[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] tcg: Fix mmap lock assert on translation failur
|
From: |
Richard Henderson |
|
Subject: |
Re: [Qemu-devel] [PATCH] tcg: Fix mmap lock assert on translation failure |
|
Date: |
Mon, 17 Jun 2019 09:58:52 -0700 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0 |
On 6/17/19 9:18 AM, Alex Bennée wrote:
>
> Richard Henderson <address@hidden> writes:
>
>> Check page flags before letting an invalid pc cause a SIGSEGV.
>>
>> Prepare for eventially validating PROT_EXEC. The current wrinkle being
>> that we have a problem with our implementation of signals. We should
>> be using a vdso like the kernel, but we instead put the trampoline on
>> the stack. In the meantime, let PROT_READ match PROT_EXEC.
>
> We can come up with a test case for this right? Would it be triggered by
> having:
>
> __attribute__((aligned(PAGE_SIZE)))
> void some_func(void) {
> /* does something */
> }
>
> __attribute__((aligned(PAGE_SIZE)))
> ... rest of code ...
>
> main () {
> mmap(&some_func, PAGE_SIZE, PROT_READ, MAP_ANONYMOUS, 0, 0);
> some_func()
> /* causes SEGV */
> mmap(&some_func, PAGE_SIZE, PROT_READ|PROT_EXEC, MAP_ANONYMOUS, 0, 0);
> some_func()
> /* works */
> }
>
> Or is it trickier to mess with your own mapped memory?
It's trickier than that, but I do have a simple test case.
https://bugs.launchpad.net/qemu/+bug/1832916
But fixing that, as I mention above, makes signal trampolines fail.
Or did you mean for Christophe's failure? That's easier -- just make a NULL
function call.
r~