From: Florian Weimer <fweimer@redhat.com>
Date: Thu, 27 May 2021 13:37:35 +0000 (+0200)
Subject: nptl: Install SIGSETXID handler with SA_ONSTACK [BZ #27914]
X-Git-Tag: glibc-2.34~351
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=76b0c59e333da6fd4103e478b63522636d9d232b;p=thirdparty%2Fglibc.git

nptl: Install SIGSETXID handler with SA_ONSTACK [BZ #27914]

The signal is sent to all threads, some of which may have switched
to very small stacks.  If they have also installed an alternate
signal stack, SA_ONSTACK makes this work.  The Go runtime needs this:

  runtime: C.setuid/C.setgid smashes Go stack
  <https://github.com/golang/go/issues/9400>

Doing this for SIGCANCEL is less obviously beneficial and needs further
testing.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
---

diff --git a/nptl/pthread_create.c b/nptl/pthread_create.c
index 5680687efe7..b7073a82854 100644
--- a/nptl/pthread_create.c
+++ b/nptl/pthread_create.c
@@ -83,9 +83,12 @@ late_init (void)
       (void) __libc_sigaction (SIGCANCEL, &sa, NULL);
     }
 
-  /* Install the handle to change the threads' uid/gid.  */
+  /* Install the handle to change the threads' uid/gid.  Use
+     SA_ONSTACK because the signal may be sent to threads that are
+     running with custom stacks.  (This is less likely for
+     SIGCANCEL.)  */
   sa.sa_sigaction = __nptl_setxid_sighandler;
-  sa.sa_flags = SA_SIGINFO | SA_RESTART;
+  sa.sa_flags = SA_ONSTACK | SA_SIGINFO | SA_RESTART;
   (void) __libc_sigaction (SIGSETXID, &sa, NULL);
 
   /* The parent process might have left the signals blocked.  Just in