[PATCH v16 5/6] signal: define the SA_UNSUPPORTED bit in sa_flags
Eric W. Biederman
ebiederm at xmission.com
Sat Nov 14 08:53:28 EST 2020
Peter Collingbourne <pcc at google.com> writes:
> Define a sa_flags bit, SA_UNSUPPORTED, which will never be supported
> in the uapi. The purpose of this flag bit is to allow userspace to
> distinguish an old kernel that does not clear unknown sa_flags bits
> from a kernel that supports every flag bit.
>
> In other words, if userspace does something like:
>
> act.sa_flags |= SA_UNSUPPORTED;
> sigaction(SIGSEGV, &act, 0);
> sigaction(SIGSEGV, 0, &oldact);
>
> and finds that SA_UNSUPPORTED remains set in oldact.sa_flags, it means
> that the kernel cannot be trusted to have cleared unknown flag bits
> from sa_flags, so no assumptions about flag bit support can be made.
>
> Signed-off-by: Peter Collingbourne <pcc at google.com>
> Reviewed-by: Dave Martin <Dave.Martin at arm.com>
> Link: https://linux-review.googlesource.com/id/Ic2501ad150a3a79c1cf27fb8c99be342e9dffbcb
> ---
> v11:
> - clarify the commit message
>
> include/uapi/asm-generic/signal-defs.h | 7 +++++++
> kernel/signal.c | 6 ++++++
> 2 files changed, 13 insertions(+)
>
> diff --git a/include/uapi/asm-generic/signal-defs.h b/include/uapi/asm-generic/signal-defs.h
> index 493953fe319b..0126ebda4d31 100644
> --- a/include/uapi/asm-generic/signal-defs.h
> +++ b/include/uapi/asm-generic/signal-defs.h
> @@ -14,6 +14,12 @@
> * SA_RESTART flag to get restarting signals (which were the default long ago)
> * SA_NODEFER prevents the current signal from being masked in the handler.
> * SA_RESETHAND clears the handler when the signal is delivered.
> + * SA_UNSUPPORTED is a flag bit that will never be supported. Kernels from
> + * before the introduction of SA_UNSUPPORTED did not clear unknown bits from
> + * sa_flags when read using the oldact argument to sigaction and rt_sigaction,
> + * so this bit allows flag bit support to be detected from userspace while
> + * allowing an old kernel to be distinguished from a kernel that supports every
> + * flag bit.
> *
> * SA_ONESHOT and SA_NOMASK are the historical Linux names for the Single
> * Unix names RESETHAND and NODEFER respectively.
> @@ -42,6 +48,7 @@
> #ifndef SA_RESETHAND
> #define SA_RESETHAND 0x80000000
> #endif
> +#define SA_UNSUPPORTED 0x00000400
Why this value and why not in numerical order with the other flags?
At the very least not being in order with the other bits makes it
a little easier to overlook it and define something at that position.
Eric
> #define SA_NOMASK SA_NODEFER
> #define SA_ONESHOT SA_RESETHAND
> diff --git a/kernel/signal.c b/kernel/signal.c
> index 8f5bd12ee41b..8f34819e80de 100644
> --- a/kernel/signal.c
> +++ b/kernel/signal.c
> @@ -3985,6 +3985,12 @@ int do_sigaction(int sig, struct k_sigaction *act, struct k_sigaction *oact)
> if (oact)
> *oact = *k;
>
> + /*
> + * Make sure that we never accidentally claim to support SA_UNSUPPORTED,
> + * e.g. by having an architecture use the bit in their uapi.
> + */
> + BUILD_BUG_ON(UAPI_SA_FLAGS & SA_UNSUPPORTED);
> +
> /*
> * Clear unknown flag bits in order to allow userspace to detect missing
> * support for flag bits and to allow the kernel to use non-uapi bits
More information about the linux-arm-kernel
mailing list