[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] tcg: Fix mmap lock assert on translation failur
|
From: |
Alex Bennée |
|
Subject: |
Re: [Qemu-devel] [PATCH] tcg: Fix mmap lock assert on translation failure |
|
Date: |
Mon, 17 Jun 2019 19:10:28 +0100 |
|
User-agent: |
mu4e 1.3.2; emacs 26.1 |
Richard Henderson <address@hidden> writes:
> On 6/17/19 9:18 AM, Alex Bennée wrote:
>>
>> Richard Henderson <address@hidden> writes:
>>
>>> Check page flags before letting an invalid pc cause a SIGSEGV.
>>>
>>> Prepare for eventially validating PROT_EXEC. The current wrinkle being
>>> that we have a problem with our implementation of signals. We should
>>> be using a vdso like the kernel, but we instead put the trampoline on
>>> the stack. In the meantime, let PROT_READ match PROT_EXEC.
>>
>> We can come up with a test case for this right? Would it be triggered by
>> having:
>>
>> __attribute__((aligned(PAGE_SIZE)))
>> void some_func(void) {
>> /* does something */
>> }
>>
>> __attribute__((aligned(PAGE_SIZE)))
>> ... rest of code ...
>>
>> main () {
>> mmap(&some_func, PAGE_SIZE, PROT_READ, MAP_ANONYMOUS, 0, 0);
>> some_func()
>> /* causes SEGV */
>> mmap(&some_func, PAGE_SIZE, PROT_READ|PROT_EXEC, MAP_ANONYMOUS, 0, 0);
>> some_func()
>> /* works */
>> }
>>
>> Or is it trickier to mess with your own mapped memory?
>
> It's trickier than that, but I do have a simple test case.
>
> https://bugs.launchpad.net/qemu/+bug/1832916
>
> But fixing that, as I mention above, makes signal trampolines fail.
Ahh I missed that. I guess we add it once we have the full solution.
>
> Or did you mean for Christophe's failure? That's easier -- just make a NULL
> function call.
>
>
> r~
--
Alex Bennée