nptl: Install SIGSETXID handler with SA_ONSTACK [BZ #27914]

This commit is contained in:
Florian Weimer 2021-05-26 08:25:19 +02:00
parent 8aee7e3563
commit 65fd804c4a
2 changed files with 41 additions and 1 deletions

View File

@ -0,0 +1,36 @@
Emergency backport of this change prior to upstream acceptance:
Author: Florian Weimer <fweimer@redhat.com>
Date: Wed May 26 07:13:00 2021 +0200
nptl: Install SIGSETXID handler with SA_ONSTACK [BZ #27914]
The signal is sent to all threads, some of which may have switched
to very small stacks. If they have also installed an alternate
signal stack, SA_ONSTACK makes this work. The Go runtime needs this:
runtime: C.setuid/C.setgid smashes Go stack
<https://github.com/golang/go/issues/9400>
Doing this for SIGCANCEL is less obviously beneficial and needs further
testing.
diff --git a/nptl/pthread_create.c b/nptl/pthread_create.c
index 5680687efe7089da..b7073a828549d24c 100644
--- a/nptl/pthread_create.c
+++ b/nptl/pthread_create.c
@@ -83,9 +83,12 @@ late_init (void)
(void) __libc_sigaction (SIGCANCEL, &sa, NULL);
}
- /* Install the handle to change the threads' uid/gid. */
+ /* Install the handle to change the threads' uid/gid. Use
+ SA_ONSTACK because the signal may be sent to threads that are
+ running with custom stacks. (This is less likely for
+ SIGCANCEL.) */
sa.sa_sigaction = __nptl_setxid_sighandler;
- sa.sa_flags = SA_SIGINFO | SA_RESTART;
+ sa.sa_flags = SA_ONSTACK | SA_SIGINFO | SA_RESTART;
(void) __libc_sigaction (SIGSETXID, &sa, NULL);
/* The parent process might have left the signals blocked. Just in

View File

@ -97,7 +97,7 @@
Summary: The GNU libc libraries Summary: The GNU libc libraries
Name: glibc Name: glibc
Version: %{glibcversion} Version: %{glibcversion}
Release: 9%{?dist} Release: 10%{?dist}
# In general, GPLv2+ is used by programs, LGPLv2+ is used for # In general, GPLv2+ is used by programs, LGPLv2+ is used for
# libraries. # libraries.
@ -170,6 +170,7 @@ Patch23: glibc-python3.patch
Patch29: glibc-fedora-nsswitch.patch Patch29: glibc-fedora-nsswitch.patch
Patch30: glibc-deprecated-selinux-makedb.patch Patch30: glibc-deprecated-selinux-makedb.patch
Patch31: glibc-deprecated-selinux-nscd.patch Patch31: glibc-deprecated-selinux-nscd.patch
Patch32: glibc-sigsetxid-sa_onstack.patch
############################################################################## ##############################################################################
# Continued list of core "glibc" package information: # Continued list of core "glibc" package information:
@ -2112,6 +2113,9 @@ fi
%files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared %files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared
%changelog %changelog
* Wed May 26 2021 Florian Weimer <fweimer@redhat.com> - 2.33.9000-10
- nptl: Install SIGSETXID handler with SA_ONSTACK [BZ #27914]
* Tue May 25 2021 Florian Weimer <fweimer@redhat.com> - 2.33.9000-9 * Tue May 25 2021 Florian Weimer <fweimer@redhat.com> - 2.33.9000-9
- Auto-sync with upstream branch master, - Auto-sync with upstream branch master,
commit ac0353af81a23535f517586a5d04427120a157ac. commit ac0353af81a23535f517586a5d04427120a157ac.