[PATCH gnupg v11] Disable CPU speculation-related misfeatures
Jacob Bachmeyer
jcb62281 at gmail.com
Thu Jul 10 05:40:28 CEST 2025
On 7/9/25 07:22, Guido Trentalancia wrote:
> A new v11 patch has created to use sigaction() instead of signal() to
> deal with the SIGBUS signal. A few other cosmetic changes have been
> introduced.
This v11 does not actually fix the problem with the patch in v10: you
now *obtain* the previous SIGBUS handler but you never *restore* it
after prctl() returns. (You need a second (or third) sigaction() call
to reinstall the old handler after calling prctl(). A single
sigaction() call could both set a new handler *and* return the old
handler before calling prctl().)
Further, as Werner Koch, who is the GPG maintainer and therefore the
person whose approval you need for this patch to be accepted, noted in
another reply to the v10 patch, signal handling in GnuPG uses the nPth
signal features, with which I am unfamiliar. You will need to find
those and use them instead of signal() or sigaction().
Also, as Werner Koch noted, you cannot call log_* functions in a signal
handler, nor can you call them from code in early_system_init(),
although the latter appears to "happen to work" *if* you have actually
been testing your patch.
Are you actually testing the error paths in your patch? Are you testing
the patch at all?
-- Jacob
More information about the Gnupg-devel
mailing list