The sigreturn SVC is put onto the stack by the emulation code. Hence
the address of it should not be subject to guest_base transformation
when fetching it.
The fix applies h2g to the address when writing it into the return
address register to nullify the transformation applied to it later.
Note: This only caused problems if Qemu has been built with
--disable-pie (as it is in distros nowadays). Otherwise guest_base
defaults to 0 hiding the actual problem.
Signed-off-by: Andreas Krebbel <krebbel@linux.ibm.com>
---
linux-user/s390x/signal.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/linux-user/s390x/signal.c b/linux-user/s390x/signal.c
index ecfa2a14a9..1412376958 100644
--- a/linux-user/s390x/signal.c
+++ b/linux-user/s390x/signal.c
@@ -152,7 +152,7 @@ void setup_frame(int sig, struct target_sigaction *ka,
env->regs[14] = (unsigned long)
ka->sa_restorer | PSW_ADDR_AMODE;
} else {
- env->regs[14] = (frame_addr + offsetof(sigframe, retcode))
+ env->regs[14] = h2g(frame_addr + offsetof(sigframe, retcode))
| PSW_ADDR_AMODE;
__put_user(S390_SYSCALL_OPCODE | TARGET_NR_sigreturn,
(uint16_t *)(frame->retcode));
@@ -213,7 +213,7 @@ void setup_rt_frame(int sig, struct target_sigaction *ka,
if (ka->sa_flags & TARGET_SA_RESTORER) {
env->regs[14] = (unsigned long) ka->sa_restorer | PSW_ADDR_AMODE;
} else {
- env->regs[14] = (unsigned long) frame->retcode | PSW_ADDR_AMODE;
+ env->regs[14] = (unsigned long) h2g(frame->retcode) | PSW_ADDR_AMODE;
__put_user(S390_SYSCALL_OPCODE | TARGET_NR_rt_sigreturn,
(uint16_t *)(frame->retcode));
}