diff options
Diffstat (limited to 'util/main-loop.c')
| -rw-r--r-- | util/main-loop.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/util/main-loop.c b/util/main-loop.c index 6470f8eae3..6bfc7c46f5 100644 --- a/util/main-loop.c +++ b/util/main-loop.c @@ -33,6 +33,7 @@ #include "block/aio.h" #include "qemu/error-report.h" #include "qemu/queue.h" +#include "qemu/compiler.h" #ifndef _WIN32 #include <sys/wait.h> @@ -44,6 +45,16 @@ * use signalfd to listen for them. We rely on whatever the current signal * handler is to dispatch the signals when we receive them. */ +/* + * Disable CFI checks. + * We are going to call a signal hander directly. Such handler may or may not + * have been defined in our binary, so there's no guarantee that the pointer + * used to set the handler is a cfi-valid pointer. Since the handlers are + * stored in kernel memory, changing the handler to an attacker-defined + * function requires being able to call a sigaction() syscall, + * which is not as easy as overwriting a pointer in memory. + */ +QEMU_DISABLE_CFI static void sigfd_handler(void *opaque) { int fd = (intptr_t)opaque; |