diff options
author | Peter Maydell <peter.maydell@linaro.org> | 2016-06-14 12:49:18 +0100 |
---|---|---|
committer | Riku Voipio <riku.voipio@linaro.org> | 2016-06-26 13:17:20 +0300 |
commit | 1d48fdd9d84aab1bd32c1f70947932f5d90f92aa (patch) | |
tree | dee8a5037d9909fdb0201fd60230d399ab26e899 /linux-user/syscall.c | |
parent | 435da5e7092aa54e12044b9401b42c4a9333c74d (diff) | |
download | qemu-1d48fdd9d84aab1bd32c1f70947932f5d90f92aa.zip qemu-1d48fdd9d84aab1bd32c1f70947932f5d90f92aa.tar.gz qemu-1d48fdd9d84aab1bd32c1f70947932f5d90f92aa.tar.bz2 |
linux-user: Don't use sigfillset() on uc->uc_sigmask
The kernel and libc have different ideas about what a sigset_t
is -- for the kernel it is only _NSIG / 8 bytes in size (usually
8 bytes), but for libc it is much larger, 128 bytes. In most
situations the difference doesn't matter, because if you pass a
pointer to a libc sigset_t to the kernel it just acts on the first
8 bytes of it, but for the ucontext_t* argument to a signal handler
it trips us up. The kernel allocates this ucontext_t on the stack
according to its idea of the sigset_t type, but the type of the
ucontext_t defined by the libc headers uses the libc type, and
so do the manipulator functions like sigfillset(). This means that
(1) sizeof(uc->uc_sigmask) is much larger than the actual
space used on the stack
(2) sigfillset(&uc->uc_sigmask) will write garbage 0xff bytes
off the end of the structure, which can trash data that
was on the stack before the signal handler was invoked,
and may result in a crash after the handler returns
To avoid this, we use a memset() of the correct size to fill
the signal mask rather than using the libc function.
This fixes a problem where we would crash at least some of the
time on an i386 host when a signal was taken.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Diffstat (limited to 'linux-user/syscall.c')
-rw-r--r-- | linux-user/syscall.c | 5 |
1 files changed, 0 insertions, 5 deletions
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 3dfaea9..5166ff9 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -123,11 +123,6 @@ int __clone2(int (*fn)(void *), void *child_stack_base, #define VFAT_IOCTL_READDIR_BOTH _IOR('r', 1, struct linux_dirent [2]) #define VFAT_IOCTL_READDIR_SHORT _IOR('r', 2, struct linux_dirent [2]) -/* This is the size of the host kernel's sigset_t, needed where we make - * direct system calls that take a sigset_t pointer and a size. - */ -#define SIGSET_T_SIZE (_NSIG / 8) - #undef _syscall0 #undef _syscall1 #undef _syscall2 |