Intercept sigaction to prevent libraries from overwriting signal handlers#420
Intercept sigaction to prevent libraries from overwriting signal handlers#420
Conversation
jbachorik
force-pushed
the
jb/wasmtime_workaround
branch
from
15846f8 to
379b35e
Compare
Wasmtime's SIGSEGV handler calls malloc() via __tls_get_addr, which is not async-signal-safe and causes deadlocks when profiler uses safefetch. Patch wasmtime's sigaction GOT entry to intercept handler installations. Their handlers are stored as chain targets and called from our handlers. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
jbachorik
force-pushed
the
jb/wasmtime_workaround
branch
from
379b35e to
2fcf604
Compare
CI Test ResultsRun: #23245408117 | Commit:
Status Overview
Legend: ✅ passed | ❌ failed | ⚪ skipped | 🚫 cancelled Summary: Total: 32 | Passed: 32 | Failed: 0 Updated: 2026-03-18 13:02:32 UTC |
rkennke
left a comment
rkennke
left a comment
There was a problem hiding this comment.
Looks good overall (well as good as patching-out call addresses can look, I suppose), I just have two questions.
| } | ||
|
|
||
| // Check if already patched or array is full | ||
| if (_sigaction_size >= MAX_NATIVE_LIBS) { |
There was a problem hiding this comment.
So what happens if the array is full? We silently ignore it and don't patch? Isn't this asking for weird failures that would be hard to notice?
There was a problem hiding this comment.
Yes, we would risk those libraries to be able to mess up our safefetch processing. The truth is, vast majority of the libraries are ok.
Also, the whole codecache infra will work only with at most MAX_NATIVE_LIBS libraries, so we will work in a weird mode anyway.
We can add a warning or a counter to indicate the overflow, though.
| return __atomic_load_n(&_bus_chain_target, __ATOMIC_ACQUIRE); | ||
| } | ||
|
|
||
| // sigaction hook - called via GOT patching to intercept sigaction calls |
There was a problem hiding this comment.
Global Offset Table - https://en.wikipedia.org/wiki/Global_Offset_Table
rkennke
left a comment
rkennke
left a comment
There was a problem hiding this comment.
Ok, thanks for the explanations. Feel free to add a warning, if you like.
- Add NATIVE_LIBS_DROPPED counter and LOG_WARN macro - CodeCacheArray::add() returns bool, logs once on overflow - Fix memory leak: delete CodeCache on failed add - Add missing macOS stubs for sigaction protection Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
Yes, added warning and also a counter that would tell us how many libraries we missed due to overflow. |
|
Backported to |
2 participants
Summary
sigaction()calls via GOT patching to prevent other libraries from overwriting our SIGSEGV/SIGBUS handlersmalloc()(not async-signal-safe)Problem
Wasmtime's SIGSEGV handler calls
__tls_get_addrwhich can callmalloc(), violating async-signal-safety. When the profiler usessafefetch, this causes deadlocks:safefetchsafefetchtriggers SIGSEGVmalloc()→ deadlock(see bytecodealliance/wasmtime#12787 wasmtime issue)
Solution
sigactionGOT entry in all loaded librariesTest plan
🤖 Generated with Claude Code