From patchwork Tue Jan 15 20:05:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Zack Weinberg X-Patchwork-Id: 1025416 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=sourceware.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=libc-alpha-return-99284-incoming=patchwork.ozlabs.org@sourceware.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=panix.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.b="D93llXzf"; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 43fLth45LRz9sBQ for ; Wed, 16 Jan 2019 07:05:48 +1100 (AEDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:cc:subject:date:message-id :mime-version:content-type:content-transfer-encoding; q=dns; s= default; b=LhyGBEsE7SG8urz1uIOkv8DCNP81+RYRRxeZ8odIKJx4n/+9K0sm5 ymIsSkL0rgZUMUooxK5lO+a7CiRYJn1ktUWBGOIRM6W3jRW9k0c6PrsOdsM0tYEX B1n80Mu0DcPpI9RcORXtqowL8lrHSJqMiCkMpIXD68m+2XBWek0VfY= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:cc:subject:date:message-id :mime-version:content-type:content-transfer-encoding; s=default; bh=6u7NQQUfN8vmhqM3Y4wEUXLDTPE=; b=D93llXzf1tNEUKv0pk3gidVxUN8E 4GD5OY7ROpWC+w1rinAK1cGRV0yCNASBhl8ZIpTP2lRVnGdpEk7DNesDMVC/4+GV moFEIynWWABYwxIpsHZecSg9SsyiwoKKexrap1vWtgvx6BUvfWm5Rs5LG+PhuvWk s2j/cnm3zj4nyeU= Received: (qmail 103503 invoked by alias); 15 Jan 2019 20:05:39 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 103374 invoked by uid 89); 15 Jan 2019 20:05:38 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: =?iso-8859-1?q?No=2C_score=3D-26=2E9_required=3D5=2E?= =?iso-8859-1?q?0_tests=BAYES_00=2CGIT_PATCH_0=2CGIT_PATCH_1=2CGIT_?= =?iso-8859-1?q?PATCH_2=2CGIT_PATCH_3=2CKAM_SHORT=2CSPF_PASS_autole?= =?iso-8859-1?q?arn=3Dham_version=3D3=2E3=2E2_spammy=DEactivate=2C_?= =?iso-8859-1?q?mib=2C_won=E2=2C_*set?= X-HELO: mailbackend.panix.com From: Zack Weinberg To: libc-alpha@sourceware.org Cc: carlos@redhat.com Subject: [PATCH] Tests for minimal signal handler functionality in MINSIGSTKSZ space. Date: Tue, 15 Jan 2019 15:05:26 -0500 Message-Id: <20190115200526.4677-1-zackw@panix.com> MIME-Version: 1.0 We don’t have a full conclusion about the way forward for alternate signal stacks yet, but the notion that the very short list of things that ISO C says you can do in an async signal handler should all work in MINSIGSTKSZ space seemed to be well-received. As a first step, therefore, I propose to add tests to make sure those things do work. To facilitate this, there is a new set of test support routines for setting up alternate signal stacks; see support/xsignal.h for the API. All of these tests pass on x86-64. build-many-glibcs won’t tell us anything additional; the tests need to be run. * support/xsignal.h (xalloc_sigstack, xfree_sigstack) (xget_sigstack_location): New test support functions. * support/xsigstack.c: New file, implementing them. * support/tst-xsigstack.c: New test for them. * support/Makefile: Update. * signal/tst-minsigstksz-1.c * signal/tst-minsigstksz-2.c * signal/tst-minsigstksz-3.c * signal/tst-minsigstksz-3a.c * signal/tst-minsigstksz-4.c: New tests. * signal/Makefile: Run them. Reviewed-by: Carlos O'Donell Reviewed-by: Carlos O'Donell --- signal/Makefile | 2 + signal/tst-minsigstksz-1.c | 131 ++++++++++++++++++++++++++++++++++++ signal/tst-minsigstksz-2.c | 66 ++++++++++++++++++ signal/tst-minsigstksz-3.c | 64 ++++++++++++++++++ signal/tst-minsigstksz-3a.c | 69 +++++++++++++++++++ signal/tst-minsigstksz-4.c | 65 ++++++++++++++++++ support/Makefile | 2 + support/tst-xsigstack.c | 64 ++++++++++++++++++ support/xsignal.h | 18 +++++ support/xsigstack.c | 95 ++++++++++++++++++++++++++ 10 files changed, 576 insertions(+) create mode 100644 signal/tst-minsigstksz-1.c create mode 100644 signal/tst-minsigstksz-2.c create mode 100644 signal/tst-minsigstksz-3.c create mode 100644 signal/tst-minsigstksz-3a.c create mode 100644 signal/tst-minsigstksz-4.c create mode 100644 support/tst-xsigstack.c create mode 100644 support/xsigstack.c diff --git a/signal/Makefile b/signal/Makefile index aa63434f47..d5a10d590d 100644 --- a/signal/Makefile +++ b/signal/Makefile @@ -47,6 +47,8 @@ routines := signal raise killpg \ tests := tst-signal tst-sigset tst-sigsimple tst-raise tst-sigset2 \ tst-sigwait-eintr tst-sigaction \ + tst-minsigstksz-1 tst-minsigstksz-2 tst-minsigstksz-3 \ + tst-minsigstksz-3a tst-minsigstksz-4 \ include ../Rules diff --git a/signal/tst-minsigstksz-1.c b/signal/tst-minsigstksz-1.c new file mode 100644 index 0000000000..00344d5fbf --- /dev/null +++ b/signal/tst-minsigstksz-1.c @@ -0,0 +1,131 @@ +/* Tests of signal delivery on an alternate stack (nonlethal). + Copyright (C) 2019 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include + +/* C2011 7.4.1.1p5 specifies that only the following operations are + guaranteed to be well-defined inside an asynchronous signal handler: + * any operation on a lock-free atomic object + * assigning a value to an object declared as volatile sig_atomic_t + * calling abort, _Exit, quick_exit, or signal + * signal may only be called with its first argument equal to the + number of the signal that caused the handler to be called + + We use this list as a guideline for the set of operations that ought + also to be safe in a _synchronous_ signal delivered on an alternate + signal stack with only MINSIGSTKSZ bytes of space. + + This test program tests all of the above operations that do not, + one way or another, cause the program to be terminated. */ + +/* We do not try to test atomic operations exhaustively, only a simple + atomic counter increment. This is only safe if atomic_[u]int is + unconditionally lock-free. */ +#ifdef __STDC_NO_ATOMICS__ +# define TEST_ATOMIC_OPS 0 +#else +# include +# if ATOMIC_INT_LOCK_FREE != 2 +# define TEST_ATOMIC_OPS 0 +# else +# define TEST_ATOMIC_OPS 1 +# endif +#endif + +static volatile sig_atomic_t signal_flag = 0; +static volatile sig_atomic_t signal_err = 0; +static void +handler_set_flag (int unused) +{ + signal_flag = 1; +} + +static void +handler_set_flag_once (int sig) +{ + signal_flag = 1; + if (signal (sig, SIG_IGN) == SIG_ERR) + /* It is not safe to call FAIL_EXIT1 here. Set another flag instead. */ + signal_err = 1; +} + +#if TEST_ATOMIC_OPS +static atomic_uint signal_count = 0; +static void +handler_count_up_1 (int unused) +{ + atomic_fetch_add (&signal_count, 1); +} +#endif + +int +do_test (void) +{ + void *sstk = xalloc_sigstack (0); + struct sigaction sa; + + /* Test 1: setting a volatile sig_atomic_t flag. */ + sa.sa_handler = handler_set_flag; + sa.sa_flags = SA_RESTART | SA_ONSTACK; + sigfillset (&sa.sa_mask); + if (sigaction (SIGUSR1, &sa, 0)) + FAIL_EXIT1 ("sigaction (SIGUSR1, handler_set_flag): %m\n"); + + TEST_VERIFY_EXIT (signal_flag == 0); + raise (SIGUSR1); + TEST_VERIFY_EXIT (signal_flag == 1); + signal_flag = 0; + raise (SIGUSR1); + TEST_VERIFY_EXIT (signal_flag == 1); + signal_flag = 0; + + /* Test 1: setting a volatile sig_atomic_t flag and then ignoring + further delivery of the signal. */ + sa.sa_handler = handler_set_flag_once; + if (sigaction (SIGUSR1, &sa, 0)) + FAIL_EXIT1 ("sigaction (SIGUSR1, handler_set_flag_once): %m\n"); + + raise (SIGUSR1); + TEST_VERIFY_EXIT (signal_flag == 1); + /* Note: if signal_err is 1, a system call failed, but we can't + report the error code because errno is indeterminate. */ + TEST_VERIFY_EXIT (signal_err == 0); + + signal_flag = 0; + raise (SIGUSR1); + TEST_VERIFY_EXIT (signal_flag == 0); + TEST_VERIFY_EXIT (signal_err == 0); + +#if TEST_ATOMIC_OPS + sa.sa_handler = handler_count_up_1; + if (sigaction (SIGUSR1, &sa, 0)) + FAIL_EXIT1 ("sigaction (SIGUSR1, handler_count_up_1): %m\n"); + + raise (SIGUSR1); + TEST_VERIFY_EXIT (atomic_load (&signal_count) == 1); + raise (SIGUSR1); + TEST_VERIFY_EXIT (atomic_load (&signal_count) == 2); +#endif + + xfree_sigstack (sstk); + return 0; +} + +#include diff --git a/signal/tst-minsigstksz-2.c b/signal/tst-minsigstksz-2.c new file mode 100644 index 0000000000..3368dde6b8 --- /dev/null +++ b/signal/tst-minsigstksz-2.c @@ -0,0 +1,66 @@ +/* Tests of signal delivery on an alternate stack (abort). + Copyright (C) 2019 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +/* C2011 7.4.1.1p5 specifies that only the following operations are + guaranteed to be well-defined inside an asynchronous signal handler: + * any operation on a lock-free atomic object + * assigning a value to an object declared as volatile sig_atomic_t + * calling abort, _Exit, quick_exit, or signal + * signal may only be called with its first argument equal to the + number of the signal that caused the handler to be called + + We use this list as a guideline for the set of operations that ought + also to be safe in a _synchronous_ signal delivered on an alternate + signal stack with only MINSIGSTKSZ bytes of space. + + This test program tests calls to abort. Note that it does _not_ + install a handler for SIGABRT, because that signal would also be + delivered on the alternate stack and MINSIGSTKSZ does not provide + enough space for delivery of nested signals. */ + +static void +handler (int unused) +{ + abort (); +} + +int +do_test (void) +{ + void *sstk = xalloc_sigstack (0); + struct sigaction sa; + + sa.sa_handler = handler; + sa.sa_flags = SA_RESTART | SA_ONSTACK; + sigfillset (&sa.sa_mask); + if (sigaction (SIGUSR1, &sa, 0)) + FAIL_RET ("sigaction (SIGUSR1, handler): %m\n"); + + raise (SIGUSR1); + + xfree_sigstack (sstk); + FAIL_RET ("test process was not terminated by abort in signal handler"); +} + +#define EXPECTED_SIGNAL SIGABRT +#include diff --git a/signal/tst-minsigstksz-3.c b/signal/tst-minsigstksz-3.c new file mode 100644 index 0000000000..a8d9a6369c --- /dev/null +++ b/signal/tst-minsigstksz-3.c @@ -0,0 +1,64 @@ +/* Tests of signal delivery on an alternate stack (_Exit). + Copyright (C) 2019 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +/* C2011 7.4.1.1p5 specifies that only the following operations are + guaranteed to be well-defined inside an asynchronous signal handler: + * any operation on a lock-free atomic object + * assigning a value to an object declared as volatile sig_atomic_t + * calling abort, _Exit, quick_exit, or signal + * signal may only be called with its first argument equal to the + number of the signal that caused the handler to be called + + We use this list as a guideline for the set of operations that ought + also to be safe in a _synchronous_ signal delivered on an alternate + signal stack with only MINSIGSTKSZ bytes of space. + + This test program tests calls to _Exit. */ + +#define EXPECTED_STATUS 3 + +static void +handler (int unused) +{ + _Exit (EXPECTED_STATUS); +} + +int +do_test (void) +{ + void *sstk = xalloc_sigstack (0); + struct sigaction sa; + + sa.sa_handler = handler; + sa.sa_flags = SA_RESTART | SA_ONSTACK; + sigfillset (&sa.sa_mask); + if (sigaction (SIGUSR1, &sa, 0)) + FAIL_RET ("sigaction (SIGUSR1, handler): %m\n"); + + raise (SIGUSR1); + + xfree_sigstack (sstk); + FAIL_RET ("test process was not terminated by _Exit in signal handler"); +} + +#include diff --git a/signal/tst-minsigstksz-3a.c b/signal/tst-minsigstksz-3a.c new file mode 100644 index 0000000000..b58b8d01ba --- /dev/null +++ b/signal/tst-minsigstksz-3a.c @@ -0,0 +1,69 @@ +/* Tests of signal delivery on an alternate stack (_exit). + Copyright (C) 2019 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +/* C2011 7.4.1.1p5 specifies that only the following operations are + guaranteed to be well-defined inside an asynchronous signal handler: + * any operation on a lock-free atomic object + * assigning a value to an object declared as volatile sig_atomic_t + * calling abort, _Exit, quick_exit, or signal + * signal may only be called with its first argument equal to the + number of the signal that caused the handler to be called + + We use this list as a guideline for the set of operations that ought + also to be safe in a _synchronous_ signal delivered on an alternate + signal stack with only MINSIGSTKSZ bytes of space. + + This test program tests calls to _exit, which is the same function + as _Exit, but specified by POSIX rather than ISO C. For reasons + unknown to the author of this program, the C committee did not + think it could standardize _exit under that name; regardless, in a + POSIX-conformant environment, they should be completely + interchangeable. */ + +#define EXPECTED_STATUS 3 + +static void +handler (int unused) +{ + _exit (EXPECTED_STATUS); +} + +int +do_test (void) +{ + void *sstk = xalloc_sigstack (0); + struct sigaction sa; + + sa.sa_handler = handler; + sa.sa_flags = SA_RESTART | SA_ONSTACK; + sigfillset (&sa.sa_mask); + if (sigaction (SIGUSR1, &sa, 0)) + FAIL_RET ("sigaction (SIGUSR1, handler): %m\n"); + + raise (SIGUSR1); + + xfree_sigstack (sstk); + FAIL_RET ("test process was not terminated by _exit in signal handler"); +} + +#include diff --git a/signal/tst-minsigstksz-4.c b/signal/tst-minsigstksz-4.c new file mode 100644 index 0000000000..0dc63b4dd4 --- /dev/null +++ b/signal/tst-minsigstksz-4.c @@ -0,0 +1,65 @@ +/* Tests of signal delivery on an alternate stack (quick_exit). + Copyright (C) 2019 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +/* C2011 7.4.1.1p5 specifies that only the following operations are + guaranteed to be well-defined inside an asynchronous signal handler: + * any operation on a lock-free atomic object + * assigning a value to an object declared as volatile sig_atomic_t + * calling abort, _Exit, quick_exit, or signal + * signal may only be called with its first argument equal to the + number of the signal that caused the handler to be called + + We use this list as a guideline for the set of operations that ought + also to be safe in a _synchronous_ signal delivered on an alternate + signal stack with only MINSIGSTKSZ bytes of space. + + This test program tests calls to quick_exit. Note that this is only + safe when there are no at_quick_exit callbacks. */ + +#define EXPECTED_STATUS 3 + +static void +handler (int unused) +{ + quick_exit (EXPECTED_STATUS); +} + +int +do_test (void) +{ + void *sstk = xalloc_sigstack (0); + struct sigaction sa; + + sa.sa_handler = handler; + sa.sa_flags = SA_RESTART | SA_ONSTACK; + sigfillset (&sa.sa_mask); + if (sigaction (SIGUSR1, &sa, 0)) + FAIL_RET ("sigaction (SIGUSR1, handler): %m\n"); + + raise (SIGUSR1); + + xfree_sigstack (sstk); + FAIL_RET ("test process was not terminated by quick_exit in signal handler"); +} + +#include diff --git a/support/Makefile b/support/Makefile index 93a5143016..7fb2de8cee 100644 --- a/support/Makefile +++ b/support/Makefile @@ -145,6 +145,7 @@ libsupport-routines = \ xsetsockopt \ xsigaction \ xsignal \ + xsigstack \ xsocket \ xstrdup \ xstrndup \ @@ -205,6 +206,7 @@ tests = \ tst-test_compare_blob \ tst-test_compare_string \ tst-xreadlink \ + tst-xsigstack \ ifeq ($(run-built-tests),yes) tests-special = \ diff --git a/support/tst-xsigstack.c b/support/tst-xsigstack.c new file mode 100644 index 0000000000..42859c79e9 --- /dev/null +++ b/support/tst-xsigstack.c @@ -0,0 +1,64 @@ +/* Test of sigaltstack wrappers. + Copyright (C) 2019 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +#include +#include + +static volatile uintptr_t handler_stackaddr; + +static void +handler (int unused) +{ + int var; + handler_stackaddr = (uintptr_t) &var; +} + +int +do_test (void) +{ + void *sstk = xalloc_sigstack (0); + + unsigned char *sp; + size_t size; + xget_sigstack_location (sstk, &sp, &size); + printf ("signal stack installed: sp=%p size=%zu\n", sp, size); + + struct sigaction sa; + sa.sa_handler = handler; + sa.sa_flags = SA_RESTART | SA_ONSTACK; + sigfillset (&sa.sa_mask); + if (sigaction (SIGUSR1, &sa, 0)) + FAIL_RET ("sigaction (SIGUSR1, handler): %m\n"); + + raise (SIGUSR1); + + uintptr_t haddr = handler_stackaddr; + printf ("address of handler local variable: %p\n", (void *)haddr); + TEST_VERIFY ((uintptr_t)sp < haddr); + TEST_VERIFY (haddr < (uintptr_t)sp + size); + + xfree_sigstack (sstk); + return 0; +} + +#include diff --git a/support/xsignal.h b/support/xsignal.h index 9ab8d1bfdd..3cf2a6e434 100644 --- a/support/xsignal.h +++ b/support/xsignal.h @@ -37,6 +37,24 @@ void xsigaction (int sig, const struct sigaction *newact, void xpthread_sigmask (int how, const sigset_t *set, sigset_t *oldset); +/* Allocate and activate an alternate signal stack. This stack will + have at least MINSIGSTKSZ + size bytes of space, rounded up to a + whole number of pages. There will be large (at least 1 MiB) + inaccessible guard bands on either side of it. The return value is + a cookie that can be passed to xfree_sigstack to deactivate and + deallocate the stack again. + It is _not_ necessary to call sigaltstack() after calling this function. + Terminates the process on error. */ +void *xalloc_sigstack (size_t size); + +/* Deactivate and deallocate a signal stack created by xalloc_sigstack. */ +void xfree_sigstack (void *stack); + +/* Extract the actual address and size of the alternate signal stack from + the cookie returned by xalloc_sigstack. */ +void xget_sigstack_location (const void *stack, unsigned char **addrp, + size_t *sizep); + __END_DECLS #endif /* SUPPORT_SIGNAL_H */ diff --git a/support/xsigstack.c b/support/xsigstack.c new file mode 100644 index 0000000000..74b459e2e6 --- /dev/null +++ b/support/xsigstack.c @@ -0,0 +1,95 @@ +/* sigaltstack wrappers. + Copyright (C) 2019 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +#include +#include +#include +#include /* roundup, MAX */ + +/* The "cookie" returned by xalloc_sigstack points to one of these + structures. */ +struct sigstack_desc +{ + void *alloc_base; /* Base address of the complete allocation. */ + size_t alloc_size; /* Size of the complete allocation. */ + stack_t alt_stack; /* The address and size of the stack itself. */ + stack_t old_stack; /* The previous signal stack. */ +}; + +void * +xalloc_sigstack (size_t size) +{ + size_t pagesize = sysconf (_SC_PAGESIZE); + if (pagesize == -1) + FAIL_EXIT1 ("sysconf (_SC_PAGESIZE): %m\n"); + + size_t stacksize = roundup (size + MINSIGSTKSZ, pagesize); + size_t guardsize = MAX (stacksize, roundup (1024 * 1024, pagesize)); + + struct sigstack_desc *desc = xmalloc (sizeof (struct sigstack_desc)); + desc->alloc_size = guardsize + stacksize + guardsize; + /* Use MAP_NORESERVE so that RAM will not be wasted on the guard + bands; touch all the pages of the actual stack before returning, + so we know they are allocated. */ + desc->alloc_base = xmmap (0, + desc->alloc_size, + PROT_READ|PROT_WRITE, + MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE|MAP_STACK, + -1); + + xmprotect (desc->alloc_base, guardsize, PROT_NONE); + xmprotect (desc->alloc_base + guardsize + stacksize, guardsize, PROT_NONE); + memset (desc->alloc_base + guardsize, 0xA5, stacksize); + + desc->alt_stack.ss_sp = desc->alloc_base + guardsize; + desc->alt_stack.ss_flags = 0; + desc->alt_stack.ss_size = stacksize; + + if (sigaltstack (&desc->alt_stack, &desc->old_stack)) + FAIL_EXIT1 ("sigaltstack (new stack: sp=%p, size=%zu, flags=%u): %m\n", + desc->alt_stack.ss_sp, desc->alt_stack.ss_size, + desc->alt_stack.ss_flags); + + return desc; +} + +void +xfree_sigstack (void *stack) +{ + struct sigstack_desc *desc = stack; + + if (sigaltstack (&desc->old_stack, 0)) + FAIL_EXIT1 ("sigaltstack (restore old stack: sp=%p, size=%zu, flags=%u): " + "%m\n", desc->old_stack.ss_sp, desc->old_stack.ss_size, + desc->old_stack.ss_flags); + xmunmap (desc->alloc_base, desc->alloc_size); + free (desc); +} + +void +xget_sigstack_location (const void *stack, unsigned char **addrp, size_t *sizep) +{ + const struct sigstack_desc *desc = stack; + *addrp = desc->alt_stack.ss_sp; + *sizep = desc->alt_stack.ss_size; +}