From: Peter Collingbourne <pcc@google.com>
To: Catalin Marinas <catalin.marinas@arm.com>,
Evgenii Stepanov <eugenis@google.com>,
Kostya Serebryany <kcc@google.com>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Dave Martin <Dave.Martin@arm.com>, Will Deacon <will@kernel.org>,
Oleg Nesterov <oleg@redhat.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
"James E.J. Bottomley" <James.Bottomley@hansenpartnership.com>,
Michael Kerrisk <mtk.manpages@gmail.com>,
Alejandro Colomar <alx.manpages@gmail.com>
Cc: Peter Collingbourne <pcc@google.com>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
Kevin Brodsky <kevin.brodsky@arm.com>,
Andrey Konovalov <andreyknvl@google.com>,
linux-api@vger.kernel.org, Helge Deller <deller@gmx.de>,
David Spickett <david.spickett@linaro.org>,
linux-man@vger.kernel.org
Subject: [PATCH v2] sigaction.2: Document SA_EXPOSE_TAGBITS and the flag support detection protocol
Date: Tue, 17 Nov 2020 15:54:47 -0800 [thread overview]
Message-ID: <20201117235447.816252-1-pcc@google.com> (raw)
Signed-off-by: Peter Collingbourne <pcc@google.com>
---
These features are implemented in this patch series:
https://lore.kernel.org/linux-arm-kernel/cover.1605235762.git.pcc@google.com/
which is still under review, so the patch should not be applied
yet.
Alejandro, thanks for the review. Since the patch was almost
rewritten I didn't base this on your patch, instead I tried to
use the correct formatting in this patch.
v2:
- fix formatting
- address feedback from Dave
man2/sigaction.2 | 125 +++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 125 insertions(+)
diff --git a/man2/sigaction.2 b/man2/sigaction.2
index 6a8142324..0e4236a43 100644
--- a/man2/sigaction.2
+++ b/man2/sigaction.2
@@ -250,6 +250,44 @@ This flag is meaningful only when establishing a signal handler.
.\" .I sa_sigaction
.\" field was added in Linux 2.1.86.)
.\"
+.TP
+.BR SA_UNSUPPORTED
+Used to dynamically probe for flag bit support.
+.IP
+If an attempt to register a handler succeeds with this flag set in
+.I act->sa_flags
+alongside other flags that are potentially unsupported by the kernel,
+and an immediately subsequent
+.BR sigaction ()
+call specifying the same signal number n and with non-NULL
+.I oldact
+yields
+.B SA_UNSUPPORTED
+.I clear
+in
+.IR oldact->sa_flags ,
+then
+.IR oldact->sa_flags
+may be used as a bitmask
+describing which of the potentially unsupported flags are,
+in fact, supported.
+See the section "Dynamically probing for flag bit support"
+below for more details.
+.TP
+.BR SA_EXPOSE_TAGBITS " (since Linux 5.x)"
+Normally, when delivering a signal,
+an architecture-specific set of tag bits are cleared from the
+.I si_addr
+field of
+.IR siginfo_t .
+If this flag is set,
+an architecture-specific subset of the tag bits will be preserved in
+.IR si_addr .
+.IP
+Programs that need to be compatible with Linux versions older than 5.x
+must use
+.B SA_UNSUPPORTED
+to probe for support.
.SS The siginfo_t argument to a SA_SIGINFO handler
When the
.B SA_SIGINFO
@@ -833,6 +871,93 @@ Triggered by a
.BR seccomp (2)
filter rule.
.RE
+.SS Dynamically probing for flag bit support
+The
+.BR sigaction ()
+call on Linux accepts unknown bits set in
+.I act->sa_flags
+without error.
+The behavior of the kernel starting with Linux 5.x is that a second
+.BR sigaction ()
+will clear unknown bits from
+.IR oldact->sa_flags .
+However, historically, a second
+.BR sigaction ()
+call would typically leave those bits set in
+.IR oldact->sa_flags .
+.PP
+This means that support for new flags cannot be detected
+simply by testing for a flag in
+.IR sa_flags ,
+and a program must test that
+.B SA_UNSUPPORTED
+has been cleared before relying on the contents of
+.IR sa_flags .
+.PP
+Since the behavior of the signal handler cannot be guaranteed
+unless the check passes,
+it is wise to either block the affected signal
+while registering the handler and performing the check in this case,
+or where this is not possible,
+for example if the signal is synchronous, to issue the second
+.BR sigaction ()
+in the signal handler itself.
+.PP
+In kernels that do not support a specific flag,
+the kernel's behavior is as if the flag was not set,
+even if the flag was set in
+.IR act->sa_flags .
+.PP
+The flags
+.BR SA_NOCLDSTOP ,
+.BR SA_NOCLDWAIT ,
+.BR SA_SIGINFO ,
+.BR SA_ONSTACK ,
+.BR SA_RESTART ,
+.BR SA_NODEFER ,
+.BR SA_RESETHAND ,
+and, if defined by the architecture,
+.B SA_RESTORER
+may not be reliably probed for using this mechanism,
+because they were introduced before Linux 5.x.
+However, in general, programs may assume that these flags are supported,
+since they have all been supported since Linux 2.6,
+which was released in the year 2003.
+.PP
+The following example program exits with status 0 if
+.B SA_EXPOSE_TAGBITS
+is determined to be supported, and 1 otherwise.
+.PP
+.EX
+#include <signal.h>
+#include <stdio.h>
+#include <unistd.h>
+
+void handler(int signo, siginfo_t *info, void *context) {
+ struct sigaction oldact;
+ if (sigaction(SIGSEGV, 0, &oldact) == 0 &&
+ !(oldact.sa_flags & SA_UNSUPPORTED) &&
+ (oldact.sa_flags & SA_EXPOSE_TAGBITS)) {
+ _exit(0);
+ } else {
+ _exit(1);
+ }
+}
+
+int main(void) {
+ struct sigaction act = {};
+ act.sa_flags = SA_SIGINFO | SA_UNSUPPORTED | SA_EXPOSE_TAGBITS;
+ act.sa_sigaction = handler;
+ if (sigaction(SIGSEGV, &act, 0) != 0) {
+ perror("sigaction");
+ return 1;
+ }
+
+ /* Force a SIGSEGV. */
+ *(volatile int *)0 = 0;
+ return 1;
+}
+.EE
.SH RETURN VALUE
.BR sigaction ()
returns 0 on success; on error, \-1 is returned, and
--
2.29.2.299.gdc1121823c-goog
WARNING: multiple messages have this Message-ID (diff)
From: Peter Collingbourne <pcc@google.com>
To: Catalin Marinas <catalin.marinas@arm.com>,
Evgenii Stepanov <eugenis@google.com>,
Kostya Serebryany <kcc@google.com>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Dave Martin <Dave.Martin@arm.com>, Will Deacon <will@kernel.org>,
Oleg Nesterov <oleg@redhat.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
"James E.J. Bottomley" <James.Bottomley@hansenpartnership.com>,
Michael Kerrisk <mtk.manpages@gmail.com>,
Alejandro Colomar <alx.manpages@gmail.com>
Cc: linux-man@vger.kernel.org,
Andrey Konovalov <andreyknvl@google.com>,
Helge Deller <deller@gmx.de>,
Kevin Brodsky <kevin.brodsky@arm.com>,
linux-api@vger.kernel.org,
David Spickett <david.spickett@linaro.org>,
Peter Collingbourne <pcc@google.com>,
Linux ARM <linux-arm-kernel@lists.infradead.org>
Subject: [PATCH v2] sigaction.2: Document SA_EXPOSE_TAGBITS and the flag support detection protocol
Date: Tue, 17 Nov 2020 15:54:47 -0800 [thread overview]
Message-ID: <20201117235447.816252-1-pcc@google.com> (raw)
Signed-off-by: Peter Collingbourne <pcc@google.com>
---
These features are implemented in this patch series:
https://lore.kernel.org/linux-arm-kernel/cover.1605235762.git.pcc@google.com/
which is still under review, so the patch should not be applied
yet.
Alejandro, thanks for the review. Since the patch was almost
rewritten I didn't base this on your patch, instead I tried to
use the correct formatting in this patch.
v2:
- fix formatting
- address feedback from Dave
man2/sigaction.2 | 125 +++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 125 insertions(+)
diff --git a/man2/sigaction.2 b/man2/sigaction.2
index 6a8142324..0e4236a43 100644
--- a/man2/sigaction.2
+++ b/man2/sigaction.2
@@ -250,6 +250,44 @@ This flag is meaningful only when establishing a signal handler.
.\" .I sa_sigaction
.\" field was added in Linux 2.1.86.)
.\"
+.TP
+.BR SA_UNSUPPORTED
+Used to dynamically probe for flag bit support.
+.IP
+If an attempt to register a handler succeeds with this flag set in
+.I act->sa_flags
+alongside other flags that are potentially unsupported by the kernel,
+and an immediately subsequent
+.BR sigaction ()
+call specifying the same signal number n and with non-NULL
+.I oldact
+yields
+.B SA_UNSUPPORTED
+.I clear
+in
+.IR oldact->sa_flags ,
+then
+.IR oldact->sa_flags
+may be used as a bitmask
+describing which of the potentially unsupported flags are,
+in fact, supported.
+See the section "Dynamically probing for flag bit support"
+below for more details.
+.TP
+.BR SA_EXPOSE_TAGBITS " (since Linux 5.x)"
+Normally, when delivering a signal,
+an architecture-specific set of tag bits are cleared from the
+.I si_addr
+field of
+.IR siginfo_t .
+If this flag is set,
+an architecture-specific subset of the tag bits will be preserved in
+.IR si_addr .
+.IP
+Programs that need to be compatible with Linux versions older than 5.x
+must use
+.B SA_UNSUPPORTED
+to probe for support.
.SS The siginfo_t argument to a SA_SIGINFO handler
When the
.B SA_SIGINFO
@@ -833,6 +871,93 @@ Triggered by a
.BR seccomp (2)
filter rule.
.RE
+.SS Dynamically probing for flag bit support
+The
+.BR sigaction ()
+call on Linux accepts unknown bits set in
+.I act->sa_flags
+without error.
+The behavior of the kernel starting with Linux 5.x is that a second
+.BR sigaction ()
+will clear unknown bits from
+.IR oldact->sa_flags .
+However, historically, a second
+.BR sigaction ()
+call would typically leave those bits set in
+.IR oldact->sa_flags .
+.PP
+This means that support for new flags cannot be detected
+simply by testing for a flag in
+.IR sa_flags ,
+and a program must test that
+.B SA_UNSUPPORTED
+has been cleared before relying on the contents of
+.IR sa_flags .
+.PP
+Since the behavior of the signal handler cannot be guaranteed
+unless the check passes,
+it is wise to either block the affected signal
+while registering the handler and performing the check in this case,
+or where this is not possible,
+for example if the signal is synchronous, to issue the second
+.BR sigaction ()
+in the signal handler itself.
+.PP
+In kernels that do not support a specific flag,
+the kernel's behavior is as if the flag was not set,
+even if the flag was set in
+.IR act->sa_flags .
+.PP
+The flags
+.BR SA_NOCLDSTOP ,
+.BR SA_NOCLDWAIT ,
+.BR SA_SIGINFO ,
+.BR SA_ONSTACK ,
+.BR SA_RESTART ,
+.BR SA_NODEFER ,
+.BR SA_RESETHAND ,
+and, if defined by the architecture,
+.B SA_RESTORER
+may not be reliably probed for using this mechanism,
+because they were introduced before Linux 5.x.
+However, in general, programs may assume that these flags are supported,
+since they have all been supported since Linux 2.6,
+which was released in the year 2003.
+.PP
+The following example program exits with status 0 if
+.B SA_EXPOSE_TAGBITS
+is determined to be supported, and 1 otherwise.
+.PP
+.EX
+#include <signal.h>
+#include <stdio.h>
+#include <unistd.h>
+
+void handler(int signo, siginfo_t *info, void *context) {
+ struct sigaction oldact;
+ if (sigaction(SIGSEGV, 0, &oldact) == 0 &&
+ !(oldact.sa_flags & SA_UNSUPPORTED) &&
+ (oldact.sa_flags & SA_EXPOSE_TAGBITS)) {
+ _exit(0);
+ } else {
+ _exit(1);
+ }
+}
+
+int main(void) {
+ struct sigaction act = {};
+ act.sa_flags = SA_SIGINFO | SA_UNSUPPORTED | SA_EXPOSE_TAGBITS;
+ act.sa_sigaction = handler;
+ if (sigaction(SIGSEGV, &act, 0) != 0) {
+ perror("sigaction");
+ return 1;
+ }
+
+ /* Force a SIGSEGV. */
+ *(volatile int *)0 = 0;
+ return 1;
+}
+.EE
.SH RETURN VALUE
.BR sigaction ()
returns 0 on success; on error, \-1 is returned, and
--
2.29.2.299.gdc1121823c-goog
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next reply other threads:[~2020-11-17 23:55 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-17 23:54 Peter Collingbourne [this message]
2020-11-17 23:54 ` [PATCH v2] sigaction.2: Document SA_EXPOSE_TAGBITS and the flag support detection protocol Peter Collingbourne
2020-11-18 11:42 ` Alejandro Colomar (man-pages)
2020-11-18 11:42 ` Alejandro Colomar (man-pages)
2020-11-18 14:04 ` Alejandro Colomar (man-pages)
2020-11-18 14:04 ` Alejandro Colomar (man-pages)
2020-12-18 10:27 ` Alejandro Colomar (man-pages)
2020-12-18 10:27 ` Alejandro Colomar (man-pages)
2020-12-21 18:17 ` Peter Collingbourne
2020-12-21 18:17 ` Peter Collingbourne
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201117235447.816252-1-pcc@google.com \
--to=pcc@google.com \
--cc=Dave.Martin@arm.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=alx.manpages@gmail.com \
--cc=andreyknvl@google.com \
--cc=catalin.marinas@arm.com \
--cc=david.spickett@linaro.org \
--cc=deller@gmx.de \
--cc=ebiederm@xmission.com \
--cc=eugenis@google.com \
--cc=kcc@google.com \
--cc=kevin.brodsky@arm.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-man@vger.kernel.org \
--cc=mtk.manpages@gmail.com \
--cc=oleg@redhat.com \
--cc=vincenzo.frascino@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.