mirror of git://sourceware.org/git/glibc.git
d40ac01cbb
The recursive lock used on abort does not synchronize with a new process
creation (either by fork-like interfaces or posix_spawn ones), nor it
is reinitialized after fork().
Also, the SIGABRT unblock before raise() shows another race condition,
where a fork or posix_spawn() call by another thread, just after the
recursive lock release and before the SIGABRT signal, might create
programs with a non-expected signal mask. With the default option
(without POSIX_SPAWN_SETSIGDEF), the process can see SIG_DFL for
SIGABRT, where it should be SIG_IGN.
To fix the AS-safe, raise() does not change the process signal mask,
and an AS-safe lock is used if a SIGABRT is installed or the process
is blocked or ignored. With the signal mask change removal,
there is no need to use a recursive loc. The lock is also taken on
both _Fork() and posix_spawn(), to avoid the spawn process to see the
abort handler as SIG_DFL.
A read-write lock is used to avoid serialize _Fork and posix_spawn
execution. Both sigaction (SIGABRT) and abort() requires to lock
as writer (since both change the disposition).
The fallback is also simplified: there is no need to use a loop of
ABORT_INSTRUCTION after _exit() (if the syscall does not terminate the
process, the system is broken).
The proposed fix changes how setjmp works on a SIGABRT handler, where
glibc does not save the signal mask. So usage like the below will now
always abort.
static volatile int chk_fail_ok;
static jmp_buf chk_fail_buf;
static void
handler (int sig)
{
if (chk_fail_ok)
{
chk_fail_ok = 0;
longjmp (chk_fail_buf, 1);
}
else
_exit (127);
}
[...]
signal (SIGABRT, handler);
[....]
chk_fail_ok = 1;
if (! setjmp (chk_fail_buf))
{
// Something that can calls abort, like a failed fortify function.
chk_fail_ok = 0;
printf ("FAIL\n");
}
Such cases will need to use sigsetjmp instead.
The _dl_start_profile calls sigaction through _profil, and to avoid
pulling abort() on loader the call is replaced with __libc_sigaction.
Checked on x86_64-linux-gnu and aarch64-linux-gnu.
Reviewed-by: DJ Delorie <dj@redhat.com>
|
||
|---|---|---|
| .. | ||
| bits | ||
| sys | ||
| Depend | ||
| Makefile | ||
| Versions | ||
| a64l.c | ||
| abort.c | ||
| abs.c | ||
| add_n.c | ||
| addmul_1.c | ||
| alloca.h | ||
| arc4random.c | ||
| arc4random_uniform.c | ||
| at_quick_exit.c | ||
| atexit.c | ||
| atof.c | ||
| atoi.c | ||
| atol.c | ||
| atoll.c | ||
| bsearch.c | ||
| bug-fmtmsg1.c | ||
| bug-getcontext.c | ||
| bug-strtod.c | ||
| bug-strtod2.c | ||
| canonicalize.c | ||
| cmp.c | ||
| cxa_at_quick_exit.c | ||
| cxa_atexit.c | ||
| cxa_finalize.c | ||
| cxa_thread_atexit_impl.c | ||
| dbl2mpn.c | ||
| div.c | ||
| divmod_1.c | ||
| divrem.c | ||
| drand48-iter.c | ||
| drand48.c | ||
| drand48_r.c | ||
| erand48.c | ||
| erand48_r.c | ||
| errno.h | ||
| exit.c | ||
| exit.h | ||
| fmtmsg.c | ||
| fmtmsg.h | ||
| fpioconst.c | ||
| fpioconst.h | ||
| gen-fpioconst.c | ||
| gen-tst-strtod-round.c | ||
| getcontext.c | ||
| getentropy.c | ||
| getenv.c | ||
| getrandom.c | ||
| getsubopt.c | ||
| gmp-impl.h | ||
| gmp.h | ||
| grouping.c | ||
| grouping.h | ||
| groupingwc.c | ||
| inlines.c | ||
| inttypes.h | ||
| isomac.c | ||
| jrand48.c | ||
| jrand48_r.c | ||
| l64a.c | ||
| labs.c | ||
| lcong48.c | ||
| lcong48_r.c | ||
| ldbl2mpn.c | ||
| ldiv.c | ||
| llabs.c | ||
| lldiv.c | ||
| longlong.h | ||
| lrand48.c | ||
| lrand48_r.c | ||
| lshift.c | ||
| makecontext.c | ||
| mblen.c | ||
| mbstowcs.c | ||
| mbtowc.c | ||
| mod_1.c | ||
| monetary.h | ||
| mp_clz_tab.c | ||
| mpn2dbl.c | ||
| mpn2flt.c | ||
| mpn2ldbl.c | ||
| mrand48.c | ||
| mrand48_r.c | ||
| mul.c | ||
| mul_1.c | ||
| mul_n.c | ||
| nrand48.c | ||
| nrand48_r.c | ||
| old_atexit.c | ||
| on_exit.c | ||
| putenv.c | ||
| qsort.c | ||
| quick_exit.c | ||
| rand.c | ||
| rand_r.c | ||
| random.c | ||
| random_r.c | ||
| rpmatch.c | ||
| rshift.c | ||
| secure-getenv.c | ||
| seed48.c | ||
| seed48_r.c | ||
| setcontext.c | ||
| setenv.c | ||
| srand48.c | ||
| srand48_r.c | ||
| stdbit.h | ||
| stdc_bit_ceil_uc.c | ||
| stdc_bit_ceil_ui.c | ||
| stdc_bit_ceil_ul.c | ||
| stdc_bit_ceil_ull.c | ||
| stdc_bit_ceil_us.c | ||
| stdc_bit_floor_uc.c | ||
| stdc_bit_floor_ui.c | ||
| stdc_bit_floor_ul.c | ||
| stdc_bit_floor_ull.c | ||
| stdc_bit_floor_us.c | ||
| stdc_bit_width_uc.c | ||
| stdc_bit_width_ui.c | ||
| stdc_bit_width_ul.c | ||
| stdc_bit_width_ull.c | ||
| stdc_bit_width_us.c | ||
| stdc_count_ones_uc.c | ||
| stdc_count_ones_ui.c | ||
| stdc_count_ones_ul.c | ||
| stdc_count_ones_ull.c | ||
| stdc_count_ones_us.c | ||
| stdc_count_zeros_uc.c | ||
| stdc_count_zeros_ui.c | ||
| stdc_count_zeros_ul.c | ||
| stdc_count_zeros_ull.c | ||
| stdc_count_zeros_us.c | ||
| stdc_first_leading_one_uc.c | ||
| stdc_first_leading_one_ui.c | ||
| stdc_first_leading_one_ul.c | ||
| stdc_first_leading_one_ull.c | ||
| stdc_first_leading_one_us.c | ||
| stdc_first_leading_zero_uc.c | ||
| stdc_first_leading_zero_ui.c | ||
| stdc_first_leading_zero_ul.c | ||
| stdc_first_leading_zero_ull.c | ||
| stdc_first_leading_zero_us.c | ||
| stdc_first_trailing_one_uc.c | ||
| stdc_first_trailing_one_ui.c | ||
| stdc_first_trailing_one_ul.c | ||
| stdc_first_trailing_one_ull.c | ||
| stdc_first_trailing_one_us.c | ||
| stdc_first_trailing_zero_uc.c | ||
| stdc_first_trailing_zero_ui.c | ||
| stdc_first_trailing_zero_ul.c | ||
| stdc_first_trailing_zero_ull.c | ||
| stdc_first_trailing_zero_us.c | ||
| stdc_has_single_bit_uc.c | ||
| stdc_has_single_bit_ui.c | ||
| stdc_has_single_bit_ul.c | ||
| stdc_has_single_bit_ull.c | ||
| stdc_has_single_bit_us.c | ||
| stdc_leading_ones_uc.c | ||
| stdc_leading_ones_ui.c | ||
| stdc_leading_ones_ul.c | ||
| stdc_leading_ones_ull.c | ||
| stdc_leading_ones_us.c | ||
| stdc_leading_zeros_uc.c | ||
| stdc_leading_zeros_ui.c | ||
| stdc_leading_zeros_ul.c | ||
| stdc_leading_zeros_ull.c | ||
| stdc_leading_zeros_us.c | ||
| stdc_trailing_ones_uc.c | ||
| stdc_trailing_ones_ui.c | ||
| stdc_trailing_ones_ul.c | ||
| stdc_trailing_ones_ull.c | ||
| stdc_trailing_ones_us.c | ||
| stdc_trailing_zeros_uc.c | ||
| stdc_trailing_zeros_ui.c | ||
| stdc_trailing_zeros_ul.c | ||
| stdc_trailing_zeros_ull.c | ||
| stdc_trailing_zeros_us.c | ||
| stdint.h | ||
| stdlib.h | ||
| strfmon.c | ||
| strfmon_l.c | ||
| strfrom-skeleton.c | ||
| strfromd.c | ||
| strfromf.c | ||
| strfroml.c | ||
| strtod.c | ||
| strtod_l.c | ||
| strtod_nan.c | ||
| strtod_nan_main.c | ||
| strtod_nan_narrow.h | ||
| strtod_nan_wide.h | ||
| strtof.c | ||
| strtof_l.c | ||
| strtof_nan.c | ||
| strtol.c | ||
| strtol_l.c | ||
| strtold.c | ||
| strtold_l.c | ||
| strtold_nan.c | ||
| strtoll.c | ||
| strtoll_l.c | ||
| strtoul.c | ||
| strtoul_l.c | ||
| strtoull.c | ||
| strtoull_l.c | ||
| sub_n.c | ||
| submul_1.c | ||
| swapcontext.c | ||
| system.c | ||
| tens_in_limb.c | ||
| test-a64l.c | ||
| test-at_quick_exit-race.c | ||
| test-atexit-race-common.c | ||
| test-atexit-race.c | ||
| test-atexit-recursive.c | ||
| test-bz22786.c | ||
| test-canon.c | ||
| test-canon2.c | ||
| test-cxa_atexit-race.c | ||
| test-cxa_atexit-race2.c | ||
| test-dlclose-exit-race-helper.c | ||
| test-dlclose-exit-race.c | ||
| test-on_exit-race.c | ||
| testdiv.c | ||
| testdiv.input | ||
| testmb.c | ||
| testmb2.c | ||
| testrand.c | ||
| testsort.c | ||
| tst-abs.c | ||
| tst-arc4random-fork.c | ||
| tst-arc4random-stats.c | ||
| tst-arc4random-thread.c | ||
| tst-at_quick_exit.c | ||
| tst-atexit-common.c | ||
| tst-atexit.c | ||
| tst-atof1.c | ||
| tst-atof2.c | ||
| tst-bsearch.c | ||
| tst-bz20544.c | ||
| tst-canon-bz26341.c | ||
| tst-concurrent-exit-skeleton.c | ||
| tst-concurrent-exit.c | ||
| tst-concurrent-quick_exit.c | ||
| tst-cxa_atexit.c | ||
| tst-empty-env.c | ||
| tst-environ.c | ||
| tst-fmtmsg.c | ||
| tst-fmtmsg.sh | ||
| tst-getrandom.c | ||
| tst-labs.c | ||
| tst-limits.c | ||
| tst-llabs.c | ||
| tst-makecontext-align.c | ||
| tst-makecontext.c | ||
| tst-makecontext2.c | ||
| tst-makecontext3.c | ||
| tst-on_exit.c | ||
| tst-putenv.c | ||
| tst-putenvmod.c | ||
| tst-qsort.c | ||
| tst-qsort2.c | ||
| tst-qsort3.c | ||
| tst-qsort4.c | ||
| tst-qsort6.c | ||
| tst-quick_exit.cc | ||
| tst-rand48-2.c | ||
| tst-rand48.c | ||
| tst-random.c | ||
| tst-random2.c | ||
| tst-realpath-toolong.c | ||
| tst-realpath.c | ||
| tst-secure-getenv.c | ||
| tst-setcontext.c | ||
| tst-setcontext2.c | ||
| tst-setcontext3.c | ||
| tst-setcontext3.sh | ||
| tst-setcontext4.c | ||
| tst-setcontext5.c | ||
| tst-setcontext6.c | ||
| tst-setcontext7.c | ||
| tst-setcontext8.c | ||
| tst-setcontext9.c | ||
| tst-setcontext10.c | ||
| tst-setcontext11.c | ||
| tst-stdbit-Wconversion.c | ||
| tst-stdbit-builtins.c | ||
| tst-stdbit.h | ||
| tst-stdc_bit_ceil.c | ||
| tst-stdc_bit_floor.c | ||
| tst-stdc_bit_width.c | ||
| tst-stdc_count_ones.c | ||
| tst-stdc_count_zeros.c | ||
| tst-stdc_first_leading_one.c | ||
| tst-stdc_first_leading_zero.c | ||
| tst-stdc_first_trailing_one.c | ||
| tst-stdc_first_trailing_zero.c | ||
| tst-stdc_has_single_bit.c | ||
| tst-stdc_leading_ones.c | ||
| tst-stdc_leading_zeros.c | ||
| tst-stdc_trailing_ones.c | ||
| tst-stdc_trailing_zeros.c | ||
| tst-strfmon_l.c | ||
| tst-strfrom-locale.c | ||
| tst-strfrom.c | ||
| tst-strfrom.h | ||
| tst-strtod-nan-locale-main.c | ||
| tst-strtod-nan-locale.c | ||
| tst-strtod-nan-sign-main.c | ||
| tst-strtod-nan-sign.c | ||
| tst-strtod-overflow.c | ||
| tst-strtod-round-data | ||
| tst-strtod-round-data.h | ||
| tst-strtod-round-skeleton.c | ||
| tst-strtod-round.c | ||
| tst-strtod-underflow.c | ||
| tst-strtod.c | ||
| tst-strtod.h | ||
| tst-strtod1i.c | ||
| tst-strtod2.c | ||
| tst-strtod3.c | ||
| tst-strtod4.c | ||
| tst-strtod5.c | ||
| tst-strtod5i.c | ||
| tst-strtod6.c | ||
| tst-strtol-binary-c11.c | ||
| tst-strtol-binary-c23.c | ||
| tst-strtol-binary-gnu11.c | ||
| tst-strtol-binary-gnu23.c | ||
| tst-strtol-binary-main.c | ||
| tst-strtol-locale-main.c | ||
| tst-strtol-locale.c | ||
| tst-strtol.c | ||
| tst-strtoll.c | ||
| tst-swapcontext1.c | ||
| tst-swapcontext2.c | ||
| tst-system.c | ||
| tst-thread-quick_exit.cc | ||
| tst-tininess.c | ||
| tst-tls-atexit-lib.c | ||
| tst-tls-atexit-nodelete.c | ||
| tst-tls-atexit.c | ||
| tst-unsetenv1.c | ||
| tst-width-stdint.c | ||
| tst-width.c | ||
| tst-xpg-basename.c | ||
| ucontext.h | ||
| udiv_qrnnd.c | ||
| wcstombs.c | ||
| wctomb.c | ||
| xpg_basename.c | ||