From 269d193820342dc109f39909d78fb30f4c978f76 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Thu, 9 Feb 2023 11:52:44 -0500 Subject: fix wrong sigaction syscall ABI on mips*, or1k, microblaze, riscv64 we wrongly defined a dummy SA_RESTORER flag on these archs, despite the kernel interface not actually having such a feature. on archs which lack SA_RESTORER, the kernel sigaction structure also lacks the restorer function pointer member, which means the signal mask appears at a different offset. the kernel was thereby interpreting the bits of the code address as part of the signal set to be masked while handling the signal. this patch removes the erroneous SA_RESTORER definitions from archs which do not have it, makes access to the member conditional on whether SA_RESTORER is defined for the arch, and removes the now-unused asm for the affected archs. because there are reportedly versions of qemu-user which also use the wrong ABI here, the old ksigaction struct size is preserved with an unused member at the end. this is harmless and mitigates the risk of such a bug turning into a buffer overflow onto the sigaction function's stack. --- src/signal/mips/restore.s | 15 --------------- src/signal/mips64/restore.s | 11 ----------- src/signal/mipsn32/restore.s | 11 ----------- src/signal/sigaction.c | 5 ++++- 4 files changed, 4 insertions(+), 38 deletions(-) delete mode 100644 src/signal/mips/restore.s delete mode 100644 src/signal/mips64/restore.s delete mode 100644 src/signal/mipsn32/restore.s (limited to 'src/signal') diff --git a/src/signal/mips/restore.s b/src/signal/mips/restore.s deleted file mode 100644 index b6dadce0..00000000 --- a/src/signal/mips/restore.s +++ /dev/null @@ -1,15 +0,0 @@ -.set noreorder - -.global __restore_rt -.hidden __restore_rt -.type __restore_rt,@function -__restore_rt: - li $2, 4193 - syscall - -.global __restore -.hidden __restore -.type __restore,@function -__restore: - li $2, 4119 - syscall diff --git a/src/signal/mips64/restore.s b/src/signal/mips64/restore.s deleted file mode 100644 index 401f8e73..00000000 --- a/src/signal/mips64/restore.s +++ /dev/null @@ -1,11 +0,0 @@ -.set noreorder -.global __restore_rt -.global __restore -.hidden __restore_rt -.hidden __restore -.type __restore_rt,@function -.type __restore,@function -__restore_rt: -__restore: - li $2,5211 - syscall diff --git a/src/signal/mipsn32/restore.s b/src/signal/mipsn32/restore.s deleted file mode 100644 index 4cd4e1b4..00000000 --- a/src/signal/mipsn32/restore.s +++ /dev/null @@ -1,11 +0,0 @@ -.set noreorder -.global __restore_rt -.global __restore -.hidden __restore_rt -.hidden __restore -.type __restore_rt,@function -.type __restore,@function -__restore_rt: -__restore: - li $2,6211 - syscall diff --git a/src/signal/sigaction.c b/src/signal/sigaction.c index 2203471b..e45308fa 100644 --- a/src/signal/sigaction.c +++ b/src/signal/sigaction.c @@ -44,8 +44,11 @@ int __libc_sigaction(int sig, const struct sigaction *restrict sa, struct sigact } } ksa.handler = sa->sa_handler; - ksa.flags = sa->sa_flags | SA_RESTORER; + ksa.flags = sa->sa_flags; +#ifdef SA_RESTORER + ksa.flags |= SA_RESTORER; ksa.restorer = (sa->sa_flags & SA_SIGINFO) ? __restore_rt : __restore; +#endif memcpy(&ksa.mask, &sa->sa_mask, _NSIG/8); } int r = __syscall(SYS_rt_sigaction, sig, sa?&ksa:0, old?&ksa_old:0, _NSIG/8); -- cgit 1.4.1