>> + >> +/* >> + * Use SETSIGNAL and GETSIGNAL macros for SIGSEGV protection. >> + * >> + * This should protect SIGSEGV unconscious manipulations from guest apps >> + * (but we still do not let the emulated software play the signal game) >> + */ >> +#define SETSIGNAL(set) sigdelset( (set), SIGSEGV) >> +#define GETSIGNAL(get) sigaddset( (get), SIGSEGV) >> + > > I think we could probably structure this in a cleaner way. I think > it would be better to define and use a wrapper for sigprocmask() which > was a "do/emulate sigprocmask in way that is safe for guest" (call it > do_sigprocmask, put it in signal.c). Then we could start with a really > simple version that just prevents the guest trying to fiddle with > SIGSEGV, and extend it later to better emulation if necessary (eg > storing the actual guest signal mask in TaskState so we can emulate > delivery or otherwise in process_pending_signals(), and so we can > report the correct thing if the guest later tries to read back the > signal mask).
Ok, I couldn't find a good way to do this. A sigprocmask wrapper seems a good idea. > Note that another place the guest can set the signal mask is via > sigreturn. Noted, will check it and add wrapping.