From patchwork Mon Jul 31 22:03:40 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Max Filippov <jcmvbkbc@gmail.com>
X-Patchwork-Id: 1815277
Return-Path: <devel-bounces@uclibc-ng.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=uclibc-ng.org
 (client-ip=2a00:1828:2000:679::23; helo=helium.openadk.org;
 envelope-from=devel-bounces@uclibc-ng.org; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20221208 header.b=NvZ6X+r1;
	dkim-atps=neutral
Received: from helium.openadk.org (helium.openadk.org
 [IPv6:2a00:1828:2000:679::23])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4RFC2L0CS0z1yfG
	for <incoming@patchwork.ozlabs.org>; Tue,  1 Aug 2023 08:04:24 +1000 (AEST)
Received: from helium.openadk.org (localhost [IPv6:::1])
	by helium.openadk.org (Postfix) with ESMTP id 2A6B1352BD50;
	Tue,  1 Aug 2023 00:04:13 +0200 (CEST)
Authentication-Results: helium.openadk.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20221208 header.b=NvZ6X+r1;
	dkim-atps=neutral
Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com
 [209.85.214.177])
	by helium.openadk.org (Postfix) with ESMTPS id D8758352068E
	for <devel@uclibc-ng.org>; Tue,  1 Aug 2023 00:03:51 +0200 (CEST)
Received: by mail-pl1-f177.google.com with SMTP id
 d9443c01a7336-1bbf3da0ea9so19525695ad.2
        for <devel@uclibc-ng.org>; Mon, 31 Jul 2023 15:03:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1690841029; x=1691445829;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=UQztxdboSHeTXHK62YO4IOgvKxu0Cd3nyY9Xza/QzRs=;
        b=NvZ6X+r1i9hLicECAXq1RZlswMVcPVEszR1aiPpNEHjBA1YfDyxnH61RCg/l/g05zV
         K1u6Jo2HP/Fwfs0rAOfmgD35CHe8Umad2+GYQY+4oVuZ6mwyQrlHH6ES13/2WU1Q7BIo
         AchOClG3HFX4ikSUlu3jJQux8CdfAm4jKH2I3SYFxaQiWjbGl9CPCi4RNjluDNQOjdHw
         0l1rV2mhTI4HSHNDeiZoaDACalsijoBDZvenFnoBhiapPTSSfY9qIDgvVIcjk24j/UTI
         trb4u6F+h9wXFGiey4T+G+T2+4m4aQNEo+4eD1ub68pTMirJvKJFVIGebatXEI9lG48w
         anLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1690841029; x=1691445829;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=UQztxdboSHeTXHK62YO4IOgvKxu0Cd3nyY9Xza/QzRs=;
        b=VO4bxlNuOgg3i90KJIBlNtKsl9zTZefsofSWJMcIhK4PUlxZLPgpnTPSTHv6GZzNZ1
         uTAOdLTKQaIXQOQkFQwi7eEyZnpGyyynqvk+2pOcmpM2J/P3ZZwRQbaPaVb7GBIX9dPe
         TidiVAfqG53oqsVzxrT8SUTMiMi3hWi1GnUJeBD1N4A7nfZaL/kWR8wO9tVHe3bAr/Io
         0dfMoLF+gsM+naHpiDF7j4built7VqTHK5rPOd/K0UdRx19jbsIKsf9sysWkMVsQ9CC9
         dOFjeLFli/lVdfgUb4ABoZ12uP8my6k3SCkqQRkXJsZO6InCG75MxBoRIFKoi4i1HqO0
         0X3A==
X-Gm-Message-State: ABy/qLaxNCLPceN4yqPBLsPShZq3TGyrlqyhawlVJ+EnSLPY83iwKNrL
	zNfobHbxf5+3BaEV8XcSilxYF3H167E=
X-Google-Smtp-Source: 
 APBJJlEOwPaj6X9afmAtynO/I4fJ6Lxs/eAK586ddKl9apdzK+E7OzCxtCplyj5CNqcoCkrIrBI0yQ==
X-Received: by 2002:a17:902:e885:b0:1bb:b2f7:e058 with SMTP id
 w5-20020a170902e88500b001bbb2f7e058mr11222630plg.52.1690841029380;
        Mon, 31 Jul 2023 15:03:49 -0700 (PDT)
Received: from octofox.hsd1.ca.comcast.net
 ([2601:646:a201:19d0:e752:cba6:262f:7ad7])
        by smtp.gmail.com with ESMTPSA id
 t10-20020a170902b20a00b001b83db0bcf2sm9059016plr.141.2023.07.31.15.03.48
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 31 Jul 2023 15:03:49 -0700 (PDT)
From: Max Filippov <jcmvbkbc@gmail.com>
To: devel@uclibc-ng.org
Date: Mon, 31 Jul 2023 15:03:40 -0700
Message-Id: <20230731220340.1487276-1-jcmvbkbc@gmail.com>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Message-ID-Hash: U7Q7TS25FMUY3NE7FNBQ7GZ35MJAQT7I
X-Message-ID-Hash: U7Q7TS25FMUY3NE7FNBQ7GZ35MJAQT7I
X-MailFrom: jcmvbkbc@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.3
Precedence: list
Subject: [uclibc-ng-devel] [PATCH] linuxthreads/signal: improve sigaction
 behavior
List-Id: uClibc-ng Development <devel.uclibc-ng.org>
Archived-At: 
 <https://uclibc-ng.org/mailman3/hyperkitty/list/devel@uclibc-ng.org/message/U7Q7TS25FMUY3NE7FNBQ7GZ35MJAQT7I/>
List-Archive: 
 <https://uclibc-ng.org/mailman3/hyperkitty/list/devel@uclibc-ng.org/>
List-Help: <mailto:devel-request@uclibc-ng.org?subject=help>
List-Owner: <mailto:devel-owner@uclibc-ng.org>
List-Post: <mailto:devel@uclibc-ng.org>
List-Subscribe: <mailto:devel-join@uclibc-ng.org>
List-Unsubscribe: <mailto:devel-leave@uclibc-ng.org>

Setting signal handler in the kernel and then updating sighandler[sig]
results in a crash if a signal which handler is being changed from
SIG_DFL to a non-default was pending. Improve the race a little and
update the sighandler[sig] before the sigaction syscall. It doesn't
eliminate the race entirely, but fixes this particular failing case.

E.g. this fixes the 100% reproducible segfault in the busybox hush shell
built with FEATURE_EDITING_WINCH on ssh client's terminal window resize,
but in that case there's one more even bigger issue: busybox calls
sigaction with both old and new signal pointers pointing to the same
structure instance, as a result act->sa_handler after the sigaction
syscall is not what the user requested, but the previous handler.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
 libpthread/linuxthreads/signals.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/libpthread/linuxthreads/signals.c b/libpthread/linuxthreads/signals.c
index 0c0f2b6b1d2a..0cde54a16d27 100644
--- a/libpthread/linuxthreads/signals.c
+++ b/libpthread/linuxthreads/signals.c
@@ -134,6 +134,7 @@ int sigaction(int sig, const struct sigaction * act,
 {
   struct sigaction newact;
   struct sigaction *newactp;
+  void *save;
 
 #ifdef DEBUG_PT
 printf(__FUNCTION__": pthreads wrapper!\n");
@@ -142,6 +143,8 @@ printf(__FUNCTION__": pthreads wrapper!\n");
       sig == __pthread_sig_cancel ||
       (sig == __pthread_sig_debug && __pthread_sig_debug > 0))
     return EINVAL;
+  if (sig > 0 && sig < NSIG)
+    save = sighandler[sig].old;
   if (act)
     {
       newact = *act;
@@ -154,22 +157,24 @@ printf(__FUNCTION__": pthreads wrapper!\n");
 	    newact.sa_handler = (__sighandler_t) pthread_sighandler;
 	}
       newactp = &newact;
+      if (sig > 0 && sig < NSIG)
+	sighandler[sig].old = (arch_sighandler_t) act->sa_handler;
     }
   else
     newactp = NULL;
   if (__libc_sigaction(sig, newactp, oact) == -1)
-    return -1;
+    {
+      if (act && sig > 0 && sig < NSIG)
+	sighandler[sig].old = save;
+      return -1;
+    }
 #ifdef DEBUG_PT
 printf(__FUNCTION__": sighandler installed, sigaction successful\n");
 #endif
   if (sig > 0 && sig < NSIG)
     {
       if (oact != NULL)
-	oact->sa_handler = (__sighandler_t) sighandler[sig].old;
-      if (act)
-	/* For the assignment is does not matter whether it's a normal
-	   or real-time signal.  */
-	sighandler[sig].old = (arch_sighandler_t) act->sa_handler;
+	oact->sa_handler = save;
     }
   return 0;
 }