From 5a224b981ee32d7cf59aaa9e2c101af65a275edc Mon Sep 17 00:00:00 2001
From: Julien Lepiller <julien@lepiller.eu>
Date: Mon, 20 Feb 2023 19:14:12 +0100
Subject: [PATCH] Dynamically allocate the alternate signal stack.

This patch is a backport of https://github.com/ocaml/ocaml/pull/10266.
---
 asmrun/signals_asm.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/asmrun/signals_asm.c b/asmrun/signals_asm.c
index 3895d75..7e2abe8 100644
--- a/asmrun/signals_asm.c
+++ b/asmrun/signals_asm.c
@@ -182,7 +182,6 @@ DECLARE_SIGNAL_HANDLER(trap_handler)
 #ifdef HAS_STACK_OVERFLOW_DETECTION
 
 static char * system_stack_top;
-static char sig_alt_stack[SIGSTKSZ];
 
 #if defined(SYS_linux)
 /* PR#4746: recent Linux kernels with support for stack randomization
@@ -274,15 +273,19 @@ void caml_init_signals(void)
 #ifdef HAS_STACK_OVERFLOW_DETECTION
   {
     stack_t stk;
-    struct sigaction act;
-    stk.ss_sp = sig_alt_stack;
+    stk.ss_sp = malloc(SIGSTKSZ);
     stk.ss_size = SIGSTKSZ;
     stk.ss_flags = 0;
-    SET_SIGACT(act, segv_handler);
-    act.sa_flags |= SA_ONSTACK | SA_NODEFER;
-    sigemptyset(&act.sa_mask);
-    system_stack_top = (char *) &act;
-    if (sigaltstack(&stk, NULL) == 0) { sigaction(SIGSEGV, &act, NULL); }
+    if (stk.ss_sp != NULL) {
+      if (sigaltstack(&stk, NULL) != -1) {                                     
+        struct sigaction act;                                                  
+        SET_SIGACT(act, segv_handler);                                         
+        act.sa_flags |= SA_ONSTACK | SA_NODEFER;                               
+        sigemptyset(&act.sa_mask);                                             
+        system_stack_top = (char *) &act;                                      
+        sigaction(SIGSEGV, &act, NULL);                                        
+      }
+    }
   }
 #endif
 }
-- 
2.38.1

value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=5fb34b55ff48477fc249148dcd54b70a8e0e4fd7'>root</a>/<a href='/guix/log/etc?id=5fb34b55ff48477fc249148dcd54b70a8e0e4fd7'>etc</a>/<a href='/guix/log/etc/guix-daemon.cil.in?id=5fb34b55ff48477fc249148dcd54b70a8e0e4fd7'>guix-daemon.cil.in</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/etc/guix-daemon.cil.in?id=5fb34b55ff48477fc249148dcd54b70a8e0e4fd7&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2020-12-10 23:48:42 +0100'>2020-12-10</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=d677f3d6231d352fdb65b70f67d85fb5744e912c'>etc: Add more SELinux permissions for the daemon.</a><span class='msg-avail'>...<span class='msg-tooltip'>* etc/guix-daemon.cil.in (guix_daemon): Permit file write, getattr, link and
unlink for the guix_daemon_exec_t type.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-11-27 21:33:59 +0100'>2020-11-27</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=1807632393d0723f3085c457517965c32715717a'>etc: Add more SELinux permissions for the daemon.</a><span class='msg-avail'>...<span class='msg-tooltip'>* etc/guix-daemon.cil.in (guix_daemon): Permit more operations required for
various build jobs.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-11-26 00:31:47 +0100'>2020-11-26</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=402ebffe195890c9826cfa7519034dd12a48ae6a'>etc: Add more SELinux permissions for the daemon.</a><span class='msg-avail'>...<span class='msg-tooltip'>* etc/guix-daemon.cil.in (guix_daemon): Permit file appending, setattr,
read/write UDP sockets, access to tmpfs and hugetlbfs, and connecting to
PostgreSQL.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-11-25 23:24:52 +0100'>2020-11-25</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=d64e0261d0007413a795c4cf01f9d06b170da3f5'>etc: Add more SELinux permissions for the daemon.</a><span class='msg-avail'>...<span class='msg-tooltip'>This is needed for some package test suites.

* etc/guix-daemon.cil.in (guix_daemon): Permit unix_dgram_socket operations.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-11-15 16:08:47 +0100'>2020-11-15</span></td><td><a href='/guix/commit/etc/guix-daemon.cil.in?id=62343288ef6dc56027d268ef773ae699a4bbb76d'>etc: Updates for the guix-daemon SELinux policy.</a><span class='msg-avail'>...<span class='msg-tooltip'>* etc/guix-daemon.cil.in (guix_daemon): Specify more permissions for
guix-daemon to account for daemon updates and newer SELinux.

I can't promise that this is a complete list of everything that guix-daemon
needs, but it's probably most of them. It can search for, install, upgrade,
and remove packages, create virtual machines and containers, update itself,
and so on.

Signed-off-by: Marius Bakke &lt;marius@gnu.org&gt;
</span></span></td><td>Daniel Brooks</td></tr>

Age	Commit message (Expand)	Author
2020-12-10	etc: Add more SELinux permissions for the daemon....* etc/guix-daemon.cil.in (guix_daemon): Permit file write, getattr, link and unlink for the guix_daemon_exec_t type.	Marius Bakke
2020-11-27	etc: Add more SELinux permissions for the daemon....* etc/guix-daemon.cil.in (guix_daemon): Permit more operations required for various build jobs.	Marius Bakke
2020-11-26	etc: Add more SELinux permissions for the daemon....* etc/guix-daemon.cil.in (guix_daemon): Permit file appending, setattr, read/write UDP sockets, access to tmpfs and hugetlbfs, and connecting to PostgreSQL.	Marius Bakke
2020-11-25	etc: Add more SELinux permissions for the daemon....This is needed for some package test suites. * etc/guix-daemon.cil.in (guix_daemon): Permit unix_dgram_socket operations.	Marius Bakke
2020-11-15	etc: Updates for the guix-daemon SELinux policy....* etc/guix-daemon.cil.in (guix_daemon): Specify more permissions for guix-daemon to account for daemon updates and newer SELinux. I can't promise that this is a complete list of everything that guix-daemon needs, but it's probably most of them. It can search for, install, upgrade, and remove packages, create virtual machines and containers, update itself, and so on. Signed-off-by: Marius Bakke <marius@gnu.org>	Daniel Brooks