restorer: Block signals early

Otherwise threads can handle them before calling sigreturn with wrong (not belonging to crtools, but to the target task) handers: __export_restore_task | __export_restore_thread restore_finish_stage(CR_STATE_RESTORE); | restore_finish_stage(CR_STATE_RESTORE); sys_sigaction(SIGCHLD, &args->sigchld_act, ...) | restore_signals() | ksigfillset(&to_block); | sys_rt_sigqueueinfo(sys_getpid(), ...); | | execute signal handler() <------ BUG !!! | restore_signals() | ksigfillset(&to_block); Signed-off-by: Andrey Vagin <avagin@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

restorer: Block signals early
Otherwise threads can handle them before calling sigreturn with wrong (not belonging to crtools, but to the target task) handers: __export_restore_task | __export_restore_thread restore_finish_stage(CR_STATE_RESTORE); | restore_finish_stage(CR_STATE_RESTORE); sys_sigaction(SIGCHLD, &args->sigchld_act, ...) | restore_signals() | ksigfillset(&to_block); | sys_rt_sigqueueinfo(sys_getpid(), ...); | | execute signal handler() <------ BUG !!! | restore_signals() | ksigfillset(&to_block); Signed-off-by: Andrey Vagin <avagin@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
5d18eca3 · Andrey Vagin · Pavel Emelyanov · c721a275 · 5d18eca3
Commit 5d18eca3 authored Sep 20, 2013 by Andrey Vagin Committed by Pavel Emelyanov Sep 20, 2013
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 8 deletions

restorer.c pie/restorer.c +17 -8

No files found.
--- a/pie/restorer.c
+++ b/pie/restorer.c
@@ -211,14 +211,6 @@ static void restore_rlims(struct task_restore_core_args *ta)
 static int restore_signals(siginfo_t *ptr, int nr, bool group)
 {
 	int ret, i;
-	k_rtsigset_t to_block;
-	ksigfillset(&to_block);
-	ret = sys_sigprocmask(SIG_SETMASK, &to_block, NULL, sizeof(k_rtsigset_t));
-	if (ret) {
-		pr_err("Unable to block signals %d", ret);
-		return -1;
-	}
 	for (i = 0; i < nr; i++) {
 		siginfo_t *info = ptr + i;
@@ -272,6 +264,7 @@ static int restore_thread_common(struct rt_sigframe *sigframe,
 long __export_restore_thread(struct thread_restore_args *args)
 {
 	struct rt_sigframe *rt_sigframe;
+	k_rtsigset_t to_block;
 	unsigned long new_sp;
 	int my_pid = sys_gettid();
 	int ret;
@@ -281,6 +274,14 @@ long __export_restore_thread(struct thread_restore_args *args)
 		goto core_restore_end;
 	}
+	/* All signals must be handled by thread leader */
+	ksigfillset(&to_block);
+	ret = sys_sigprocmask(SIG_SETMASK, &to_block, NULL, sizeof(k_rtsigset_t));
+	if (ret) {
+		pr_err("Unable to block signals %d", ret);
+		goto core_restore_end;
+	}
 	rt_sigframe = (void *)args->mem_zone.rt_sigframe;
 	if (restore_thread_common(rt_sigframe, args))
@@ -527,6 +528,7 @@ long __export_restore_task(struct task_restore_core_args *args)
 	struct rt_sigframe *rt_sigframe;
 	unsigned long new_sp;
+	k_rtsigset_t to_block;
 	pid_t my_pid = sys_getpid();
 	rt_sigaction_t act;
@@ -855,6 +857,13 @@ long __export_restore_task(struct task_restore_core_args *args)
 	futex_wait_while_gt(&zombies_inprogress, 0);
+	ksigfillset(&to_block);
+	ret = sys_sigprocmask(SIG_SETMASK, &to_block, NULL, sizeof(k_rtsigset_t));
+	if (ret) {
+		pr_err("Unable to block signals %ld", ret);
+		goto core_restore_end;
+	}
 	sys_sigaction(SIGCHLD, &args->sigchld_act, NULL, sizeof(k_rtsigset_t));
 	ret = restore_signals(args->siginfo, args->siginfo_nr, true);