summaryrefslogtreecommitdiff
path: root/libc/malloc_debug/malloc_debug.cpp
diff options
context:
space:
mode:
authorRyan Savitski <rsavitski@google.com>2020-02-17 12:29:46 +0000
committerRyan Savitski <rsavitski@google.com>2020-02-25 19:00:18 +0000
commit1dc4122a1d1525ba0892c7c727df8a29942129ce (patch)
treed7beed0aee925dafa8d0b47ae59dafd920553d64 /libc/malloc_debug/malloc_debug.cpp
parent33318f51972de2a7973efb7d9d2f00de567d2e3c (diff)
Override SIGSYS during profiling signal handler
This is a best-effort mitigation for potential crashes when the profiling signal handler is triggered within certain secomp'd processes. In particular, we're working around cases where the seccomp policy doesn't allow some of the handler syscalls, and has a crashing disposition towards violations via SECCOMP_RET_TRAP, plus a crashing SIGSYS handler. While not general, this covers the configurations seen in practice on Android (which are all using minijail in the same way). By overriding the SIGSYS handling for the duration of the profiling handler, we can instead receive such SIGSYS signals, and instead recover from them in a non-crashing manner (the handler is responsible for filling the syscall return register, since the syscall itself was skipped). For simplicity, we're swallowing all SIGSYS signals during this window, without trying to figure out whether they're something that could be caused by the profiling signal handler. I've quite convinced myself that -ENOSYS seems to be safe to return to all of bionic's syscall wrappers across the four architectures (looking at gensyscalls + the special-cases like vfork and clone). It is theoretically possible for all kinds of conflicting (ab)uses of SIGSYS to exist, but I'm assuming it's not a realistic concern until proven otherwise. Tested: manually sigqueue'd configstore on crosshatch, confirmed that the SIGSYS override log was printed, and the process did not crash (as it does on master). Bug: 149328505 Change-Id: Iab8f09e51169807c9d3e1e0bcfd042f09f7df6a4
Diffstat (limited to 'libc/malloc_debug/malloc_debug.cpp')
0 files changed, 0 insertions, 0 deletions