diff options
| author | Joakim Hulthe <joakim.hulthe@mullvad.net> | 2024-11-13 10:22:00 +0100 |
|---|---|---|
| committer | Joakim Hulthe <joakim.hulthe@mullvad.net> | 2024-11-26 13:31:13 +0100 |
| commit | 853c849c77f1ca40e7b1a43d7a4515eeadf79d25 (patch) | |
| tree | 261e8965fd80348b2649216026705648222ced02 /android | |
| parent | 4577aea9630bd1693f0657f0e13cec034a96ceae (diff) | |
| download | mullvadvpn-853c849c77f1ca40e7b1a43d7a4515eeadf79d25.tar.xz mullvadvpn-853c849c77f1ca40e7b1a43d7a4515eeadf79d25.zip | |
Make unix signal-handler signal-safe
Other changes:
- Re-enable the signal handler in release-builds.
- Disable backtrace printing by default since it's not signal-safe.
- Add `MULLVAD_BACKTRACE_ON_FAULT` env variable to enable backtracing.
- Remove the alternate signal stack. The reasons for this are:
- Setting up an alt-stack in a safe way is not trivial, our previous
attempt was unsound in the presence of stack overflows. It can be
done safely with mmap, but would require careful review.
- The alt-stack is thread-local, meaning it would need to be
initialized on a per-thread basis. We would need to hook into tokio
and std::thread::spawn to be able to get good coverage, and even
then there would no good way to ensure that *all* threads have an
alternate stack, except that...
- Rust (by default) allocates an alternate stack for every thread.
Unfortunately, the prescence of Go code in our linked binary
disables this feature. IMO, we should strive towards not having any
Go code linked into the daemon for this reason.
Diffstat (limited to 'android')
0 files changed, 0 insertions, 0 deletions