[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2] target/s390x: Fix translation exception on illegal instru
Re: [PATCH v2] target/s390x: Fix translation exception on illegal instruction
Tue, 13 Apr 2021 17:34:09 -0700
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1
On 4/13/21 9:52 AM, Ilya Leoshkevich wrote:
Hitting an uretprobe in a s390x TCG guest causes a SIGSEGV. What
* uretprobe maps a userspace page containing an invalid instruction.
* uretprobe replaces the target function's return address with the
address of that page.
* When tb_gen_code() is called on that page, tb->size ends up being 0
(because the page starts with the invalid instruction), which causes
virt_page2 to point to the previous page.
* The previous page is not mapped, so this causes a spurious
The bug is that tb->size must never be 0: even if there is an illegal
instruction, the instruction bytes that have been looked at must count
towards tb->size. So adjust s390x's translate_one() to act this way
for both illegal instructions and instructions that are known to
Also add an assertion to tb_gen_code() in order to detect such
situations in future.
Signed-off-by: Ilya Leoshkevich<firstname.lastname@example.org>
Reviewed-by: Richard Henderson <email@example.com>