Google Git
Sign in
qemu / qemu / 3d3efba020da1de57a715e2087cf761ed0ad0904
commit3d3efba020da1de57a715e2087cf761ed0ad0904[log] [tgz]
authorPeter Maydell <peter.maydell@linaro.org>Fri May 27 15:51:49 2016 +0100
committerRiku Voipio <riku.voipio@linaro.org>Tue Jun 07 16:39:07 2016 +0300
tree915076847494f60b5ab922f781069a4afedaf696
parent2fe4fba115b5b9f7e6722720c57810e0fc64b9b5 [diff]
linux-user: Fix race between multiple signals

If multiple host signals are received in quick succession they would
be queued in TaskState then delivered to the guest in spite of
signals being supposed to be blocked by the guest signal handler's
sa_mask. Fix this by decoupling the guest signal mask from the
host signal mask, so we can have protected sections where all
host signals are blocked. In particular we block signals from
when host_signal_handler() queues a signal from the guest until
process_pending_signals() has unqueued it. We also block signals
while we are manipulating the guest signal mask in emulation of
sigprocmask and similar syscalls.

Blocking host signals also ensures the correct behaviour with respect
to multiple threads and the overrun count of timer related signals.
Alas blocking and queuing in qemu is still needed because of virtual
processor exceptions, SIGSEGV and SIGBUS.

Blocking signals inside process_pending_signals() protects against
concurrency problems that would otherwise happen if host_signal_handler()
ran and accessed the signal data structures while process_pending_signals()
was manipulating them.

Since we now track the guest signal mask separately from that
of the host, the sigsuspend system calls must track the signal
mask passed to them, because when we process signals as we leave
the sigsuspend the guest signal mask in force is that passed to
sigsuspend.

Signed-off-by: Timothy Edward Baldwin <T.E.Baldwin99@members.leeds.ac.uk>
Message-id: 1441497448-32489-19-git-send-email-T.E.Baldwin99@members.leeds.ac.uk
[PMM: make signal_pending a simple flag rather than a word with two flag bits;
 ensure we don't call block_signals() twice in sigreturn codepaths;
 document and assert() the guarantee that using do_sigprocmask() to
 get the current mask never fails;  use the qemu atomics.h functions
 rather than raw volatile variable access; add extra commentary and
 documentation; block SIGSEGV/SIGBUS in block_signals() and in
 process_pending_signals() because they can't occur synchronously here;
 check the right do_sigprocmask() call for errors in ssetmask syscall;
 expand commit message; fixed sigsuspend() hanging]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
3 files changed
tree: 915076847494f60b5ab922f781069a4afedaf696
  1. audio/
  2. backends/
  3. block/
  4. bsd-user/
  5. contrib/
  6. crypto/
  7. default-configs/
  8. disas/
  9. docs/
  10. fpu/
  11. fsdev/
  12. gdb-xml/
  13. hw/
  14. include/
  15. io/
  16. libdecnumber/
  17. linux-headers/
  18. linux-user/
  19. migration/
  20. nbd/
  21. net/
  22. pc-bios/
  23. po/
  24. qapi/
  25. qga/
  26. qobject/
  27. qom/
  28. replay/
  29. roms/
  30. scripts/
  31. slirp/
  32. stubs/
  33. target-alpha/
  34. target-arm/
  35. target-cris/
  36. target-i386/
  37. target-lm32/
  38. target-m68k/
  39. target-microblaze/
  40. target-mips/
  41. target-moxie/
  42. target-openrisc/
  43. target-ppc/
  44. target-s390x/
  45. target-sh4/
  46. target-sparc/
  47. target-tilegx/
  48. target-tricore/
  49. target-unicore32/
  50. target-xtensa/
  51. tcg/
  52. tests/
  53. trace/
  54. ui/
  55. util/
  56. dtc
  57. pixman
  58. .dir-locals.el
  59. .exrc
  60. .gitignore
  61. .gitmodules
  62. .mailmap
  63. .travis.yml
  64. accel.c
  65. aio-posix.c
  66. aio-win32.c
  67. arch_init.c
  68. async.c
  69. balloon.c
  70. block.c
  71. blockdev-nbd.c
  72. blockdev.c
  73. blockjob.c
  74. bootdevice.c
  75. bt-host.c
  76. bt-vhci.c
  77. Changelog
  78. CODING_STYLE
  79. configure
  80. COPYING
  81. COPYING.LIB
  82. cpu-exec-common.c
  83. cpu-exec.c
  84. cpus.c
  85. cputlb.c
  86. device-hotplug.c
  87. device_tree.c
  88. disas.c
  89. dma-helpers.c
  90. dump.c
  91. exec.c
  92. gdbstub.c
  93. HACKING
  94. hmp-commands-info.hx
  95. hmp-commands.hx
  96. hmp.c
  97. hmp.h
  98. iohandler.c
  99. ioport.c
  100. iothread.c
  101. kvm-all.c
  102. kvm-stub.c
  103. LICENSE
  104. main-loop.c
  105. MAINTAINERS
  106. Makefile
  107. Makefile.objs
  108. Makefile.target
  109. memory.c
  110. memory_mapping.c
  111. module-common.c
  112. monitor.c
  113. numa.c
  114. os-posix.c
  115. os-win32.c
  116. page_cache.c
  117. qapi-schema.json
  118. qdev-monitor.c
  119. qdict-test-data.txt
  120. qemu-bridge-helper.c
  121. qemu-char.c
  122. qemu-doc.texi
  123. qemu-ga.texi
  124. qemu-img-cmds.hx
  125. qemu-img.c
  126. qemu-img.texi
  127. qemu-io-cmds.c
  128. qemu-io.c
  129. qemu-nbd.c
  130. qemu-nbd.texi
  131. qemu-options-wrapper.h
  132. qemu-options.h
  133. qemu-options.hx
  134. qemu-seccomp.c
  135. qemu-tech.texi
  136. qemu-timer.c
  137. qemu.nsi
  138. qemu.sasl
  139. qmp-commands.hx
  140. qmp.c
  141. qtest.c
  142. README
  143. rules.mak
  144. softmmu_template.h
  145. spice-qemu-char.c
  146. tcg-runtime.c
  147. tci.c
  148. thread-pool.c
  149. thunk.c
  150. tpm.c
  151. trace-events
  152. translate-all.c
  153. translate-all.h
  154. translate-common.c
  155. user-exec.c
  156. VERSION
  157. version.rc
  158. vl.c
  159. xen-common-stub.c
  160. xen-common.c
  161. xen-hvm-stub.c
  162. xen-hvm.c
  163. xen-mapcache.c