overhaul implementation-internal signal protections

the new approach relies on the fact that the only ways to create sigset_t objects without invoking UB are to use the sig*set() functions, or from the masks returned by sigprocmask, sigaction, etc. or in the ucontext_t argument to a signal handler. thus, as long as sigfillset and sigaddset avoid adding the "protected" signals, there is no way the application will ever obtain a sigset_t including these bits, and thus no need to add the overhead of checking/clearing them when sigprocmask or sigaction is called. note that the old code actually *failed* to remove the bits from sa_mask when sigaction was called. the new implementations are also significantly smaller, simpler, and faster due to ignoring the useless "GNU HURD signals" 65-1024, which are not used and, if there's any sanity in the world, never will be used.
2025-06-27 05:32:06 +00:00 · 2011-05-07 23:23:58 -04:00
parent 77f15d108e
commit 99b8a25e94
13 changed files with 32 additions and 50 deletions
--- a/dist/config.mak
+++ b/dist/config.mak
@ -18,7 +18,7 @@ exec_prefix = /usr/local
 #CFLAGS += -fomit-frame-pointer -mno-accumulate-outgoing-args
 # Uncomment for warnings (as errors). Might need tuning to your gcc version.
-#CFLAGS += -Werror -Wall -Wpointer-arith -Wcast-align -Wno-parentheses -Wno-char-subscripts -Wno-uninitialized -Wno-sequence-point -Wno-missing-braces -Wno-unused-value
+#CFLAGS += -Werror -Wall -Wpointer-arith -Wcast-align -Wno-parentheses -Wno-char-subscripts -Wno-uninitialized -Wno-sequence-point -Wno-missing-braces -Wno-unused-value -Wno-overflow -Wno-int-to-pointer-cast
 # Uncomment if you want to build a shared library (experimental).
 #LIBC_LIBS += lib/libc.so
--- a/src/internal/pthread_impl.h
+++ b/src/internal/pthread_impl.h
@ -75,9 +75,12 @@ struct __timer {
 #include "pthread_arch.h"
-#define SIGCANCEL 32
+#define SIGTIMER 32
-#define SIGSYSCALL 33
+#define SIGCANCEL 33
-#define SIGTIMER 34
+#define SIGSYSCALL 34
 #define SIGPT_SET ((sigset_t){{[sizeof(long)==4] = 3<<(32*(sizeof(long)>4))}})
 #define SIGTIMER_SET ((sigset_t){{ 0x80000000 }})
 int __set_thread_area(void *);
 int __libc_sigaction(int, const struct sigaction *, struct sigaction *);
--- a/src/signal/raise.c
+++ b/src/signal/raise.c
@ -1,18 +1,16 @@
 #include <signal.h>
 #include <errno.h>
 #include <stdint.h>
 #include "syscall.h"
 int __sigprocmask(int, const sigset_t *, sigset_t *);
 int raise(int sig)
 {
 	int pid, tid, ret;
 	sigset_t set;
-	sigfillset(&set);
+	__syscall(SYS_rt_sigprocmask, SIG_BLOCK, (uint64_t[]){-1}, &set, 8);
 	__sigprocmask(SIG_BLOCK, &set, &set);
 	tid = syscall(SYS_gettid);
 	pid = syscall(SYS_getpid);
 	ret = syscall(SYS_tgkill, pid, tid, sig);
-	__sigprocmask(SIG_SETMASK, &set, 0);
+	__syscall(SYS_rt_sigprocmask, SIG_SETMASK, &set, 0, 8);
 	return ret;
 }
--- a/src/signal/sigaction.c
+++ b/src/signal/sigaction.c
@ -35,7 +35,7 @@ int __libc_sigaction(int sig, const struct sigaction *sa, struct sigaction *old)
 int __sigaction(int sig, const struct sigaction *sa, struct sigaction *old)
 {
-	if (sig-SIGCANCEL < 3U) {
+	if (sig-32U < 3) {
 		errno = EINVAL;
 		return -1;
 	}
--- a/src/signal/sigaddset.c
+++ b/src/signal/sigaddset.c
@ -4,7 +4,7 @@
 int sigaddset(sigset_t *set, int sig)
 {
 	unsigned s = sig-1;
-	if (s >= 8*sizeof(sigset_t)) {
+	if (s >= 8*sizeof(sigset_t) || s-32U<3) {
 		errno = EINVAL;
 		return -1;
 	}
--- a/src/signal/sigdelset.c
+++ b/src/signal/sigdelset.c
@ -4,7 +4,7 @@
 int sigdelset(sigset_t *set, int sig)
 {
 	unsigned s = sig-1;
-	if (s >= 8*sizeof(sigset_t)) {
+	if (s >= 8*sizeof(sigset_t) || s-32U<3) {
 		errno = EINVAL;
 		return -1;
 	}
--- a/src/signal/sigemptyset.c
+++ b/src/signal/sigemptyset.c
@ -3,6 +3,7 @@
 int sigemptyset(sigset_t *set)
 {
-	memset(set, 0, sizeof *set);
+	set->__bits[0] = 0;
 	if (sizeof(long)==4) set->__bits[1] = 0;
 	return 0;
 }
--- a/src/signal/sigfillset.c
+++ b/src/signal/sigfillset.c
@ -1,8 +1,14 @@
 #include <signal.h>
 #include <string.h>
 #include <limits.h>
 int sigfillset(sigset_t *set)
 {
-	memset(set, -1, sizeof *set);
+#if ULONG_MAX == 0xffffffff
 	set->__bits[0] = 0x7ffffffful;
 	set->__bits[1] = 0xfffffffcul;
 #else
 	set->__bits[0] = 0xfffffffc7ffffffful;
 #endif
 	return 0;
 }
--- a/src/signal/sigismember.c
+++ b/src/signal/sigismember.c
@ -4,7 +4,7 @@
 int sigismember(const sigset_t *set, int sig)
 {
 	unsigned s = sig-1;
-	if (s >= 8*sizeof(sigset_t)) {
+	if (s >= 8*sizeof(sigset_t) || s-32U<3) {
 		errno = EINVAL;
 		return -1;
 	}
--- a/src/signal/sigprocmask.c
+++ b/src/signal/sigprocmask.c
@ -4,27 +4,11 @@
 #include "libc.h"
 #include "pthread_impl.h"
-int __libc_sigprocmask(int how, const sigset_t *set, sigset_t *old)
+int sigprocmask(int how, const sigset_t *set, sigset_t *old)
 {
 	return syscall(SYS_rt_sigprocmask, how, set, old, 8);
 }
 int __sigprocmask(int how, const sigset_t *set, sigset_t *old)
 {
 	sigset_t tmp;
 	if (how > 2U) {
 		errno = EINVAL;
 		return -1;
 	}
-	/* Disallow blocking thread control signals */
+	return syscall(SYS_rt_sigprocmask, how, set, old, 8);
 	if (set && how != SIG_UNBLOCK) {
 		tmp = *set;
 		set = &tmp;
 		sigdelset(&tmp, SIGCANCEL);
 		sigdelset(&tmp, SIGSYSCALL);
 		sigdelset(&tmp, SIGTIMER);
 }
 	return __libc_sigprocmask(how, set, old);
 }
 weak_alias(__sigprocmask, sigprocmask);
--- a/src/thread/__rsyscall.c
+++ b/src/thread/__rsyscall.c
@ -56,8 +56,7 @@ int __rsyscall(int nr, long a, long b, long c, long d, long e, long f)
 	while ((i=rs.blocks))
 		__wait(&rs.blocks, 0, i, 1);
-	sigfillset(&set);
+	__syscall(SYS_rt_sigprocmask, SIG_BLOCK, (uint64_t[]){-1}, &set, 8);
 	__libc_sigprocmask(SIG_BLOCK, &set, &set);
 	if (!rs.init) {
 		struct sigaction sa = {
@ -88,7 +87,7 @@ int __rsyscall(int nr, long a, long b, long c, long d, long e, long f)
 	}
 	/* Handle any lingering signals with no-op */
-	__libc_sigprocmask(SIG_UNBLOCK, &set, &set);
+	__syscall(SYS_rt_sigprocmask, SIG_SETMASK, &set, &set, 8);
 	/* Resume other threads' signal handlers and wait for them */
 	rs.hold = 0;
--- a/src/thread/pthread_create.c
+++ b/src/thread/pthread_create.c
@ -34,7 +34,7 @@ void __pthread_unwind_next(struct __ptcb *cb)
 	if (!n) exit(0);
 	if (self->detached && self->map_base) {
-		__syscall(SYS_rt_sigprocmask, SIG_BLOCK, (long)(uint64_t[1]){-1},0,8);
+		__syscall(SYS_rt_sigprocmask, SIG_BLOCK, (uint64_t[]){-1},0,8);
 		__unmapself(self->map_base, self->map_size);
 	}
@ -44,12 +44,8 @@ void __pthread_unwind_next(struct __ptcb *cb)
 static int start(void *p)
 {
 	struct pthread *self = p;
-	if (self->unblock_cancel) {
+	if (self->unblock_cancel)
-		sigset_t set;
+		__syscall(SYS_rt_sigprocmask, SIG_UNBLOCK, &SIGPT_SET, 0, 8);
 		sigemptyset(&set);
 		sigaddset(&set, SIGCANCEL);
 		__libc_sigprocmask(SIG_UNBLOCK, &set, 0);
 	}
 	pthread_exit(self->start(self->start_arg));
 	return 0;
 }
@ -72,11 +68,7 @@ int pthread_create(pthread_t *res, const pthread_attr_t *attr, void *(*entry)(vo
 	if (!self) return ENOSYS;
 	if (!libc.threaded) {
-		sigset_t set;
+		__syscall(SYS_rt_sigprocmask, SIG_UNBLOCK, &SIGPT_SET, 0, 8);
 		sigemptyset(&set);
 		sigaddset(&set, SIGSYSCALL);
 		sigaddset(&set, SIGCANCEL);
 		__libc_sigprocmask(SIG_UNBLOCK, &set, 0);
 		libc.threaded = 1;
 	}
--- a/src/time/timer_create.c
+++ b/src/time/timer_create.c
@ -51,8 +51,7 @@ static void install_handler()
 		.sa_flags = SA_SIGINFO | SA_RESTART
 	};
 	__libc_sigaction(SIGTIMER, &sa, 0);
-	sigaddset(&sa.sa_mask, SIGTIMER);
+	__syscall(SYS_rt_sigprocmask, SIG_UNBLOCK, &SIGTIMER_SET, 0, 8);
 	__libc_sigprocmask(SIG_UNBLOCK, &sa.sa_mask, 0);
 }
 static void *start(void *arg)