Seccomp violation when Firecracker gets SIGSEGV/SIGBUS #1064
Assignees
Labels
Priority: High
Indicates than an issue or pull request should be resolved ahead of issues or pull requests labelled
Type: Bug
Indicates an unexpected problem or unintended behavior
Comments
alxiord
added
Priority: High
|
Fixed by #1070 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If for any reason other than stack overflow Firecracker gets a
SIGSEGVorSIGBUS, the signal handler installed by Rust ends up callingsigactionto deregister itself.sigactionis not whitelisted, therefore Firecracker will exit with a seccomp violation.What's with the
sigaction?Rust installs this signal handler to gracefully detect and handle stack overflows. A guard page tells whether the signal originated in a SO or not. If so, Rust promptly aborts to protect the program against it; if not, the signal handler deregisters itself (with
sigaction) by overwriting itself withSIG_DFL. Next time the signal hits, the program will be terminated.The way Firecracker deals with this is misleading overall; if it gets a non-stack overflow
SIGSEGV/SIGBUS, we see a seccomp violation.2019-04-19T09:46:13.958232287 [anonymous-instance:ERROR:vmm/src/sigsys_handler.rs:69] Shutting down VM after intercepting a bad syscall (13). 2019-04-19T09:46:13.958542547 [anonymous-instance:ERROR:vmm/src/sigsys_handler.rs:75] Failed to log metrics while stopping: Logger was not initialized.The text was updated successfully, but these errors were encountered: