New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Assertion failure when SIGSYS
is blocked and SECCOMP_RET_TRAP
happens
#2413
Comments
In rr this is complicated by the fact that we synthesize the SIGSYS. |
Something else I found, and I don't know if it should be a separate issue: if the
|
I'm not going to have time to fix this this week, and it's a tricky one. When generating our synthetic seccomp SIGSYS, we need to either manually unblock and reset the disposition of SIGSYS, or we need to fully understand what the kernel does when we inject SIGSYS via ptrace and it is blocked with a signal handler, and take that into account. The former is difficult because when we synthesize the SIGSYS we are in a seccomp ptrace trap, where we can't safely execute remote syscalls in the tracee ... we can change the sigmask using PTRACE_SETSIGMASK, but we can't AFAIK reset the signal handler to default in a straightforward way. We'd need to defer that to later, which gets complicated. |
This isn't urgent for Firefox; we know what's going on in the bug I mentioned. But in general it is a use case where rr is otherwise a good tool for the job: one process in a multiprocess application mysteriously exits without logging anything. |
I have this partially fixed here: https://github.com/mozilla/rr/tree/sigsys One problem I ran into is that when running the 32-bit version of the test, we'd hit a nasty case where doing the AutoRemoteSyscall to reset the signal handler to default would receive a SIGPWR every time we tried to enter the syscall. I think this is because we're inside the syscallbuf and the desched signal is armed. In the version of the patch on the branch, I tried to avoid that by disabling all signals during AutoRemoteSyscalls, but this breaks a lot of tests. I don't have time to look into this further right now. |
If the recorded process is blocking
SIGSYS
, and has a handler for it, and executes a system call where the seccomp-bpf policy returnsSECCOMP_RET_TRAP
, the kernel will both unblock the signal and reset the signal disposition. This is annoying for sandbox developers, but also it breaks rr:I wrote a simple test case:
The original failing case is Firefox and a recent development version of glibc; see also bug 1600574 comment #12.
The text was updated successfully, but these errors were encountered: