diff options
author | Michael Pratt <mpratt@google.com> | 2019-04-17 13:42:16 -0700 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2019-04-17 13:43:20 -0700 |
commit | b52cbd60280342f25411561702e97fe650fdaa9c (patch) | |
tree | 66cdc3cc800c07b708ab282d9323f11886834d83 /pkg/sentry | |
parent | c8cee7108f1a1b37e89961c6dd69ccab97952c86 (diff) |
Don't allow sigtimedwait to catch unblockable signals
The existing logic attempting to do this is incorrect. Unary ^ has
higher precedence than &^, so mask always has UnblockableSignals
cleared, allowing dequeueSignalLocked to dequeue unblockable signals
(which allows userspace to ignore them).
Switch the logic so that unblockable signals are always masked.
PiperOrigin-RevId: 244058487
Change-Id: Ib19630ac04068a1fbfb9dc4a8eab1ccbdb21edc3
Diffstat (limited to 'pkg/sentry')
-rw-r--r-- | pkg/sentry/kernel/task_signals.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/sentry/kernel/task_signals.go b/pkg/sentry/kernel/task_signals.go index e177562d7..3a8e61900 100644 --- a/pkg/sentry/kernel/task_signals.go +++ b/pkg/sentry/kernel/task_signals.go @@ -307,7 +307,7 @@ func (t *Task) SignalReturn(rt bool) (*SyscallControl, error) { func (t *Task) Sigtimedwait(set linux.SignalSet, timeout time.Duration) (*arch.SignalInfo, error) { // set is the set of signals we're interested in; invert it to get the set // of signals to block. - mask := ^set &^ UnblockableSignals + mask := ^(set &^ UnblockableSignals) t.tg.signalHandlers.mu.Lock() defer t.tg.signalHandlers.mu.Unlock() |