From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Gerd =?UTF-8?Q?M=C3=B6llmann?= Newsgroups: gmane.emacs.bugs Subject: bug#75322: SAFE_ALLOCA assumed to root Lisp_Objects/SSDATA(string) Date: Sat, 04 Jan 2025 13:17:50 +0100 Message-ID: References: <87jzbbke6u.fsf@protonmail.com> <87msg7iq0o.fsf@protonmail.com> <871pxiizrq.fsf@protonmail.com> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="33455"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Cc: 75322@debbugs.gnu.org To: Pip Cet Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sat Jan 04 13:19:21 2025 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1tU37g-0008Zt-KC for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 04 Jan 2025 13:19:20 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tU37Q-0006k1-GB; Sat, 04 Jan 2025 07:19:04 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tU37O-0006jV-Il for bug-gnu-emacs@gnu.org; Sat, 04 Jan 2025 07:19:02 -0500 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tU37O-0002y0-81 for bug-gnu-emacs@gnu.org; Sat, 04 Jan 2025 07:19:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=juWvFpCCxp8eHNP0joEHoMBlGOUfdno4URV8fbJdq2I=; b=W+S1ZmllJh9aSrRc4jDN1BqSHo8M4m2IZfBQdFikwZp5cWG57F42S++3+Ddgb8WHDYeQliLUsL6O+MOBhQVnmQcARzsckKhUcCK72qvnif/HQ8QQ94qzL1wkS9ybufqrNnLar59nAfjQflJAovIWKkh1Ow6oY2zUa//5t1/XN3CLDlizFL2R8qg5DfPmNWYlx+B0h3Bv9k3uXqBak+4KU7RNpOsCLnj7OgPfcLpFOvfAk8lFirNPFK0VrvgKsdVP9gEKTYur7tNK945VwiVzy+moDuHaOSAVg8x0ntgF+X1pYtj/v7I3cIbQGxyg9jzuCKUejeecXFIuF1aF40fuAg==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tU37O-0004oJ-2J for bug-gnu-emacs@gnu.org; Sat, 04 Jan 2025 07:19:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Gerd =?UTF-8?Q?M=C3=B6llmann?= Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 04 Jan 2025 12:19:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 75322 X-GNU-PR-Package: emacs Original-Received: via spool by 75322-submit@debbugs.gnu.org id=B75322.173599308218417 (code B ref 75322); Sat, 04 Jan 2025 12:19:02 +0000 Original-Received: (at 75322) by debbugs.gnu.org; 4 Jan 2025 12:18:02 +0000 Original-Received: from localhost ([127.0.0.1]:53762 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tU36P-0004mo-ES for submit@debbugs.gnu.org; Sat, 04 Jan 2025 07:18:02 -0500 Original-Received: from mail-wr1-x433.google.com ([2a00:1450:4864:20::433]:47478) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1tU36M-0004mS-Kc for 75322@debbugs.gnu.org; Sat, 04 Jan 2025 07:18:00 -0500 Original-Received: by mail-wr1-x433.google.com with SMTP id ffacd0b85a97d-38634c35129so9871588f8f.3 for <75322@debbugs.gnu.org>; Sat, 04 Jan 2025 04:17:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1735993072; x=1736597872; darn=debbugs.gnu.org; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=juWvFpCCxp8eHNP0joEHoMBlGOUfdno4URV8fbJdq2I=; b=Pnv7yGFetMiNVrvkdhWb/WlKhpqfSPkCGO81xsfqDXqjT4ct6+bh/PUqxQ2sFMi/Mm OLeGLlVmHQzO/smLEQfFXofV04x4l790d/kX5gclpsaA94f0B6LtZoIUCuO1vptWvUEf BFBZ50NPt6ZcuiYjTPfNxnP0JDyw1wnMGUgRDTp1jwx/V6zoRd5rab7R71LBr0s9DkGy Nptn1LfDHkmUbUq54uIVwsx+lThMwA7dV5aVyx0iVvpgSJnqmE8PtVkxLxSB776pppZX wkY5FdG+5rvqrTzToTgqdzTPIlngMWGVd/kwTehyruRZwFTtrtIMzFNTAdIJyIO3gmMv ubQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735993072; x=1736597872; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=juWvFpCCxp8eHNP0joEHoMBlGOUfdno4URV8fbJdq2I=; b=feHSeGybxLWq2SQyWQANFLauD2e0jJ3jU6m3SDe7IKKhEGzgxcG6yXpwDxccM2lynL AFLXJAXRAPOpuid1d3o+DkWbieH8GbNEIxonQSu6BfHxBNxHefbiIZm95n/9aow+jNg9 +zrOKnHzn6JgHqcfZ4DhuCsRdcluF8ESGR2lc+KYcXFDNoRSTfnd0L7kMIrNBRAnPfmh 661p3lZUFhQhgjnm03ScBRH9XLJl+dJwW4rIyqrSXZZV0+8jSnVVBTG623JxCrE/ik1b siZ6tDhTyW+FUfZXvLGPYTsjbY3mdZ9PEclCDLkpKkoCyQxUu4SbYJ2Mof/Zv/7s6ha4 yG+A== X-Gm-Message-State: AOJu0YyV/Gi4e5fytyqzyl0p+JBze2m7aUsTkRpzzdDZyJqYEFQigj/+ 4CMybNNm02iMQi/D2NEbsk6Cm/u3SRxmGyHa5In6/bnFOC5534D9bM0pBA== X-Gm-Gg: ASbGnct5lP3BbWnt+XNk8nU74v2QdNdx6tof6hjM45xpvrKsqF5IYUexbj4LybFpTvj B8SjdlpefDs3EYrx9SQp8rng9GhYn9bT0glBxF1gafOBxAZQCYrQ6OI2N2DhiT+iv4Pqvf3e6aY tOOyJ71hk6STIfVTJ1ok+5VexSTRIW/eAE6OtTksYvSXpKvmD1fXmJi+hwb9zHpnVbTO/jHAdsg 7zF/xNejfyf9vyfHSHacVD+W2/TafqlIJinADb0CRlR1L+Id4G33H9t5Nkb2ZDhOCRxLtIfEeZF cmeIGXF5GTt6OzUlDAgM7pCOK0CfSWv1YYXQueoHIRmS/D+kO4B1NccJF8soUGtTDg== X-Google-Smtp-Source: AGHT+IFyQEvx5TODGJtuhnlfw2CeUbgHeq6x5gODxvmTZROLlzPgG13cFTZpovETANwbv3Pb038XvQ== X-Received: by 2002:a5d:64ac:0:b0:385:effc:a279 with SMTP id ffacd0b85a97d-38a223ff46cmr38560553f8f.58.1735993071880; Sat, 04 Jan 2025 04:17:51 -0800 (PST) Original-Received: from pro2 (p200300e0b73c9f00c50ae305bf989514.dip0.t-ipconnect.de. [2003:e0:b73c:9f00:c50a:e305:bf98:9514]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-43661219611sm516624075e9.23.2025.01.04.04.17.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Jan 2025 04:17:51 -0800 (PST) In-Reply-To: <871pxiizrq.fsf@protonmail.com> (Pip Cet's message of "Sat, 04 Jan 2025 11:29:46 +0000") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:298385 Archived-At: Pip Cet writes: >> TBH, I couldn't follow your thoughts above with the EFAULT, syscalls and >> so on. > > My understanding is that if there is a memory barrier in place for a > string that a syscall tries to access, we get an -EFAULT from Linux, an > EFAULT from glibc, and the syscall won't work. Ah, I think I understand now, thanks. Thing is that string data is in our leaf pool (AMCZ). AMCZ doesn't use barriers because there are no references in its objects. Does that make sense? > This is what makes valid_pointer_p work, for example. (To the extent it > does: valid_pointer_p assumes 16 bytes after the pointer are readable; I > don't see why that is true for small objects). > > What makes this more difficult is that glibc and GCC disagree about what > to do with invalid pointers even in the simplest case: glibc documents > printf ("%s\n", NULL) to work, but GCC will rewrite it into puts (NULL), > which crashes. I'm worried that glibc might wrap a syscall incorrectly > wrt EFAULT and SIGSEGV, in this case. > > Worse, if the syscall is in a fork()ed process, MPS machinery to remove > the memory barrier might not be in place after the fork. And who knows > about posix_spawn action descriptors? Or vfork? > >>>> Or one does it as you did in b0a209e9204, that's of course also safe. >>>> For both old and new GC. (Don't remember if you mentioned it Pip, but >>>> old GC moves string data as well, during string compaction, should GC >>>> run). >>> >>> Ouch. Yes, I remember now. >>> >>> Pip >> >> And today I see you reverted that commit. Is there something wrong with >> it? I couldn't see something wrong, and for me VALUE(no root) > >> VALUE(exact) VALUE(ambig). > > There were two reasons for the revert: > > 1. Eli asked me not to push the change right after I pushed. I thought > it would be best to restore the "before" state so we could discuss the > solution. > > 2. For the non-MPS case, I rashly assumed it would be okay to remove the > no-GC assumption that call_process apparently establishes (even though > there is no comment saying so). I'm not sure what I would do now; the > old code seems buggy to me because Fexpand_file_name can call Lisp, but > that bug affects only argv, not envp. It may be best to fix the argv > code but leave the envp code in its (once again) current fragile state, > documenting precisely which assumptions are made there. > >> WRT Lisp_Object allocas, please tell if I should do that. > > Sorry, I don't understand. Lisp_Objects shouldn't be allocated with > SAFE_ALLOCA, but allocating them with SAFE_ALLOCA_LISP_EXTRA is fine. > Pointers to string data cannot currently be safely allocated with > SAFE_ALLOCA, but I'm not sure whether SAFE_ALLOCA_AMBIGUOUS or > SAFE_ALLOCA_EXACT_POINTER would be the right thing to do. My fault: I meant allocas used to store Lisp_Object in them, i.e. Lisp_Object * :-).