diff options
| author | Aleksandr Nogikh <nogikh@google.com> | 2022-01-19 17:38:24 +0000 |
|---|---|---|
| committer | Aleksandr Nogikh <wp32pw@gmail.com> | 2022-01-21 11:28:49 +0100 |
| commit | 214351e168def9426c79e1f65a93ddb112cee906 (patch) | |
| tree | 7bd960ca4a7dd2cf5d720d7f3159385ba0eb3fc1 /executor/executor.cc | |
| parent | ab3d9f17d3b73b74f89b4ea3bd951e09ab4149a8 (diff) | |
executor: fail on SEGV during clone()
As was found out in #2921, fork bombs are still possible in Linux-based
instances. One of the possible reasons is described below.
An invalid stack can be passed to the clone() call, thus causing it to stumble
on an invalid memory access right during returning from the clone() call. This
is in turn catched by the NONFAILING() macro and the control actually jumps
over it and eventually both the child and the parent continue executing the
same code.
Prevent it by handling SIGSEGV and SIGBUS differently during the clone process.
Co-authored-by: Andrei Vagin <avagin@google.com>
Diffstat (limited to 'executor/executor.cc')
| -rw-r--r-- | executor/executor.cc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/executor/executor.cc b/executor/executor.cc index 923fccc63..28ab72206 100644 --- a/executor/executor.cc +++ b/executor/executor.cc @@ -90,6 +90,7 @@ static NORETURN PRINTF(2, 3) void failmsg(const char* err, const char* msg, ...) // Just exit (e.g. due to temporal ENOMEM error). static NORETURN PRINTF(1, 2) void exitf(const char* msg, ...); static NORETURN void doexit(int status); +static NORETURN void doexit_thread(int status); // Print debug output that is visible when running syz-manager/execprog with -debug flag. // Debug output is supposed to be relatively high-level (syscalls executed, return values, timing, etc) |