Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

make signal handler less greedy: only handle signals from expected memory ranges #23

Merged
merged 4 commits into from
Mar 22, 2024
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions include/eosio/vm/allocator.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
#include <cstring>
#include <map>
#include <set>
#include <span>
#include <memory>
#include <mutex>
#include <utility>
Expand Down Expand Up @@ -372,6 +373,8 @@ namespace eosio { namespace vm {

const void* get_code_start() const { return _code_base; }

std::span<std::byte> get_code_span() const {return {(std::byte*)_code_base, _code_size};}

/* different semantics than free,
* the memory must be at the end of the most recently allocated block.
*/
Expand Down Expand Up @@ -524,5 +527,7 @@ namespace eosio { namespace vm {
inline T* create_pointer(uint32_t offset) { return reinterpret_cast<T*>(raw + offset); }
inline int32_t get_current_page() const { return page; }
bool is_in_region(char* p) { return p >= raw && p < raw + max_memory; }

std::span<std::byte> get_span() const {return {(std::byte*)raw, max_memory};}
};
}} // namespace eosio::vm
6 changes: 3 additions & 3 deletions include/eosio/vm/execution_context.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -358,11 +358,11 @@ namespace eosio { namespace vm {

vm::invoke_with_signal_handler([&]() {
result = execute<sizeof...(Args)>(args_raw, fn, this, base_type::linear_memory(), stack);
}, &handle_signal);
}, &handle_signal, {_mod->allocator.get_code_span(), base_type::get_wasm_allocator()->get_span()});
} else {
vm::invoke_with_signal_handler([&]() {
result = execute<sizeof...(Args)>(args_raw, fn, this, base_type::linear_memory(), stack);
}, &handle_signal);
}, &handle_signal, {_mod->allocator.get_code_span(), base_type::get_wasm_allocator()->get_span()});
}
}
} catch(wasm_exit_exception&) {
Expand Down Expand Up @@ -800,7 +800,7 @@ namespace eosio { namespace vm {
setup_locals(func_index);
vm::invoke_with_signal_handler([&]() {
execute(visitor);
}, &handle_signal);
}, &handle_signal, {_mod->allocator.get_code_span(), base_type::get_wasm_allocator()->get_span()});
}

if (_mod->get_function_type(func_index).return_count && !_state.exiting) {
Expand Down
26 changes: 23 additions & 3 deletions include/eosio/vm/signals.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
#include <cstdlib>
#include <exception>
#include <utility>
#include <span>
#include <signal.h>
#include <setjmp.h>

Expand All @@ -16,6 +17,9 @@ namespace eosio { namespace vm {
__attribute__((visibility("default")))
inline thread_local std::atomic<sigjmp_buf*> signal_dest{nullptr};

__attribute__((visibility("default")))
inline thread_local std::vector<std::span<std::byte>> protected_memory_ranges;

// Fixes a duplicate symbol build issue when building with `-fvisibility=hidden`
__attribute__((visibility("default")))
inline thread_local std::exception_ptr saved_exception{nullptr};
Expand All @@ -25,7 +29,20 @@ namespace eosio { namespace vm {

inline void signal_handler(int sig, siginfo_t* info, void* uap) {
sigjmp_buf* dest = std::atomic_load(&signal_dest);
if (dest) {

auto in_protected_range = [&]() {
//empty protection list means legacy catch-all behavior; useful for some of the old tests
if(protected_memory_ranges.empty())
return true;

for(const std::span<std::byte>& range : protected_memory_ranges) {
if(info->si_addr >= range.data() && info->si_addr < range.data() + range.size())
return true;
}
return false;
};

if (dest && in_protected_range()) {
siglongjmp(*dest, sig);
} else {
struct sigaction* prev_action;
Expand Down Expand Up @@ -98,7 +115,9 @@ namespace eosio { namespace vm {
sigaddset(&sa.sa_mask, SIGPROF);
sa.sa_flags = SA_NODEFER | SA_SIGINFO;
sigaction(SIGSEGV, &sa, &prev_signal_handler<SIGSEGV>);
#ifndef __linux__
sigaction(SIGBUS, &sa, &prev_signal_handler<SIGBUS>);
#endif
sigaction(SIGFPE, &sa, &prev_signal_handler<SIGFPE>);
}

Expand All @@ -114,16 +133,17 @@ namespace eosio { namespace vm {
/// with non-trivial destructors, then it must mask the relevant signals
/// during the lifetime of these objects or the behavior is undefined.
///
/// signals handled: SIGSEGV, SIGBUS, SIGFPE
/// signals handled: SIGSEGV, SIGBUS (except on Linux), SIGFPE
///
// Make this noinline to prevent possible corruption of the caller's local variables.
// It's unlikely, but I'm not sure that it can definitely be ruled out if both
// this and f are inlined and f modifies locals from the caller.
template<typename F, typename E>
[[gnu::noinline]] auto invoke_with_signal_handler(F&& f, E&& e) {
[[gnu::noinline]] auto invoke_with_signal_handler(F&& f, E&& e, const std::vector<std::span<std::byte>>& protect_ranges) {
setup_signal_handler();
sigjmp_buf dest;
sigjmp_buf* volatile old_signal_handler = nullptr;
protected_memory_ranges = protect_ranges;
int sig;
if((sig = sigsetjmp(dest, 1)) == 0) {
// Note: Cannot use RAII, as non-trivial destructors w/ longjmp
Expand Down
8 changes: 6 additions & 2 deletions tests/signals_tests.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ TEST_CASE("Testing signals", "[invoke_with_signal_handler]") {
std::raise(SIGSEGV);
}, [](int sig) {
throw test_exception{};
});
}, {});
} catch(test_exception&) {
okay = true;
}
Expand All @@ -25,7 +25,7 @@ TEST_CASE("Testing signals", "[invoke_with_signal_handler]") {
TEST_CASE("Testing throw", "[signal_handler_throw]") {
CHECK_THROWS_AS(eosio::vm::invoke_with_signal_handler([](){
eosio::vm::throw_<eosio::vm::wasm_exit_exception>( "Exiting" );
}, [](int){}), eosio::vm::wasm_exit_exception);
}, [](int){}, {}), eosio::vm::wasm_exit_exception);
}

static volatile sig_atomic_t sig_handled;
Expand Down Expand Up @@ -54,9 +54,11 @@ TEST_CASE("Test signal handler forwarding", "[signal_handler_forward]") {
sig_handled = 0;
std::raise(SIGSEGV);
CHECK(sig_handled == 42 + SIGSEGV);
#ifndef __linux__
sig_handled = 0;
std::raise(SIGBUS);
CHECK(sig_handled == 42 + SIGBUS);
#endif
sig_handled = 0;
std::raise(SIGFPE);
CHECK(sig_handled == 42 + SIGFPE);
Expand All @@ -73,9 +75,11 @@ TEST_CASE("Test signal handler forwarding", "[signal_handler_forward]") {
sig_handled = 0;
std::raise(SIGSEGV);
CHECK(sig_handled == 142 + SIGSEGV);
#ifndef __linux__
sig_handled = 0;
std::raise(SIGBUS);
CHECK(sig_handled == 142 + SIGBUS);
#endif
sig_handled = 0;
std::raise(SIGFPE);
CHECK(sig_handled == 142 + SIGFPE);
Expand Down