[llvm-branch-commits] [compiler-rt] release/19.x: Reapply "[sanitizer_common] AND signals in BlockSignals instead of deleting (#113443)" for non-Android Linux only (#115790) (PR #116670)
via llvm-branch-commits
llvm-branch-commits at lists.llvm.org
Mon Nov 18 10:17:33 PST 2024
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-compiler-rt-sanitizer
Author: None (llvmbot)
<details>
<summary>Changes</summary>
Backport 531acf9e2f24977d2556b39229b22f4518a1faa5
Requested by: @<!-- -->thurstond
---
Full diff: https://github.com/llvm/llvm-project/pull/116670.diff
3 Files Affected:
- (modified) compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp (+39-16)
- (modified) compiler-rt/lib/sanitizer_common/tests/CMakeLists.txt (+1)
- (added) compiler-rt/lib/sanitizer_common/tests/sanitizer_block_signals.cpp (+76)
``````````diff
diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp b/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp
index b9b1f496df7c98..be3b3bd94e2a58 100644
--- a/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp
@@ -160,33 +160,56 @@ void SetSigProcMask(__sanitizer_sigset_t *set, __sanitizer_sigset_t *oldset) {
CHECK_EQ(0, internal_sigprocmask(SIG_SETMASK, set, oldset));
}
+# if SANITIZER_LINUX
+// Deletes the specified signal from newset, if it is not present in oldset
+// Equivalently: newset[signum] = newset[signum] & oldset[signum]
+static void KeepUnblocked(__sanitizer_sigset_t &newset,
+ __sanitizer_sigset_t &oldset, int signum) {
+ // FIXME: https://github.com/google/sanitizers/issues/1816
+ if (SANITIZER_ANDROID || !internal_sigismember(&oldset, signum))
+ internal_sigdelset(&newset, signum);
+}
+# endif
+
// Block asynchronous signals
void BlockSignals(__sanitizer_sigset_t *oldset) {
- __sanitizer_sigset_t set;
- internal_sigfillset(&set);
-# if SANITIZER_LINUX && !SANITIZER_ANDROID
+ __sanitizer_sigset_t newset;
+ internal_sigfillset(&newset);
+
+# if SANITIZER_LINUX
+ __sanitizer_sigset_t currentset;
+
+# if !SANITIZER_ANDROID
+ // FIXME: https://github.com/google/sanitizers/issues/1816
+ SetSigProcMask(NULL, ¤tset);
+
// Glibc uses SIGSETXID signal during setuid call. If this signal is blocked
// on any thread, setuid call hangs.
// See test/sanitizer_common/TestCases/Linux/setuid.c.
- internal_sigdelset(&set, 33);
-# endif
-# if SANITIZER_LINUX
+ KeepUnblocked(newset, currentset, 33);
+# endif // !SANITIZER_ANDROID
+
// Seccomp-BPF-sandboxed processes rely on SIGSYS to handle trapped syscalls.
// If this signal is blocked, such calls cannot be handled and the process may
// hang.
- internal_sigdelset(&set, 31);
+ KeepUnblocked(newset, currentset, 31);
+# if !SANITIZER_ANDROID
// Don't block synchronous signals
- internal_sigdelset(&set, SIGSEGV);
- internal_sigdelset(&set, SIGBUS);
- internal_sigdelset(&set, SIGILL);
- internal_sigdelset(&set, SIGTRAP);
- internal_sigdelset(&set, SIGABRT);
- internal_sigdelset(&set, SIGFPE);
- internal_sigdelset(&set, SIGPIPE);
-# endif
+ // but also don't unblock signals that the user had deliberately blocked.
+ // FIXME: https://github.com/google/sanitizers/issues/1816
+ KeepUnblocked(newset, currentset, SIGSEGV);
+ KeepUnblocked(newset, currentset, SIGBUS);
+ KeepUnblocked(newset, currentset, SIGILL);
+ KeepUnblocked(newset, currentset, SIGTRAP);
+ KeepUnblocked(newset, currentset, SIGABRT);
+ KeepUnblocked(newset, currentset, SIGFPE);
+ KeepUnblocked(newset, currentset, SIGPIPE);
+# endif //! SANITIZER_ANDROID
+
+# endif // SANITIZER_LINUX
- SetSigProcMask(&set, oldset);
+ SetSigProcMask(&newset, oldset);
}
ScopedBlockSignals::ScopedBlockSignals(__sanitizer_sigset_t *copy) {
diff --git a/compiler-rt/lib/sanitizer_common/tests/CMakeLists.txt b/compiler-rt/lib/sanitizer_common/tests/CMakeLists.txt
index 2b4c15125263a9..fef8bb772e0e0d 100644
--- a/compiler-rt/lib/sanitizer_common/tests/CMakeLists.txt
+++ b/compiler-rt/lib/sanitizer_common/tests/CMakeLists.txt
@@ -15,6 +15,7 @@ set(SANITIZER_UNITTESTS
sanitizer_array_ref_test.cpp
sanitizer_atomic_test.cpp
sanitizer_bitvector_test.cpp
+ sanitizer_block_signals.cpp
sanitizer_bvgraph_test.cpp
sanitizer_chained_origin_depot_test.cpp
sanitizer_common_test.cpp
diff --git a/compiler-rt/lib/sanitizer_common/tests/sanitizer_block_signals.cpp b/compiler-rt/lib/sanitizer_common/tests/sanitizer_block_signals.cpp
new file mode 100644
index 00000000000000..b43648a8aef230
--- /dev/null
+++ b/compiler-rt/lib/sanitizer_common/tests/sanitizer_block_signals.cpp
@@ -0,0 +1,76 @@
+//===-- sanitizer_block_signals.cpp ---------------------------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+//
+// This file is a part of sanitizer_common unit tests.
+//
+//===----------------------------------------------------------------------===//
+#include <signal.h>
+#include <stdio.h>
+
+#include "gtest/gtest.h"
+#include "sanitizer_common/sanitizer_linux.h"
+
+namespace __sanitizer {
+
+#if SANITIZER_LINUX && !SANITIZER_ANDROID
+volatile int received_sig = -1;
+
+void signal_handler(int signum) { received_sig = signum; }
+
+TEST(SanitizerCommon, NoBlockSignals) {
+ // No signals blocked
+ signal(SIGUSR1, signal_handler);
+ raise(SIGUSR1);
+ EXPECT_EQ(received_sig, SIGUSR1);
+
+ received_sig = -1;
+ signal(SIGPIPE, signal_handler);
+ raise(SIGPIPE);
+ EXPECT_EQ(received_sig, SIGPIPE);
+}
+
+TEST(SanitizerCommon, BlockSignalsPlain) {
+ // ScopedBlockSignals; SIGUSR1 should be blocked but not SIGPIPE
+ {
+ __sanitizer_sigset_t sigset = {};
+ ScopedBlockSignals block(&sigset);
+
+ received_sig = -1;
+ signal(SIGUSR1, signal_handler);
+ raise(SIGUSR1);
+ EXPECT_EQ(received_sig, -1);
+
+ received_sig = -1;
+ signal(SIGPIPE, signal_handler);
+ raise(SIGPIPE);
+ EXPECT_EQ(received_sig, SIGPIPE);
+ }
+ EXPECT_EQ(received_sig, SIGUSR1);
+}
+
+TEST(SanitizerCommon, BlockSignalsExceptPipe) {
+ // Manually block SIGPIPE; ScopedBlockSignals should not unblock this
+ sigset_t block_sigset;
+ sigemptyset(&block_sigset);
+ sigaddset(&block_sigset, SIGPIPE);
+ sigprocmask(SIG_BLOCK, &block_sigset, NULL);
+ {
+ __sanitizer_sigset_t sigset = {};
+ ScopedBlockSignals block(&sigset);
+
+ received_sig = -1;
+ signal(SIGPIPE, signal_handler);
+ raise(SIGPIPE);
+ EXPECT_EQ(received_sig, -1);
+ }
+ sigprocmask(SIG_UNBLOCK, &block_sigset, NULL);
+ EXPECT_EQ(received_sig, SIGPIPE);
+}
+#endif // SANITIZER_LINUX && !SANITIZER_ANDROID
+
+} // namespace __sanitizer
``````````
</details>
https://github.com/llvm/llvm-project/pull/116670
More information about the llvm-branch-commits
mailing list