aboutsummaryrefslogtreecommitdiff
path: root/include/bits/unistd_ext.h
AgeCommit message (Collapse)AuthorFilesLines
2024-10-08stdlib: Make abort/_Exit AS-safe (BZ 26275)Adhemerval Zanella1-0/+3
The recursive lock used on abort does not synchronize with a new process creation (either by fork-like interfaces or posix_spawn ones), nor it is reinitialized after fork(). Also, the SIGABRT unblock before raise() shows another race condition, where a fork or posix_spawn() call by another thread, just after the recursive lock release and before the SIGABRT signal, might create programs with a non-expected signal mask. With the default option (without POSIX_SPAWN_SETSIGDEF), the process can see SIG_DFL for SIGABRT, where it should be SIG_IGN. To fix the AS-safe, raise() does not change the process signal mask, and an AS-safe lock is used if a SIGABRT is installed or the process is blocked or ignored. With the signal mask change removal, there is no need to use a recursive loc. The lock is also taken on both _Fork() and posix_spawn(), to avoid the spawn process to see the abort handler as SIG_DFL. A read-write lock is used to avoid serialize _Fork and posix_spawn execution. Both sigaction (SIGABRT) and abort() requires to lock as writer (since both change the disposition). The fallback is also simplified: there is no need to use a loop of ABORT_INSTRUCTION after _exit() (if the syscall does not terminate the process, the system is broken). The proposed fix changes how setjmp works on a SIGABRT handler, where glibc does not save the signal mask. So usage like the below will now always abort. static volatile int chk_fail_ok; static jmp_buf chk_fail_buf; static void handler (int sig) { if (chk_fail_ok) { chk_fail_ok = 0; longjmp (chk_fail_buf, 1); } else _exit (127); } [...] signal (SIGABRT, handler); [....] chk_fail_ok = 1; if (! setjmp (chk_fail_buf)) { // Something that can calls abort, like a failed fortify function. chk_fail_ok = 0; printf ("FAIL\n"); } Such cases will need to use sigsetjmp instead. The _dl_start_profile calls sigaction through _profil, and to avoid pulling abort() on loader the call is replaced with __libc_sigaction. Checked on x86_64-linux-gnu and aarch64-linux-gnu. Reviewed-by: DJ Delorie <dj@redhat.com>
2021-07-08linux: Add close_rangeAdhemerval Zanella1-0/+6
It was added on Linux 5.9 (278a5fbaed89) with CLOSE_RANGE_CLOEXEC added on 5.11 (582f1fb6b721f). Although FreeBSD has added the same syscall, this only adds the symbol on Linux ports. This syscall is required to provided a fail-safe way to implement the closefrom symbol (BZ #10353). Checked on x86_64-linux-gnu and i686-linux-gnu on kernel 5.11 and 4.15.
2019-02-08Provide <bits/unistd_ext.h> as a sysdeps header exclusivelyFlorian Weimer1-1/+0
Non-sysdeps headers cannot be overriden by sysdeps headers across the entire build, so it is necessary to turn such extension headers into sysdeps headers themselves. The approach here follows the existing <bits/shm.h> header (although it uses sysdeps/gnu instead of sysdeps/generic). Fixes commit 1d0fc213824eaa2a8f8c4385daaa698ee8fb7c92 ("Linux: Add gettid system call wrapper [BZ #6399]") and commit 8f89ab216f205c2ffd90d1fc8454efdfc0b01dee ("posix: Fix missing wrapper header for <bits/unistd_ext.h>").
2019-02-08posix: Fix missing wrapper header for <bits/unistd_ext.h>Florian Weimer1-0/+1
Fixes commit 1d0fc213824eaa2a8f8c4385daaa698ee8fb7c92 ("Linux: Add gettid system call wrapper [BZ #6399]"). Reviewed-by: Carlos O'Donell <carlos@redhat.com>
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-01 22:29:19 +0000