Don't install signal handler when checking cpuid

As part of its CPU feature detection, CryptoPP installs a SIGILL signal handler before issuing the cpuid instruction. The intent is to gracefully degrade on CPUs that don't support the cpuid instruction. The problem is that it is impossible to safely overwrite a signal handler installed by the Go runtime in go1.10 on macOS (golang/go#22805). This causes CockroachDB 2.0 to crash on macOS Mojave: cockroachdb/cockroach#31380. The situation has improved on the Go front, as go1.11 makes it possible to safely save and restore signal handlers installed by the Go runtime on macOS. Still, we can do better and support go1.10. There is no need to bother installing a SIGILL handler, as the cpuid instruction is supported by every x86-64 CPU. We can instead use conditional compilation to make sure that we never execute a cpuid instruction on a non x86-64 CPU. Note that CPU feature detection is performed at executable load time (see the attribute(constructor) on DetectX86Features); therefore any reference to function which calls DetectX86Features (notably HasAESNI) corrupts the signal handler. It's not entirely clear why this corruption later leads to the SIGTRAP seen in cockroachdb/cockroach#31380--is something in macOS or the Go runtime generating a SIGILL and trying to handle it gracefully?--but regardless, not mucking with the signal handler fixes the issue.
cockroachdb · Oct 16, 2018 · 6d60644 · 6d60644
1 parent c621ce0
commit 6d60644
Showing 1 changed file with 13 additions and 36 deletions.
diff --git a/cpu.cpp b/cpu.cpp
@@ -61,7 +61,9 @@ extern "C"
 
 bool CpuId(word32 input, word32 output[4])
 {
-#if defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY)
+#if !defined(__x86_64__) && !defined(__i386__)
+	return false;
+#elif defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY)
     __try
 	{
 		__asm
@@ -88,44 +90,19 @@ bool CpuId(word32 input, word32 output[4])
 
 	return true;
 #else
-	// longjmp and clobber warnings. Volatile is required.
-	// http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854
-	volatile bool result = true;
-
-	volatile SigHandler oldHandler = signal(SIGILL, SigIllHandlerCPUID);
-	if (oldHandler == SIG_ERR)
-		return false;
-
-# ifndef __MINGW32__
-	volatile sigset_t oldMask;
-	if (sigprocmask(0, NULL, (sigset_t*)&oldMask))
-		return false;
-# endif
-
-	if (setjmp(s_jmpNoCPUID))
-		result = false;
-	else
-	{
-		asm volatile
-		(
-			// save ebx in case -fPIC is being used
-			// TODO: this might need an early clobber on EDI.
+	asm volatile
+	(
+		// save ebx in case -fPIC is being used
+		// TODO: this might need an early clobber on EDI.
 # if CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64
-			"pushq %%rbx; cpuid; mov %%ebx, %%edi; popq %%rbx"
+		"pushq %%rbx; cpuid; mov %%ebx, %%edi; popq %%rbx"
 # else
-			"push %%ebx; cpuid; mov %%ebx, %%edi; pop %%ebx"
+		"push %%ebx; cpuid; mov %%ebx, %%edi; pop %%ebx"
 # endif
-			: "=a" (output[0]), "=D" (output[1]), "=c" (output[2]), "=d" (output[3])
-			: "a" (input), "c" (0)
-		);
-	}
-
-# ifndef __MINGW32__
-	sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULL);
-# endif
-
-	signal(SIGILL, oldHandler);
-	return result;
+		: "=a" (output[0]), "=D" (output[1]), "=c" (output[2]), "=d" (output[3])
+		: "a" (input), "c" (0)
+	);
+	return true;
 #endif
 }