diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2016-06-14 12:49:18 +0100 |
|---|---|---|
| committer | Riku Voipio <riku.voipio@linaro.org> | 2016-06-26 13:17:20 +0300 |
| commit | 1d48fdd9d84aab1bd32c1f70947932f5d90f92aa (patch) | |
| tree | dee8a5037d9909fdb0201fd60230d399ab26e899 /linux-user/signal.c | |
| parent | 435da5e7092aa54e12044b9401b42c4a9333c74d (diff) | |
| download | focaccia-qemu-1d48fdd9d84aab1bd32c1f70947932f5d90f92aa.tar.gz focaccia-qemu-1d48fdd9d84aab1bd32c1f70947932f5d90f92aa.zip | |
linux-user: Don't use sigfillset() on uc->uc_sigmask
The kernel and libc have different ideas about what a sigset_t
is -- for the kernel it is only _NSIG / 8 bytes in size (usually
8 bytes), but for libc it is much larger, 128 bytes. In most
situations the difference doesn't matter, because if you pass a
pointer to a libc sigset_t to the kernel it just acts on the first
8 bytes of it, but for the ucontext_t* argument to a signal handler
it trips us up. The kernel allocates this ucontext_t on the stack
according to its idea of the sigset_t type, but the type of the
ucontext_t defined by the libc headers uses the libc type, and
so do the manipulator functions like sigfillset(). This means that
(1) sizeof(uc->uc_sigmask) is much larger than the actual
space used on the stack
(2) sigfillset(&uc->uc_sigmask) will write garbage 0xff bytes
off the end of the structure, which can trash data that
was on the stack before the signal handler was invoked,
and may result in a crash after the handler returns
To avoid this, we use a memset() of the correct size to fill
the signal mask rather than using the libc function.
This fixes a problem where we would crash at least some of the
time on an i386 host when a signal was taken.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Diffstat (limited to 'linux-user/signal.c')
| -rw-r--r-- | linux-user/signal.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/linux-user/signal.c b/linux-user/signal.c index e2d55fff97..9d980456ec 100644 --- a/linux-user/signal.c +++ b/linux-user/signal.c @@ -636,8 +636,16 @@ static void host_signal_handler(int host_signum, siginfo_t *info, * code in case the guest code provokes one in the window between * now and it getting out to the main loop. Signals will be * unblocked again in process_pending_signals(). + * + * WARNING: we cannot use sigfillset() here because the uc_sigmask + * field is a kernel sigset_t, which is much smaller than the + * libc sigset_t which sigfillset() operates on. Using sigfillset() + * would write 0xff bytes off the end of the structure and trash + * data on the struct. + * We can't use sizeof(uc->uc_sigmask) either, because the libc + * headers define the struct field with the wrong (too large) type. */ - sigfillset(&uc->uc_sigmask); + memset(&uc->uc_sigmask, 0xff, SIGSET_T_SIZE); sigdelset(&uc->uc_sigmask, SIGSEGV); sigdelset(&uc->uc_sigmask, SIGBUS); |