On 16/09/20(Wed) 06:09, Miod Vallat wrote:
>
> > Diff below introduces an helper for sending an uncatchable SIGABRT and
> > annotate that `p_siglist' and `p_sigmask' are updated using atomic
> > operations.
>
> Why not use sigexit(p, SIGABRT); for that purpose?
That's a better solution indeed. deraadt@ pointed something that goes
in this direction as well because sigexit() parks siblings earlier and
that reduces the amount of noise between the detection of corruption
and the content of the coredump.
Updated diff below, ok?
Index: kern/kern_sig.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_sig.c,v
retrieving revision 1.262
diff -u -p -r1.262 kern_sig.c
--- kern/kern_sig.c 13 Sep 2020 13:33:37 -0000 1.262
+++ kern/kern_sig.c 16 Sep 2020 07:45:26 -0000
@@ -122,6 +122,8 @@ const int sigprop[NSIG + 1] = {
#define stopsigmask (sigmask(SIGSTOP) | sigmask(SIGTSTP) | \
sigmask(SIGTTIN) | sigmask(SIGTTOU))
+void setsigvec(struct proc *, int, struct sigaction *);
+
void proc_stop(struct proc *p, int);
void proc_stop_sweep(void *);
void *proc_stop_si;
Index: kern/kern_pledge.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_pledge.c,v
retrieving revision 1.263
diff -u -p -r1.263 kern_pledge.c
--- kern/kern_pledge.c 17 Jul 2020 16:28:19 -0000 1.263
+++ kern/kern_pledge.c 16 Sep 2020 07:45:28 -0000
@@ -529,7 +529,6 @@ pledge_fail(struct proc *p, int error, u
{
const char *codes = "";
int i;
- struct sigaction sa;
/* Print first matching pledge */
for (i = 0; code && pledgenames[i].bits != 0; i++)
@@ -550,11 +549,7 @@ pledge_fail(struct proc *p, int error, u
p->p_p->ps_acflag |= APLEDGE;
/* Send uncatchable SIGABRT for coredump */
- memset(&sa, 0, sizeof sa);
- sa.sa_handler = SIG_DFL;
- setsigvec(p, SIGABRT, &sa);
- atomic_clearbits_int(&p->p_sigmask, sigmask(SIGABRT));
- psignal(p, SIGABRT);
+ sigexit(p, SIGABRT);
p->p_p->ps_pledge = 0; /* Disable all PLEDGE_ flags */
KERNEL_UNLOCK();
Index: kern/kern_proc.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_proc.c,v
retrieving revision 1.86
diff -u -p -r1.86 kern_proc.c
--- kern/kern_proc.c 30 Jan 2020 08:51:27 -0000 1.86
+++ kern/kern_proc.c 16 Sep 2020 07:45:26 -0000
@@ -494,7 +494,6 @@ void
db_kill_cmd(db_expr_t addr, int have_addr, db_expr_t count, char *modif)
{
struct process *pr;
- struct sigaction sa;
struct proc *p;
pr = prfind(addr);
@@ -506,11 +505,7 @@ db_kill_cmd(db_expr_t addr, int have_add
p = TAILQ_FIRST(&pr->ps_threads);
/* Send uncatchable SIGABRT for coredump */
- memset(&sa, 0, sizeof sa);
- sa.sa_handler = SIG_DFL;
- setsigvec(p, SIGABRT, &sa);
- atomic_clearbits_int(&p->p_sigmask, sigmask(SIGABRT));
- psignal(p, SIGABRT);
+ sigexit(p, SIGABRT);
}
void
Index: sys/signalvar.h
===================================================================
RCS file: /cvs/src/sys/sys/signalvar.h,v
retrieving revision 1.43
diff -u -p -r1.43 signalvar.h
--- sys/signalvar.h 13 Sep 2020 13:33:37 -0000 1.43
+++ sys/signalvar.h 16 Sep 2020 07:45:22 -0000
@@ -128,7 +128,6 @@ void trapsignal(struct proc *p, int sig,
void sigexit(struct proc *, int);
int sigismasked(struct proc *, int);
int sigonstack(size_t);
-void setsigvec(struct proc *, int, struct sigaction *);
int killpg1(struct proc *, int, int, int);
void signal_init(void);
