From 6728f09910bd9f7633f277fafe6945cfaa2abf42 Mon Sep 17 00:00:00 2001
From: Adin Scannell <ascannell@google.com>
Date: Fri, 8 Jun 2018 15:00:29 -0700
Subject: Fix sigaltstack semantics.

Walking off the bottom of the sigaltstack, for example with recursive faults,
results in forced signal delivery, not resetting the stack or pushing signal
stack to whatever happens to lie below the signal stack.

PiperOrigin-RevId: 199856085
Change-Id: I0004d2523f0df35d18714de2685b3eaa147837e0
---
 pkg/sentry/syscalls/linux/sys_signal.go | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

(limited to 'pkg/sentry/syscalls')

diff --git a/pkg/sentry/syscalls/linux/sys_signal.go b/pkg/sentry/syscalls/linux/sys_signal.go
index 93b3f531a..66ecb1299 100644
--- a/pkg/sentry/syscalls/linux/sys_signal.go
+++ b/pkg/sentry/syscalls/linux/sys_signal.go
@@ -315,25 +315,23 @@ func Sigaltstack(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.S
 	setaddr := args[0].Pointer()
 	oldaddr := args[1].Pointer()
 
+	alt := t.SignalStack()
 	if oldaddr != 0 {
-		alt := t.SignalStack()
-		if t.OnSignalStack(alt) {
-			alt.Flags |= arch.SignalStackFlagOnStack
-		}
 		if err := t.CopyOutSignalStack(oldaddr, &alt); err != nil {
 			return 0, nil, err
 		}
 	}
 	if setaddr != 0 {
-		if t.OnSignalStack(t.SignalStack()) {
-			return 0, nil, syserror.EPERM
-		}
 		alt, err := t.CopyInSignalStack(setaddr)
 		if err != nil {
 			return 0, nil, err
 		}
-		if err := t.SetSignalStack(alt); err != nil {
-			return 0, nil, err
+		// The signal stack cannot be changed if the task is currently
+		// on the stack. This is enforced at the lowest level because
+		// these semantics apply to changing the signal stack via a
+		// ucontext during a signal handler.
+		if !t.SetSignalStack(alt) {
+			return 0, nil, syserror.EPERM
 		}
 	}
 
-- 
cgit v1.2.3