From patchwork Wed Aug  2 17:49:47 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Max Filippov <jcmvbkbc@gmail.com>
X-Patchwork-Id: 1816125
Return-Path: <devel-bounces@uclibc-ng.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=uclibc-ng.org
 (client-ip=2a00:1828:2000:679::23; helo=helium.openadk.org;
 envelope-from=devel-bounces@uclibc-ng.org; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20221208 header.b=i3uQ057m;
	dkim-atps=neutral
Received: from helium.openadk.org (helium.openadk.org
 [IPv6:2a00:1828:2000:679::23])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4RGKJB10Cvz1ydk
	for <incoming@patchwork.ozlabs.org>; Thu,  3 Aug 2023 03:50:16 +1000 (AEST)
Received: from helium.openadk.org (localhost [IPv6:::1])
	by helium.openadk.org (Postfix) with ESMTP id AAE27352BD53;
	Wed,  2 Aug 2023 19:50:09 +0200 (CEST)
Authentication-Results: helium.openadk.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20221208 header.b=i3uQ057m;
	dkim-atps=neutral
Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com
 [209.85.214.175])
	by helium.openadk.org (Postfix) with ESMTPS id D0E0B352BD4A
	for <devel@uclibc-ng.org>; Wed,  2 Aug 2023 19:49:51 +0200 (CEST)
Received: by mail-pl1-f175.google.com with SMTP id
 d9443c01a7336-1bc0d39b52cso1015995ad.2
        for <devel@uclibc-ng.org>; Wed, 02 Aug 2023 10:49:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1690998590; x=1691603390;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=eWNQjTYBbbbzu7Grp6HFyE1kSyWHgtpaVff+H5nvRk8=;
        b=i3uQ057mhGRGiQN0295SiJMIjbd9Z3FgKkBObVd580c9Df2Fkm6i+oi6HSyXR8/j9Y
         iqRlwh3KrJ5XnMe5lelxZ11mMvzn5e12xmV2/0QBk2mUDdCFdHzdyRdW8yUpCaS3j8Kh
         bksw7/p5I82UGZ6J5iRfTsnjjz7w7mJzlyCqA+8T8Sp+ebX7hqj3JZJ/CXfy3pQFvkOd
         nykNHcUcTM5QWjlB3890oM6PL6mwrXFOWAa2cGlK9ysbUcy4CTfRmyKYv3GCzUq4lXLB
         FAjO54IzdKEvTHpvmB3Lu82eT7ZTIviTgBJt+Wb38ufzKg7ZYVZXiuiNHLJdZkWxScGm
         GG6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1690998590; x=1691603390;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=eWNQjTYBbbbzu7Grp6HFyE1kSyWHgtpaVff+H5nvRk8=;
        b=Rnx18Xt5odBakdg82lP+xBCk0yu+4eIf3B6+BUPdCzEGn6BFhY5xAaDhXbooVWt+pn
         iwp/m34R+9qAPldqFwz9pRxU1FjY59idtKQnOs2fNl2y8oGsadZc4yJDT+KCLHNkdtml
         EE7LAPt5+rTzZh6IDN2/kpkRRCiAkYvPuSaehrZLcYEI40tSdaEoL4XSBawKSi1pwTxL
         23A7a+4u42yP363cAKF1l4MLafemYkrcN2AYRyVtcanI1HtGPyOlju3+lWo1zEr0xXpY
         z77SmXocLueJHXSPWh32iq9VvwX+SHYaq/6cm+N4Wd0vixPNJFYpZXQvq9MxzZ1YJmrC
         Oz9Q==
X-Gm-Message-State: ABy/qLY2TlszPnVZO0cg35SICwRGK/Jls2aYLiOI0f6Irp9mUaYHUmQJ
	mj0K0j8rV1jXcGLDuDuGPYDY9B5LyZg=
X-Google-Smtp-Source: 
 APBJJlFdp83DOFxbI8M9i0K99CXYDo+BZtG30hW2bTYwFOBH7lQ6QL8gQvKzIgr5TAyfTzPD2vojmg==
X-Received: by 2002:a17:902:8f8b:b0:1b8:9db5:2ec1 with SMTP id
 z11-20020a1709028f8b00b001b89db52ec1mr13145433plo.67.1690998589698;
        Wed, 02 Aug 2023 10:49:49 -0700 (PDT)
Received: from octofox.hsd1.ca.comcast.net
 ([2601:646:a201:19d0:845d:7773:58fc:851a])
        by smtp.gmail.com with ESMTPSA id
 kb14-20020a170903338e00b001bba1188c8esm12675310plb.271.2023.08.02.10.49.49
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 02 Aug 2023 10:49:49 -0700 (PDT)
From: Max Filippov <jcmvbkbc@gmail.com>
To: devel@uclibc-ng.org
Date: Wed,  2 Aug 2023 10:49:47 -0700
Message-Id: <20230802174947.2496812-1-jcmvbkbc@gmail.com>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Message-ID-Hash: 6DMZEAZ45ATV2GNZDSGXZ6HSNYTQVBLA
X-Message-ID-Hash: 6DMZEAZ45ATV2GNZDSGXZ6HSNYTQVBLA
X-MailFrom: jcmvbkbc@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.3
Precedence: list
Subject: [uclibc-ng-devel] [PATCH v2] linuxthreads/signal: improve sigaction
 behavior
List-Id: uClibc-ng Development <devel.uclibc-ng.org>
Archived-At: 
 <https://uclibc-ng.org/mailman3/hyperkitty/list/devel@uclibc-ng.org/message/6DMZEAZ45ATV2GNZDSGXZ6HSNYTQVBLA/>
List-Archive: 
 <https://uclibc-ng.org/mailman3/hyperkitty/list/devel@uclibc-ng.org/>
List-Help: <mailto:devel-request@uclibc-ng.org?subject=help>
List-Owner: <mailto:devel-owner@uclibc-ng.org>
List-Post: <mailto:devel@uclibc-ng.org>
List-Subscribe: <mailto:devel-join@uclibc-ng.org>
List-Unsubscribe: <mailto:devel-leave@uclibc-ng.org>

Setting signal handler in the kernel and then updating sighandler[sig]
results in a crash if a signal which handler is being changed from
SIG_DFL to a non-default was pending. Improve the race a little and
update the sighandler[sig] before the sigaction syscall. It doesn't
eliminate the race entirely, but fixes this particular failing case.

E.g. this fixes the 100% reproducible segfault in the busybox hush shell
built with FEATURE_EDITING_WINCH on ssh client's terminal window resize,
but in that case there's one more even bigger issue: busybox calls
sigaction with both old and new signal pointers pointing to the same
structure instance, as a result act->sa_handler after the sigaction
syscall is not what the user requested, but the previous handler.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
Changes v1 -> v2:
- initialize 'save' with NULL to avoid compiler warning. The code
  cannot use uninitialized 'save' value, so no logic change is needed.

 libpthread/linuxthreads/signals.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/libpthread/linuxthreads/signals.c b/libpthread/linuxthreads/signals.c
index 0c0f2b6b1d2a..0cde54a16d27 100644
--- a/libpthread/linuxthreads/signals.c
+++ b/libpthread/linuxthreads/signals.c
@@ -134,6 +134,7 @@ int sigaction(int sig, const struct sigaction * act,
 {
   struct sigaction newact;
   struct sigaction *newactp;
+  void *save = NULL;
 
 #ifdef DEBUG_PT
 printf(__FUNCTION__": pthreads wrapper!\n");
@@ -142,6 +143,8 @@ printf(__FUNCTION__": pthreads wrapper!\n");
       sig == __pthread_sig_cancel ||
       (sig == __pthread_sig_debug && __pthread_sig_debug > 0))
     return EINVAL;
+  if (sig > 0 && sig < NSIG)
+    save = sighandler[sig].old;
   if (act)
     {
       newact = *act;
@@ -154,22 +157,24 @@ printf(__FUNCTION__": pthreads wrapper!\n");
 	    newact.sa_handler = (__sighandler_t) pthread_sighandler;
 	}
       newactp = &newact;
+      if (sig > 0 && sig < NSIG)
+	sighandler[sig].old = (arch_sighandler_t) act->sa_handler;
     }
   else
     newactp = NULL;
   if (__libc_sigaction(sig, newactp, oact) == -1)
-    return -1;
+    {
+      if (act && sig > 0 && sig < NSIG)
+	sighandler[sig].old = save;
+      return -1;
+    }
 #ifdef DEBUG_PT
 printf(__FUNCTION__": sighandler installed, sigaction successful\n");
 #endif
   if (sig > 0 && sig < NSIG)
     {
       if (oact != NULL)
-	oact->sa_handler = (__sighandler_t) sighandler[sig].old;
-      if (act)
-	/* For the assignment is does not matter whether it's a normal
-	   or real-time signal.  */
-	sighandler[sig].old = (arch_sighandler_t) act->sa_handler;
+	oact->sa_handler = save;
     }
   return 0;
 }