Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 25 Nov 2021 13:05:06 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 259778] Capsicum failures can raise only SIGTRAP
Message-ID:  <bug-259778-227-jznN7zfaJc@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-259778-227@https.bugs.freebsd.org/bugzilla/>
References:  <bug-259778-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D259778

--- Comment #3 from David Chisnall <theraven@FreeBSD.org> ---
I have:

1. Added a new `procctl` verb `PROC_SIGCAP_CTL` that sets a bit in `p_flag2=
`.
2. Added a SIGCAP that will be delivered on Capsicum violations.
3. Delivered SIGCAP if this bit is set, *after* delivering `SIGTRAP` (so th=
at
the debugger can see the failure and then the process can catch it).

I am not sure if (3) is the correct sequence.  When I'm debugging these thi=
ngs
I probably actually want to get the SIGTRAP after the SIGCAP, and only if t=
he
SIGCAP doesn't handle the failure, but I have no mechanism for signalling t=
his
to the kernel, so I'd most likely just stick a breakpoint at the end of my
signal handler and ignore SIGTRAP entirely.

Unfortunately, it turns out that I don't understand the signal delivery log=
ic.=20
Calling `trapsignal` twice does not appear to work: If I request either sig=
nal,
everything works fine in my test program, but if I request both then my test
fails.  Unfortunately, the child process fails in startup with gdb attached=
 on
-CURRENT.

In a reduced test case, where I set both flags, then do `cap_enter` and `op=
en`
with trivial signal handlers that just print the signal that's delivered, I=
 see
SIGTRAP arriving *before* SIGCAP.  This is my modification to the syscall
return path:

https://github.com/davidchisnall/freebsd-src/blob/5329f8fc0bb881f9172c79009=
7c975f3429f6d67/sys/kern/subr_syscall.c#L225


I believe I need to do more to deliver two signals, synchronously, which is=
 why
I didn't want to allow both mechanisms to exist, but I don't know what the
extra work I need to do is and the `trapsignal` man page is not illuminatin=
g.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-259778-227-jznN7zfaJc>