From 65fd804c4ac128723fc19cf72322c135ddaa548c Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: May 26 2021 06:25:19 +0000 Subject: nptl: Install SIGSETXID handler with SA_ONSTACK [BZ #27914] --- diff --git a/glibc-sigsetxid-sa_onstack.patch b/glibc-sigsetxid-sa_onstack.patch new file mode 100644 index 0000000..05e4204 --- /dev/null +++ b/glibc-sigsetxid-sa_onstack.patch @@ -0,0 +1,36 @@ +Emergency backport of this change prior to upstream acceptance: + +Author: Florian Weimer +Date: Wed May 26 07:13:00 2021 +0200 + + nptl: Install SIGSETXID handler with SA_ONSTACK [BZ #27914] + + The signal is sent to all threads, some of which may have switched + to very small stacks. If they have also installed an alternate + signal stack, SA_ONSTACK makes this work. The Go runtime needs this: + + runtime: C.setuid/C.setgid smashes Go stack + + + Doing this for SIGCANCEL is less obviously beneficial and needs further + testing. + +diff --git a/nptl/pthread_create.c b/nptl/pthread_create.c +index 5680687efe7089da..b7073a828549d24c 100644 +--- a/nptl/pthread_create.c ++++ b/nptl/pthread_create.c +@@ -83,9 +83,12 @@ late_init (void) + (void) __libc_sigaction (SIGCANCEL, &sa, NULL); + } + +- /* Install the handle to change the threads' uid/gid. */ ++ /* Install the handle to change the threads' uid/gid. Use ++ SA_ONSTACK because the signal may be sent to threads that are ++ running with custom stacks. (This is less likely for ++ SIGCANCEL.) */ + sa.sa_sigaction = __nptl_setxid_sighandler; +- sa.sa_flags = SA_SIGINFO | SA_RESTART; ++ sa.sa_flags = SA_ONSTACK | SA_SIGINFO | SA_RESTART; + (void) __libc_sigaction (SIGSETXID, &sa, NULL); + + /* The parent process might have left the signals blocked. Just in diff --git a/glibc.spec b/glibc.spec index abf3cdd..83dbab5 100644 --- a/glibc.spec +++ b/glibc.spec @@ -97,7 +97,7 @@ Summary: The GNU libc libraries Name: glibc Version: %{glibcversion} -Release: 9%{?dist} +Release: 10%{?dist} # In general, GPLv2+ is used by programs, LGPLv2+ is used for # libraries. @@ -170,6 +170,7 @@ Patch23: glibc-python3.patch Patch29: glibc-fedora-nsswitch.patch Patch30: glibc-deprecated-selinux-makedb.patch Patch31: glibc-deprecated-selinux-nscd.patch +Patch32: glibc-sigsetxid-sa_onstack.patch ############################################################################## # Continued list of core "glibc" package information: @@ -2112,6 +2113,9 @@ fi %files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared %changelog +* Wed May 26 2021 Florian Weimer - 2.33.9000-10 +- nptl: Install SIGSETXID handler with SA_ONSTACK [BZ #27914] + * Tue May 25 2021 Florian Weimer - 2.33.9000-9 - Auto-sync with upstream branch master, commit ac0353af81a23535f517586a5d04427120a157ac.