From f0e5b8f6bbd0c2b7b0919faa30659005faaf95c5 Mon Sep 17 00:00:00 2001 From: Nikhil Benesch Date: Tue, 16 Oct 2018 14:55:55 -0400 Subject: [PATCH] Don't install signal handler when checking cpuid As part of its CPU feature detection, CryptoPP installs a SIGILL signal handler before issuing the cpuid instruction. The intent is to gracefully degrade on CPUs that don't support the cpuid instruction. The problem is that it is impossible to safely overwrite a signal handler installed by the Go runtime in go1.10 on macOS (golang/go#22805). This causes CockroachDB 2.0 to crash on macOS Mojave: cockroachdb/cockroach#31380. The situation has improved on the Go front, as go1.11 makes it possible to safely save and restore signal handlers installed by the Go runtime on macOS. Still, we can do better and support go1.10. There is no need to bother installing a SIGILL handler, as the cpuid instruction is supported by every x86-64 CPU. We can instead use conditional compilation to make sure that we never execute a cpuid instruction on a non x86-64 CPU. Note that CPU feature detection is performed at executable load time (see the attribute(constructor) on DetectX86Features); therefore any reference to function which calls DetectX86Features (notably HasAESNI) corrupts the signal handler. It's not entirely clear why this corruption later leads to the SIGTRAP seen in cockroachdb/cockroach#31380--is something in macOS or the Go runtime generating a SIGILL and trying to handle it gracefully?--but regardless, not mucking with the signal handler fixes the issue. --- cpu.cpp | 49 +++++++++++++------------------------------------ 1 file changed, 13 insertions(+), 36 deletions(-) diff --git a/cpu.cpp b/cpu.cpp index 42831c15e..0962dd5a6 100644 --- a/cpu.cpp +++ b/cpu.cpp @@ -61,7 +61,9 @@ extern "C" bool CpuId(word32 input, word32 output[4]) { -#if defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY) +#if !defined(__x86_64__) && !defined(__i386__) + return false; +#elif defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY) __try { __asm @@ -88,44 +90,19 @@ bool CpuId(word32 input, word32 output[4]) return true; #else - // longjmp and clobber warnings. Volatile is required. - // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854 - volatile bool result = true; - - volatile SigHandler oldHandler = signal(SIGILL, SigIllHandlerCPUID); - if (oldHandler == SIG_ERR) - return false; - -# ifndef __MINGW32__ - volatile sigset_t oldMask; - if (sigprocmask(0, NULL, (sigset_t*)&oldMask)) - return false; -# endif - - if (setjmp(s_jmpNoCPUID)) - result = false; - else - { - asm volatile - ( - // save ebx in case -fPIC is being used - // TODO: this might need an early clobber on EDI. + asm volatile + ( + // save ebx in case -fPIC is being used + // TODO: this might need an early clobber on EDI. # if CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64 - "pushq %%rbx; cpuid; mov %%ebx, %%edi; popq %%rbx" + "pushq %%rbx; cpuid; mov %%ebx, %%edi; popq %%rbx" # else - "push %%ebx; cpuid; mov %%ebx, %%edi; pop %%ebx" + "push %%ebx; cpuid; mov %%ebx, %%edi; pop %%ebx" # endif - : "=a" (output[0]), "=D" (output[1]), "=c" (output[2]), "=d" (output[3]) - : "a" (input), "c" (0) - ); - } - -# ifndef __MINGW32__ - sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULL); -# endif - - signal(SIGILL, oldHandler); - return result; + : "=a" (output[0]), "=D" (output[1]), "=c" (output[2]), "=d" (output[3]) + : "a" (input), "c" (0) + ); + return true; #endif }