If for any reason other than stack overflow Firecracker gets a SIGSEGV or SIGBUS, the signal handler installed by Rust ends up calling sigaction to deregister itself. sigaction is not whitelisted, therefore Firecracker will exit with a seccomp violation.
What's with the sigaction?
Rust installs this signal handler to gracefully detect and handle stack overflows. A guard page tells whether the signal originated in a SO or not. If so, Rust promptly aborts to protect the program against it; if not, the signal handler deregisters itself (with sigaction) by overwriting itself with SIG_DFL. Next time the signal hits, the program will be terminated.
The way Firecracker deals with this is misleading overall; if it gets a non-stack overflow SIGSEGV/SIGBUS, we see a seccomp violation.
kill -BUS `pidof firecracker`
2019-04-19T09:46:13.958232287 [anonymous-instance:ERROR:vmm/src/sigsys_handler.rs:69] Shutting down VM after intercepting a bad syscall (13).
2019-04-19T09:46:13.958542547 [anonymous-instance:ERROR:vmm/src/sigsys_handler.rs:75] Failed to log metrics while stopping: Logger was not initialized.
alxiord
commented
5 years ago
If for any reason other than stack overflow Firecracker gets a
SIGSEGVorSIGBUS, the signal handler installed by Rust ends up callingsigactionto deregister itself.sigactionis not whitelisted, therefore Firecracker will exit with a seccomp violation.What's with the
sigaction? Rust installs this signal handler to gracefully detect and handle stack overflows. A guard page tells whether the signal originated in a SO or not. If so, Rust promptly aborts to protect the program against it; if not, the signal handler deregisters itself (withsigaction) by overwriting itself withSIG_DFL. Next time the signal hits, the program will be terminated.The way Firecracker deals with this is misleading overall; if it gets a non-stack overflow
SIGSEGV/SIGBUS, we see a seccomp violation.