4 files changed, 190 insertions, 0 deletions

diff --git a/support/Makefile b/support/Makefile
index 6ac4447def..432cf2fe6c 100644
--- a/support/Makefile
+++ b/support/Makefile
@@ -145,6 +145,7 @@ libsupport-routines = \
   xsetsockopt \
   xsigaction \
   xsignal \
+  xsigstack \
   xsocket \
   xstrdup \
   xstrndup \
@@ -205,6 +206,7 @@ tests = \
   tst-test_compare_blob \
   tst-test_compare_string \
   tst-xreadlink \
+  tst-xsigstack \
 
 ifeq ($(run-built-tests),yes)
 tests-special = \
diff --git a/support/tst-xsigstack.c b/support/tst-xsigstack.c
new file mode 100644
index 0000000000..42859c79e9
--- /dev/null
+++ b/support/tst-xsigstack.c
@@ -0,0 +1,64 @@
+/* Test of sigaltstack wrappers.
+   Copyright (C) 2019 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <support/xsignal.h>
+#include <support/support.h>
+#include <support/xunistd.h>
+#include <support/check.h>
+
+#include <stdint.h>
+#include <stdio.h>
+
+static volatile uintptr_t handler_stackaddr;
+
+static void
+handler (int unused)
+{
+  int var;
+  handler_stackaddr = (uintptr_t) &var;
+}
+
+int
+do_test (void)
+{
+  void *sstk = xalloc_sigstack (0);
+
+  unsigned char *sp;
+  size_t size;
+  xget_sigstack_location (sstk, &sp, &size);
+  printf ("signal stack installed: sp=%p size=%zu\n", sp, size);
+
+  struct sigaction sa;
+  sa.sa_handler = handler;
+  sa.sa_flags   = SA_RESTART | SA_ONSTACK;
+  sigfillset (&sa.sa_mask);
+  if (sigaction (SIGUSR1, &sa, 0))
+    FAIL_RET ("sigaction (SIGUSR1, handler): %m\n");
+
+  raise (SIGUSR1);
+
+  uintptr_t haddr = handler_stackaddr;
+  printf ("address of handler local variable: %p\n", (void *)haddr);
+  TEST_VERIFY ((uintptr_t)sp < haddr);
+  TEST_VERIFY (haddr < (uintptr_t)sp + size);
+
+  xfree_sigstack (sstk);
+  return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/support/xsignal.h b/support/xsignal.h
index f3308883a4..d89e2bc575 100644
--- a/support/xsignal.h
+++ b/support/xsignal.h
@@ -37,6 +37,23 @@ void xsigaction (int sig, const struct sigaction *newact,
 
 void xpthread_sigmask (int how, const sigset_t *set, sigset_t *oldset);
 
+/* Allocate and activate an alternate signal stack.  This stack will
+   have SIZE + MINSIGSTKSZ bytes of space, rounded up to a whole
+   number of pages.  There will be large (at least 1 MiB) inaccessible
+   guard bands on either side of it.  The return value is a cookie
+   that can be passed to xfree_sigstack to deactivate and deallocate
+   the stack again.  It is not necessary to call sigaltstack after
+   calling this function.  Terminates the process on error.  */
+void *xalloc_sigstack (size_t size);
+
+/* Deactivate and deallocate a signal stack created by xalloc_sigstack.  */
+void xfree_sigstack (void *stack);
+
+/* Extract the actual address and size of the alternate signal stack from
+   the cookie returned by xalloc_sigstack.  */
+void xget_sigstack_location (const void *stack, unsigned char **addrp,
+                             size_t *sizep);
+
 __END_DECLS
 
 #endif /* SUPPORT_SIGNAL_H */
diff --git a/support/xsigstack.c b/support/xsigstack.c
new file mode 100644
index 0000000000..cebfa19aa5
--- /dev/null
+++ b/support/xsigstack.c
@@ -0,0 +1,107 @@
+/* sigaltstack wrappers.
+   Copyright (C) 2019 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <support/xsignal.h>
+#include <support/support.h>
+#include <support/xunistd.h>
+#include <support/check.h>
+
+#include <stdlib.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <sys/param.h> /* roundup, MAX */
+
+/* The "cookie" returned by xalloc_sigstack points to one of these
+   structures.  */
+struct sigstack_desc
+{
+  void *alloc_base;  /* Base address of the complete allocation.  */
+  size_t alloc_size; /* Size of the complete allocation.  */
+  stack_t alt_stack; /* The address and size of the stack itself.  */
+  stack_t old_stack; /* The previous signal stack.  */
+};
+
+void *
+xalloc_sigstack (size_t size)
+{
+  size_t pagesize = sysconf (_SC_PAGESIZE);
+  if (pagesize == -1)
+    FAIL_EXIT1 ("sysconf (_SC_PAGESIZE): %m\n");
+
+  /* Always supply at least MINSIGSTKSZ space; passing 0 as size means
+     only that much space.  No matter what the number is, round it up
+     to a whole number of pages.  */
+  size_t stacksize = roundup (size + MINSIGSTKSZ, pagesize);
+
+  /* The guard bands need to be large enough to intercept offset
+     accesses from a stack address that might otherwise hit another
+     mapping.  Make them at least twice as big as the stack itself, to
+     defend against an offset by the entire size of a large
+     stack-allocated array.  The minimum is 1MiB, which is arbitrarily
+     chosen to be larger than any "typical" wild pointer offset.
+     Again, no matter what the number is, round it up to a whole
+     number of pages.  */
+  size_t guardsize = roundup (MAX (2 * stacksize, 1024 * 1024), pagesize);
+
+  struct sigstack_desc *desc = xmalloc (sizeof (struct sigstack_desc));
+  desc->alloc_size = guardsize + stacksize + guardsize;
+  /* Use MAP_NORESERVE so that RAM will not be wasted on the guard
+     bands; touch all the pages of the actual stack before returning,
+     so we know they are allocated.  */
+  desc->alloc_base = xmmap (0,
+                            desc->alloc_size,
+                            PROT_READ|PROT_WRITE,
+                            MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE|MAP_STACK,
+                            -1);
+
+  xmprotect (desc->alloc_base, guardsize, PROT_NONE);
+  xmprotect (desc->alloc_base + guardsize + stacksize, guardsize, PROT_NONE);
+  memset (desc->alloc_base + guardsize, 0xA5, stacksize);
+
+  desc->alt_stack.ss_sp    = desc->alloc_base + guardsize;
+  desc->alt_stack.ss_flags = 0;
+  desc->alt_stack.ss_size  = stacksize;
+
+  if (sigaltstack (&desc->alt_stack, &desc->old_stack))
+    FAIL_EXIT1 ("sigaltstack (new stack: sp=%p, size=%zu, flags=%u): %m\n",
+                desc->alt_stack.ss_sp, desc->alt_stack.ss_size,
+                desc->alt_stack.ss_flags);
+
+  return desc;
+}
+
+void
+xfree_sigstack (void *stack)
+{
+  struct sigstack_desc *desc = stack;
+
+  if (sigaltstack (&desc->old_stack, 0))
+    FAIL_EXIT1 ("sigaltstack (restore old stack: sp=%p, size=%zu, flags=%u): "
+                "%m\n", desc->old_stack.ss_sp, desc->old_stack.ss_size,
+                desc->old_stack.ss_flags);
+  xmunmap (desc->alloc_base, desc->alloc_size);
+  free (desc);
+}
+
+void
+xget_sigstack_location (const void *stack, unsigned char **addrp, size_t *sizep)
+{
+  const struct sigstack_desc *desc = stack;
+  *addrp = desc->alt_stack.ss_sp;
+  *sizep = desc->alt_stack.ss_size;
+}