mirror of
https://github.com/cloud-hypervisor/cloud-hypervisor.git
synced 2024-10-05 21:15:45 +00:00
main: Use non-threaded signal handler for SIGSYS
Replace the thread for handling SIGSYS with a simple signal handler. This resolves inconsistent delivery of signals to the SIGSYS thread due to other threads manipulating the signals. Tested by removing key syscalls from vCPU and virtio device filters and observing correct notice. Fixes: #3811 Signed-off-by: Rob Bradford <robert.bradford@intel.com>
This commit is contained in:
parent
8b1e6140d2
commit
37ea979e56
29
src/main.rs
29
src/main.rs
@ -13,16 +13,12 @@ use libc::EFD_NONBLOCK;
|
|||||||
use log::LevelFilter;
|
use log::LevelFilter;
|
||||||
use option_parser::OptionParser;
|
use option_parser::OptionParser;
|
||||||
use seccompiler::SeccompAction;
|
use seccompiler::SeccompAction;
|
||||||
use signal_hook::{
|
use signal_hook::consts::SIGSYS;
|
||||||
consts::SIGSYS,
|
|
||||||
iterator::{exfiltrator::WithRawSiginfo, SignalsInfo},
|
|
||||||
};
|
|
||||||
use std::env;
|
use std::env;
|
||||||
use std::fs::File;
|
use std::fs::File;
|
||||||
use std::os::unix::io::{FromRawFd, RawFd};
|
use std::os::unix::io::{FromRawFd, RawFd};
|
||||||
use std::sync::mpsc::channel;
|
use std::sync::mpsc::channel;
|
||||||
use std::sync::{Arc, Mutex};
|
use std::sync::{Arc, Mutex};
|
||||||
use std::thread;
|
|
||||||
use thiserror::Error;
|
use thiserror::Error;
|
||||||
use vmm::config;
|
use vmm::config;
|
||||||
use vmm_sys_util::eventfd::EventFd;
|
use vmm_sys_util::eventfd::EventFd;
|
||||||
@ -495,28 +491,21 @@ fn start_vmm(cmd_arguments: ArgMatches) -> Result<Option<String>, Error> {
|
|||||||
SeccompAction::Trap
|
SeccompAction::Trap
|
||||||
};
|
};
|
||||||
|
|
||||||
// See https://github.com/rust-lang/libc/issues/716 why we can't get the details from siginfo_t
|
|
||||||
if seccomp_action == SeccompAction::Trap {
|
if seccomp_action == SeccompAction::Trap {
|
||||||
thread::Builder::new()
|
// SAFETY: We only using signal_hook for managing signals and only execute signal
|
||||||
.name("seccomp_signal_handler".to_string())
|
// handler safe functions (writing to stderr) and manipulating signals.
|
||||||
.spawn(move || {
|
unsafe {
|
||||||
for si in SignalsInfo::<WithRawSiginfo>::new(&[SIGSYS])
|
signal_hook::low_level::register(signal_hook::consts::SIGSYS, || {
|
||||||
.unwrap()
|
|
||||||
.forever()
|
|
||||||
{
|
|
||||||
/* SYS_SECCOMP */
|
|
||||||
if si.si_code == 1 {
|
|
||||||
eprint!(
|
eprint!(
|
||||||
"\n==== seccomp violation ====\n\
|
"\n==== Possible seccomp violation ====\n\
|
||||||
Try running with `strace -ff` to identify the cause and open an issue: \
|
Try running with `strace -ff` to identify the cause and open an issue: \
|
||||||
https://github.com/cloud-hypervisor/cloud-hypervisor/issues/new\n"
|
https://github.com/cloud-hypervisor/cloud-hypervisor/issues/new\n"
|
||||||
);
|
);
|
||||||
|
|
||||||
signal_hook::low_level::emulate_default_handler(SIGSYS).unwrap();
|
signal_hook::low_level::emulate_default_handler(SIGSYS).unwrap();
|
||||||
}
|
|
||||||
}
|
|
||||||
})
|
})
|
||||||
.unwrap();
|
}
|
||||||
|
.map_err(|e| eprintln!("Error adding SIGSYS signal handler: {}", e))
|
||||||
|
.ok();
|
||||||
}
|
}
|
||||||
|
|
||||||
// Before we start any threads, mask the signals we'll be
|
// Before we start any threads, mask the signals we'll be
|
||||||
|
Loading…
Reference in New Issue
Block a user