[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug 1918149] [NEW] qemu-user reports wrong fault_addr in signal handler
From: |
Leonardo |
Subject: |
[Bug 1918149] [NEW] qemu-user reports wrong fault_addr in signal handler |
Date: |
Mon, 08 Mar 2021 14:58:42 -0000 |
Public bug reported:
When a SEGV signal occurs and si_addr of the info struct is nil, qemu
still tries to translate the address from host to guest
(handle_cpu_signal in accel/tcg/user-exec.c). This means, that the
actual signal handler, will receive a fault_addr that is something like
0xffffffffbf709000.
I was able to get this to happen, by branching to a non canonical address on
aarch64.
I used 5.2 (commit: 553032db17). However, building from source, this only seems
to happen, if I use the same configure flags as the debian build:
../configure --static --target-list=aarch64-linux-user --disable-system
--enable-trace-backends=simple --disable-linux-io-uring --disable-pie
--extra-cflags="-fstack-protector-strong -Wformat -Werror=format-
security -Wdate-time -D_FORTIFY_SOURCE=2" --extra-ldflags="-Wl,-z,relro
-Wl,--as-needed"
Let me know, if you need more details.
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1918149
Title:
qemu-user reports wrong fault_addr in signal handler
Status in QEMU:
New
Bug description:
When a SEGV signal occurs and si_addr of the info struct is nil, qemu
still tries to translate the address from host to guest
(handle_cpu_signal in accel/tcg/user-exec.c). This means, that the
actual signal handler, will receive a fault_addr that is something
like 0xffffffffbf709000.
I was able to get this to happen, by branching to a non canonical address on
aarch64.
I used 5.2 (commit: 553032db17). However, building from source, this only
seems to happen, if I use the same configure flags as the debian build:
../configure --static --target-list=aarch64-linux-user --disable-
system --enable-trace-backends=simple --disable-linux-io-uring
--disable-pie --extra-cflags="-fstack-protector-strong -Wformat
-Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2" --extra-
ldflags="-Wl,-z,relro -Wl,--as-needed"
Let me know, if you need more details.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1918149/+subscriptions
- [Bug 1918149] [NEW] qemu-user reports wrong fault_addr in signal handler,
Leonardo <=