Skip to content

Commit

Permalink
Merge pull request #23 from AntelopeIO/limit_signal_handler
Browse files Browse the repository at this point in the history
make signal handler less greedy: only handle signals from expected memory ranges
  • Loading branch information
spoonincode authored Mar 22, 2024
2 parents ee0b142 + f725536 commit aa8bd0a
Show file tree
Hide file tree
Showing 4 changed files with 37 additions and 8 deletions.
5 changes: 5 additions & 0 deletions include/eosio/vm/allocator.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
#include <cstring>
#include <map>
#include <set>
#include <span>
#include <memory>
#include <mutex>
#include <utility>
Expand Down Expand Up @@ -372,6 +373,8 @@ namespace eosio { namespace vm {

const void* get_code_start() const { return _code_base; }

std::span<std::byte> get_code_span() const {return {(std::byte*)_code_base, _code_size};}

/* different semantics than free,
* the memory must be at the end of the most recently allocated block.
*/
Expand Down Expand Up @@ -524,5 +527,7 @@ namespace eosio { namespace vm {
inline T* create_pointer(uint32_t offset) { return reinterpret_cast<T*>(raw + offset); }
inline int32_t get_current_page() const { return page; }
bool is_in_region(char* p) { return p >= raw && p < raw + max_memory; }

std::span<std::byte> get_span() const {return {(std::byte*)raw, max_memory};}
};
}} // namespace eosio::vm
6 changes: 3 additions & 3 deletions include/eosio/vm/execution_context.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -358,11 +358,11 @@ namespace eosio { namespace vm {

vm::invoke_with_signal_handler([&]() {
result = execute<sizeof...(Args)>(args_raw, fn, this, base_type::linear_memory(), stack);
}, &handle_signal);
}, &handle_signal, {_mod->allocator.get_code_span(), base_type::get_wasm_allocator()->get_span()});
} else {
vm::invoke_with_signal_handler([&]() {
result = execute<sizeof...(Args)>(args_raw, fn, this, base_type::linear_memory(), stack);
}, &handle_signal);
}, &handle_signal, {_mod->allocator.get_code_span(), base_type::get_wasm_allocator()->get_span()});
}
}
} catch(wasm_exit_exception&) {
Expand Down Expand Up @@ -800,7 +800,7 @@ namespace eosio { namespace vm {
setup_locals(func_index);
vm::invoke_with_signal_handler([&]() {
execute(visitor);
}, &handle_signal);
}, &handle_signal, {_mod->allocator.get_code_span(), base_type::get_wasm_allocator()->get_span()});
}

if (_mod->get_function_type(func_index).return_count && !_state.exiting) {
Expand Down
26 changes: 23 additions & 3 deletions include/eosio/vm/signals.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
#include <cstdlib>
#include <exception>
#include <utility>
#include <span>
#include <signal.h>
#include <setjmp.h>

Expand All @@ -16,16 +17,32 @@ namespace eosio { namespace vm {
__attribute__((visibility("default")))
inline thread_local std::atomic<sigjmp_buf*> signal_dest{nullptr};

__attribute__((visibility("default")))
inline thread_local std::vector<std::span<std::byte>> protected_memory_ranges;

// Fixes a duplicate symbol build issue when building with `-fvisibility=hidden`
__attribute__((visibility("default")))
inline thread_local std::exception_ptr saved_exception{nullptr};

template<int Sig>
inline struct sigaction prev_signal_handler;

inline bool in_protected_range(void* addr) {
//empty protection list means legacy catch-all behavior; useful for some of the old tests
if(protected_memory_ranges.empty())
return true;

for(const std::span<std::byte>& range : protected_memory_ranges) {
if(addr >= range.data() && addr < range.data() + range.size())
return true;
}
return false;
}

inline void signal_handler(int sig, siginfo_t* info, void* uap) {
sigjmp_buf* dest = std::atomic_load(&signal_dest);
if (dest) {

if (dest && in_protected_range(info->si_addr)) {
siglongjmp(*dest, sig);
} else {
struct sigaction* prev_action;
Expand Down Expand Up @@ -98,7 +115,9 @@ namespace eosio { namespace vm {
sigaddset(&sa.sa_mask, SIGPROF);
sa.sa_flags = SA_NODEFER | SA_SIGINFO;
sigaction(SIGSEGV, &sa, &prev_signal_handler<SIGSEGV>);
#ifndef __linux__
sigaction(SIGBUS, &sa, &prev_signal_handler<SIGBUS>);
#endif
sigaction(SIGFPE, &sa, &prev_signal_handler<SIGFPE>);
}

Expand All @@ -114,16 +133,17 @@ namespace eosio { namespace vm {
/// with non-trivial destructors, then it must mask the relevant signals
/// during the lifetime of these objects or the behavior is undefined.
///
/// signals handled: SIGSEGV, SIGBUS, SIGFPE
/// signals handled: SIGSEGV, SIGBUS (except on Linux), SIGFPE
///
// Make this noinline to prevent possible corruption of the caller's local variables.
// It's unlikely, but I'm not sure that it can definitely be ruled out if both
// this and f are inlined and f modifies locals from the caller.
template<typename F, typename E>
[[gnu::noinline]] auto invoke_with_signal_handler(F&& f, E&& e) {
[[gnu::noinline]] auto invoke_with_signal_handler(F&& f, E&& e, const std::vector<std::span<std::byte>>& protect_ranges) {
setup_signal_handler();
sigjmp_buf dest;
sigjmp_buf* volatile old_signal_handler = nullptr;
protected_memory_ranges = protect_ranges;
int sig;
if((sig = sigsetjmp(dest, 1)) == 0) {
// Note: Cannot use RAII, as non-trivial destructors w/ longjmp
Expand Down
8 changes: 6 additions & 2 deletions tests/signals_tests.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ TEST_CASE("Testing signals", "[invoke_with_signal_handler]") {
std::raise(SIGSEGV);
}, [](int sig) {
throw test_exception{};
});
}, {});
} catch(test_exception&) {
okay = true;
}
Expand All @@ -25,7 +25,7 @@ TEST_CASE("Testing signals", "[invoke_with_signal_handler]") {
TEST_CASE("Testing throw", "[signal_handler_throw]") {
CHECK_THROWS_AS(eosio::vm::invoke_with_signal_handler([](){
eosio::vm::throw_<eosio::vm::wasm_exit_exception>( "Exiting" );
}, [](int){}), eosio::vm::wasm_exit_exception);
}, [](int){}, {}), eosio::vm::wasm_exit_exception);
}

static volatile sig_atomic_t sig_handled;
Expand Down Expand Up @@ -54,9 +54,11 @@ TEST_CASE("Test signal handler forwarding", "[signal_handler_forward]") {
sig_handled = 0;
std::raise(SIGSEGV);
CHECK(sig_handled == 42 + SIGSEGV);
#ifndef __linux__
sig_handled = 0;
std::raise(SIGBUS);
CHECK(sig_handled == 42 + SIGBUS);
#endif
sig_handled = 0;
std::raise(SIGFPE);
CHECK(sig_handled == 42 + SIGFPE);
Expand All @@ -73,9 +75,11 @@ TEST_CASE("Test signal handler forwarding", "[signal_handler_forward]") {
sig_handled = 0;
std::raise(SIGSEGV);
CHECK(sig_handled == 142 + SIGSEGV);
#ifndef __linux__
sig_handled = 0;
std::raise(SIGBUS);
CHECK(sig_handled == 142 + SIGBUS);
#endif
sig_handled = 0;
std::raise(SIGFPE);
CHECK(sig_handled == 142 + SIGFPE);
Expand Down

0 comments on commit aa8bd0a

Please sign in to comment.