New issue
Advanced search Search tips

Issue 894962 link

Starred by 1 user

Issue metadata

Status: Verified
Owner: ----
Closed: Oct 25
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug
Build-Toolchain

Blocking:
issue 834385



Sign in to add a comment

cupsd crashes with glibc 2.27

Project Member Reported by yunlian@chromium.org, Oct 12

Issue description

With glibc 2.27, cupsd crashed with SIGSYS in function
raise

glibc has change implementation of raise as below. We need to
whiltelist gettid and tgkill

int
raise (int sig)
{
  /* rt_sigprocmask may fail if:

     1. sigsetsize != sizeof (sigset_t) (EINVAL)
     2. a failure in copy from/to user space (EFAULT)
     3. an invalid 'how' operation (EINVAL)

     The first case is already handle in glibc syscall call by using the arch
     defined _NSIG.  Second case is handled by using a stack allocated mask.
     The last one should be handled by the block/unblock functions.  */

  sigset_t set;
  __libc_signal_block_app (&set);

  INTERNAL_SYSCALL_DECL (err);
  pid_t pid = INTERNAL_SYSCALL (getpid, err, 0);
  pid_t tid = INTERNAL_SYSCALL (gettid, err, 0);

  int ret = INLINE_SYSCALL (tgkill, 3, pid, tid, sig);

  __libc_signal_restore_set (&set);

  return ret;
}

 
Cc: michael....@intel.corp-partner.google.com
Project Member

Comment 2 by bugdroid1@chromium.org, Oct 16

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/77393f64043bfe9c645a767aba9c8e6c6a9805c7

commit 77393f64043bfe9c645a767aba9c8e6c6a9805c7
Author: Yunlian Jiang <yunlian@google.com>
Date: Tue Oct 16 09:57:35 2018

cups: add gettid and tgkill to seccomp whitelist

glibc changed their raise implementation via commit below and
it introduces two additional system call in it. We need to
add it to seccomp whitelist accordingly.

commit 2ac88eecc57ff00e0b5ff803ebcc3465d2d640dd
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date:   Fri Apr 22 09:25:20 2016 -0300

    Refactor Linux raise implementation (BZ#15368)

BUG= chromium:894962 
TEST=no SIGSYS crash on cupsd with glibc 2.27

Change-Id: I56f328005be1f8be00c73194ce28ea692bcb471a
Reviewed-on: https://chromium-review.googlesource.com/1280942
Commit-Ready: Yunlian Jiang <yunlian@chromium.org>
Tested-by: Yunlian Jiang <yunlian@chromium.org>
Reviewed-by: Sean Kau <skau@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/77393f64043bfe9c645a767aba9c8e6c6a9805c7/net-print/cups/files/cupsd-seccomp-x86.policy
[modify] https://crrev.com/77393f64043bfe9c645a767aba9c8e6c6a9805c7/net-print/cups/files/cupsd-seccomp-arm64.policy
[rename] https://crrev.com/77393f64043bfe9c645a767aba9c8e6c6a9805c7/net-print/cups/cups-2.1.4-r16.ebuild
[modify] https://crrev.com/77393f64043bfe9c645a767aba9c8e6c6a9805c7/net-print/cups/files/cupsd-seccomp-arm.policy
[modify] https://crrev.com/77393f64043bfe9c645a767aba9c8e6c6a9805c7/net-print/cups/files/cupsd-seccomp-amd64.policy

Status: Verified (was: Untriaged)

Sign in to add a comment