Bug #54667 Unnecessary signal handler redefinition
Submitted: 21 Jun 2010 13:22 Modified: 15 Oct 2010 13:24
Reporter: Alexey Kopytov Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: General Severity:S1 (Critical)
Version:4.1, 5.0, 5.1, 5.6.99 bzr OS:Any
Assigned to: Alexey Kopytov
Triage: Triaged: D1 (Critical)

[21 Jun 2010 13:22] Alexey Kopytov
Description:
thread_alarm() which is used as a signal handler for SIGUSR1 re-establishes itself as a handler for that signal:

#ifdef DONT_REMEMBER_SIGNAL
  my_sigset(sig,thread_alarm);          /* int. thread system calls */
#endif

DONT_REMEMBER_SIGNAL is defined for any non-BSD platform, so it is assumed that any non-BSD platform upon entering a signal handler resets the handler for the signal being handled to the default one. That, however, is not true for modern Linux and Solaris, at least, see "man sigaction" (whish is what we use to define handlers on Linux/Solaris) or "man signal" (for some historical references).

We also do handler redefinition in other signal handlers: process_alarm() and print_signal_warning(). However the SIGUSR1 handler is the most frequently called one on workloads with large number of threads.

How to repeat:
Look in the code.

Suggested fix:
Do not redefine the handler on platforms where sigaction() is used. POSIX requires that the signal handler defined with sigaction() is not reset unless the SA_RESETHAND flag is used.
[22 Jun 2010 6:04] Sveta Smirnova
Thank you for the report.

Verified as described.
[23 Jun 2010 6:25] Shane Bester
this is not a DoS vector!
[23 Jun 2010 13:00] Kristofer Pettersson
Security Team Response: This bug does not qualify for a Severity level and gets a very low CVSS score.
[1 Jul 2010 8:02] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/112643

3438 Alexey Kopytov	2010-07-01
      Bug#54667: Unnecessary signal handler redefinition
      
      POSIX requires that a signal handler defined with sigaction()
      is not reset on delivering a signal unless SA_NODEFER or
      SA_RESETHAND is set. It is therefore unnecessary to redefine
      the handler on signal delivery on platforms where sigaction()
      is used without those flags.
     @ include/my_alarm.h
        Renamed DONT_REMEMBER_SIGNAL ->
        SIGNAL_HANDLER_RESET_ON_DELIVERY.
     @ include/my_global.h
        Renamed DONT_REMEMBER_SIGNAL ->
        SIGNAL_HANDLER_RESET_ON_DELIVERY. The latter is now defined
        only on non-BSD platforms missing the POSIX sigaction()
        function.
     @ libmysql/libmysql.c
        Renamed DONT_REMEMBER_SIGNAL ->
        SIGNAL_HANDLER_RESET_ON_DELIVERY
     @ mysys/thr_alarm.c
        Renamed DONT_REMEMBER_SIGNAL ->
        SIGNAL_HANDLER_RESET_ON_DELIVERY
     @ sql/mysqld.cc
        Renamed DONT_REMEMBER_SIGNAL ->
        SIGNAL_HANDLER_RESET_ON_DELIVERY
[19 Jul 2010 14:34] Bugs System
Pushed into 5.1.49 (revid:build@mysql.com-20100719143034-omcma40sblwmay3x) (version source revid:alexey.kopytov@sun.com-20100701081035-3m33lhtoo5kjynz6) (merge vers: 5.1.48) (pib:16)
[20 Jul 2010 14:06] Paul Dubois
Noted in 5.1.49 changelog.

A signal-handler redefinition for SIGUSR1 was removed. The
redefinition could cause the server to encounter a kernel deadlock on 
Solaris when there are many active threads. Other POSIX platforms
might also be affected. 

Setting report to Need Merge pending further pushes.
[23 Jul 2010 12:27] Bugs System
Pushed into mysql-trunk 5.5.6-m3 (revid:alik@sun.com-20100723121820-jryu2fuw3pc53q9w) (version source revid:vasil.dimov@oracle.com-20100531152341-x2d4hma644icamh1) (merge vers: 5.5.5-m3) (pib:18)
[23 Jul 2010 12:34] Bugs System
Pushed into mysql-next-mr (revid:alik@sun.com-20100723121929-90e9zemk3jkr2ocy) (version source revid:vasil.dimov@oracle.com-20100531152341-x2d4hma644icamh1) (pib:18)
[23 Jul 2010 17:12] Paul Dubois
Noted in 5.5.6 changelog.
[14 Oct 2010 8:39] Bugs System
Pushed into mysql-5.1-telco-7.0 5.1.51-ndb-7.0.20 (revid:martin.skold@mysql.com-20101014082627-jrmy9xbfbtrebw3c) (version source revid:vasil.dimov@oracle.com-20100531152341-x2d4hma644icamh1) (merge vers: 5.5.5-m3) (pib:21)
[14 Oct 2010 8:54] Bugs System
Pushed into mysql-5.1-telco-6.3 5.1.51-ndb-6.3.39 (revid:martin.skold@mysql.com-20101014083757-5qo48b86d69zjvzj) (version source revid:vasil.dimov@oracle.com-20100531152341-x2d4hma644icamh1) (merge vers: 5.5.5-m3) (pib:21)
[14 Oct 2010 9:11] Bugs System
Pushed into mysql-5.1-telco-6.2 5.1.51-ndb-6.2.19 (revid:martin.skold@mysql.com-20101014084420-y54ecj85j5we27oa) (version source revid:vasil.dimov@oracle.com-20100531152341-x2d4hma644icamh1) (merge vers: 5.5.5-m3) (pib:21)
[15 Oct 2010 13:24] Jon Stephens
Already documented in the 5.1.49 changelog. Reverting to Closed state.