Provide a freebsd32 implementation of sigqueue().
ClosedPublic
Actions

Authored by brooks on May 4 2017, 10:09 PM.

Details

Reviewers

kib
jhb
emaste
wblock

Commits

rS318323: MFC r317845-r317846
rS318244: MFC r317845-r317846
rS317845: Provide a freebsd32 implementation of sigqueue()

Summary

The previous misuse of sys_sigqueue() was sending random register or
stack garbage to 64-bit target. The new implementation is a copy of
sys_sigqueue() altered to copy the sival_int member of value.

Document the mixed ABI implementation of union sigval and the incompability of sival_ptr with pointer integrity schemes.

Test Plan

should run the i386 version of /usr/tests/lib/libc/sys/sigqueue_test on amd64.

NB: I've not included the result of "cd sys/compat/freebsd32; make
sysent" as it's not interesting.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

brooks created this revision.May 4 2017, 10:09 PM

brooks added a reviewer: wblock.May 4 2017, 10:12 PM

IMO a new source file for single shim is too confusing.

More important, I do not think that the implementation is good: why not do it in a way similar to other shims ? I mean, create kern_sigqueue() which takes either native-ABI union or just void * for arg, and which does everything that sys_sigqueue() does now. Then freebsd32_sigqueue() becomes PTRIN() + kern_sigqueue, instead of being a literal copy of sys_sigqueue().

If you do not want to code this, I will provide the patch. The man page update is good, it should go in independently then.

lib/libc/sys/sigqueue.2
160 ↗	(On Diff #28041)	"may be"

wblock added inline comments.May 5 2017, 4:18 PM

lib/libc/sys/sigqueue.2

152 ↗

(On Diff #28041)

s/may/might/

153 ↗

(On Diff #28041)

I'd prefer "for instance" or "for example" rather than the academic Latin abbreviation. But that's me.

This part of the sentence needs a comma for the pause also, and s/may/might/

Suggested:

When using
.Nm
to send signals to a process which might have a different ABI
(for instance, one is 32-bit and the other 64-bit),
the
.Va sival_int
member of
.Fa value
can be delivered reliably, but the
.Va sival_ptr
might be truncated in endian-dependent ways and must not be relied on.

162 ↗

(On Diff #28041)

This might read more clearly if flipped end-to-end:

Many pointer integrity schemes disallow sending pointers to other processes,
and this technique should not be used in programs intended to be portable.

In D10605#220076, @kib wrote:

More important, I do not think that the implementation is good: why not do it in a way similar to other shims ? I mean, create kern_sigqueue() which takes either native-ABI union or just void * for arg, and which does everything that sys_sigqueue() does now. Then freebsd32_sigqueue() becomes PTRIN() + kern_sigqueue, instead of being a literal copy of sys_sigqueue().

If you do not want to code this, I will provide the patch. The man page update is good, it should go in independently then.

Will do. I took this route because the CheriBSD version differs more. I'll extend kern_sigqueue in our tree as required.

Adopt improvements to manpage from wblock.
Fix from kib.
Split a kern_sigqueue() out of sys_sigqeueu().
Reimplement freebsd32_sigqueue in terms of kern_sigqueue.

Harbormaster completed remote builds in B9098: Diff 28077.May 5 2017, 5:51 PM

brooks marked 4 inline comments as done.May 5 2017, 5:52 PM

kib added inline comments.May 5 2017, 6:12 PM

sys/compat/freebsd32/freebsd32_misc.c
2500 ↗	(On Diff #28077)	Don't you need to bzero sv before, to avoid kernel stack garbage in a word of sival_ptr ? I think that making the last argumentto kern_sigqueue() of type void *sival_ptr (i.e. explicitely the value of ptr from the union) would make things simpler, but I do not insist.

brooks added inline comments.May 5 2017, 6:25 PM

sys/compat/freebsd32/freebsd32_misc.c
2500 ↗	(On Diff #28077)	Thanks, I thought about it and then failed to do it... Will fix. I don't feel strongly about the type, but do think that passing unions by value isn't a good idea so went with that approach.