On Wed, Oct 17, 2012 at 5:01 PM, Peter Maydell <peter.mayd...@linaro.org> wrote: > On 17 October 2012 15:18, Alex Barcelo <abarc...@ac.upc.edu> wrote: >> Create a wrapper for signal mask changes initiated by the guest; >> this will give us a place to put code which prevents the guest >> from changing the handling of signals used by QEMU itself >> internally. >> >> The wrapper is called from all the guest-initiated sigprocmask, but >> is not called from internal qemu sigprocmask calls. >> >> Signed-off-by: Alex Barcelo <abarc...@ac.upc.edu> > > In my comments on v1 of this patch I wrote: > "I think all the uses of sigprocmask() in linux-user/signal.c also > need to be do_sigprocmask(), as they are the guest trying to control > its signal mask (via the mask it specifies for running signal handlers, > or the mask it passes back when restoring context on return from a > signal handler)."
I saw sigprocmask being used only inside sigreturn functions (hope I checked it correctly). I thought (maybe wrongly) that sigreturn should not be wrapped, just as internal sigprocmask calls are not proxyfied through do_sigprocmask. Sigreturn functions should not be called from guest directly, so they should not be a threat. And if some application uses it... well, then it is its fault, as POSIX does not guarantee any behavior (am I right?) Do you think, despite that, that those calls should be done through do_sigprocmask? The scenario where this may be relevant is in SIGSEGV interrupt service routines (because the sigreturn may tamper with SIGSEGV). In this scenario... I don't know how will anything behave, so I can't tell if it is worth doing it, or if there is any real case where qemu-user behavior is improving.
