhost)h4R49ekw028321;
	Tue, 27 May 2003 00:09:41 -0400 (EDT)
Date: Tue, 27 May 2003 00:09:40 -0400 (EDT)
From: Daniel Eischen <eischen@pcnet1.pcnet.com>
To: Alexander Kabaev <kabaev@mail.ru>
In-Reply-To: <20030526204634.4c0cfee6.kabaev@mail.ru>
Message-ID: <Pine.GSO.4.10.10305262356550.22455-100000@pcnet1.pcnet.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-threads@freebsd.org
Subject: Re: konsole triggers infinite SIGABRT loop in libkse
X-BeenThere: freebsd-threads@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Threading on FreeBSD <freebsd-threads.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-threads>,
	<mailto:freebsd-threads-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-threads>
List-Post: <mailto:freebsd-threads@freebsd.org>
List-Help: <mailto:freebsd-threads-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-threads>,
	<mailto:freebsd-threads-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 May 2003 04:09:43 -0000

On Mon, 26 May 2003, Alexander Kabaev wrote:

> There is a simple way to trigger an infinite loop in konsole with
> libkse. Sometimes konsole tries to chown the pty is has created and
> fails with the following message:
> 
> konsole: cannot chown /dev/ttyp9.
> Reason: Operation not permitted
> 
> It tries to abort() itself afterwards, entering the infinite loop, see
> backtrace below. Apparently, _thr_sig_handler simply calls itself over
> and over again.

Hmm, I think I can see how this could occur after a fork.  Does this
solve the problem for you:

Index: thread/thr_sig.c
===================================================================
RCS file: /home/ncvs/src/lib/libpthread/thread/thr_sig.c,v
retrieving revision 1.51
diff -u -r1.51 thr_sig.c
--- thread/thr_sig.c	24 May 2003 02:29:25 -0000	1.51
+++ thread/thr_sig.c	27 May 2003 04:06:52 -0000
@@ -175,7 +175,7 @@
 void
 _thr_sig_handler(int sig, siginfo_t *info, ucontext_t *ucp)
 {
-	void (*sigfunc)(int, siginfo_t *, void *);
+	__siginfohandler_t *sigfunc;
 	struct kse *curkse;
 
 	curkse = _get_curkse();
@@ -184,7 +184,8 @@
 		sigfunc = _thread_sigact[sig - 1].sa_sigaction;
 		ucp->uc_sigmask = _thr_proc_sigmask;
 		if (((__sighandler_t *)sigfunc != SIG_DFL) &&
-		    ((__sighandler_t *)sigfunc != SIG_IGN)) {
+		    ((__sighandler_t *)sigfunc != SIG_IGN) &&
+		    (sigfunc != (__siginfohandler_t *)_thr_sig_handler)) {
 			if (((_thread_sigact[sig - 1].sa_flags & SA_SIGINFO)
 			    != 0) || (info == NULL))
 				(*(sigfunc))(sig, info, ucp);


-- 
Dan Eischen