Commit 2f56debd authored by Jeff Dike's avatar Jeff Dike Committed by Linus Torvalds

uml: fix FP register corruption

Commit ee3d9bd4 ("uml: simplify SIGSEGV
handling"), while greatly simplifying the kernel SIGSEGV handler that
runs in the process address space, introduced a bug which corrupts FP
state in the process.

Previously, the SIGSEGV handler called the sigreturn system call by hand - it
couldn't return through the restorer provided to it because that could try to
call the libc restorer which likely wouldn't exist in the process address
space.  So, it blocked off some signals, including SIGUSR1, on entry to the
SIGSEGV handler, queued a SIGUSR1 to itself, and invoked sigreturn.  The
SIGUSR1 was delivered, and was visible to the UML kernel after sigreturn
finished.

The commit eliminated the signal masking and the call to sigreturn.  The
handler simply hits itself with a SIGTRAP to let the UML kernel know that it
is finished.  UML then restores the process registers, which effectively
longjmps the process out of the signal handler, skipping sigreturn's restoring
of register state and the signal mask.

The bug is that the host apparently sets used_fp to 0 when it saves the
process FP state in the sigcontext on the process signal stack.  Thus, when
the process is longjmped out of the handler, its FP state is corrupt because
it wasn't saved on the context switch to the UML kernel.

This manifested itself as sleep hanging.  For some reason, sleep uses floating
point in order to calculate the sleep interval.  When a page fault corrupts
its FP state, it is faked into essentially sleeping forever.

This patch saves the FP state before entering the SIGSEGV handler and restores
it afterwards.
Signed-off-by: default avatarJeff Dike <jdike@linux.intel.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent e4d06b3f
...@@ -18,5 +18,7 @@ extern int restore_registers(int pid, struct uml_pt_regs *regs); ...@@ -18,5 +18,7 @@ extern int restore_registers(int pid, struct uml_pt_regs *regs);
extern int init_registers(int pid); extern int init_registers(int pid);
extern void get_safe_registers(unsigned long *regs); extern void get_safe_registers(unsigned long *regs);
extern unsigned long get_thread_reg(int reg, jmp_buf *buf); extern unsigned long get_thread_reg(int reg, jmp_buf *buf);
extern int get_fp_registers(int pid, unsigned long *regs);
extern int put_fp_registers(int pid, unsigned long *regs);
#endif #endif
...@@ -9,6 +9,7 @@ ...@@ -9,6 +9,7 @@
#include <sys/ptrace.h> #include <sys/ptrace.h>
#include <linux/ptrace.h> #include <linux/ptrace.h>
#include <asm/ptrace.h> #include <asm/ptrace.h>
#include "user_constants.h"
#define PT_OFFSET(r) ((r) * sizeof(long)) #define PT_OFFSET(r) ((r) * sizeof(long))
...@@ -40,6 +41,8 @@ ...@@ -40,6 +41,8 @@
#define PT_SP_OFFSET PT_OFFSET(UESP) #define PT_SP_OFFSET PT_OFFSET(UESP)
#define PT_SP(regs) ((regs)[UESP]) #define PT_SP(regs) ((regs)[UESP])
#define FP_SIZE ((HOST_XFP_SIZE > HOST_FP_SIZE) ? HOST_XFP_SIZE : HOST_FP_SIZE)
#ifndef FRAME_SIZE #ifndef FRAME_SIZE
#define FRAME_SIZE (17) #define FRAME_SIZE (17)
#endif #endif
......
...@@ -12,6 +12,7 @@ ...@@ -12,6 +12,7 @@
#include <linux/ptrace.h> #include <linux/ptrace.h>
#include <asm/ptrace.h> #include <asm/ptrace.h>
#undef __FRAME_OFFSETS #undef __FRAME_OFFSETS
#include "user_constants.h"
#define PT_INDEX(off) ((off) / sizeof(unsigned long)) #define PT_INDEX(off) ((off) / sizeof(unsigned long))
...@@ -69,6 +70,8 @@ ...@@ -69,6 +70,8 @@
#define REGS_IP_INDEX PT_INDEX(RIP) #define REGS_IP_INDEX PT_INDEX(RIP)
#define REGS_SP_INDEX PT_INDEX(RSP) #define REGS_SP_INDEX PT_INDEX(RSP)
#define FP_SIZE (HOST_FP_SIZE)
#endif #endif
/* /*
......
...@@ -115,6 +115,14 @@ void get_skas_faultinfo(int pid, struct faultinfo * fi) ...@@ -115,6 +115,14 @@ void get_skas_faultinfo(int pid, struct faultinfo * fi)
sizeof(struct ptrace_faultinfo)); sizeof(struct ptrace_faultinfo));
} }
else { else {
unsigned long fpregs[FP_SIZE];
err = get_fp_registers(pid, fpregs);
if (err < 0) {
printk(UM_KERN_ERR "save_fp_registers returned %d\n",
err);
fatal_sigsegv();
}
err = ptrace(PTRACE_CONT, pid, 0, SIGSEGV); err = ptrace(PTRACE_CONT, pid, 0, SIGSEGV);
if (err) { if (err) {
printk(UM_KERN_ERR "Failed to continue stub, pid = %d, " printk(UM_KERN_ERR "Failed to continue stub, pid = %d, "
...@@ -128,6 +136,13 @@ void get_skas_faultinfo(int pid, struct faultinfo * fi) ...@@ -128,6 +136,13 @@ void get_skas_faultinfo(int pid, struct faultinfo * fi)
* the stub stack page. We just have to copy it. * the stub stack page. We just have to copy it.
*/ */
memcpy(fi, (void *)current_stub_stack(), sizeof(*fi)); memcpy(fi, (void *)current_stub_stack(), sizeof(*fi));
err = put_fp_registers(pid, fpregs);
if (err < 0) {
printk(UM_KERN_ERR "put_fp_registers returned %d\n",
err);
fatal_sigsegv();
}
} }
} }
......
...@@ -56,6 +56,22 @@ unsigned long get_thread_reg(int reg, jmp_buf *buf) ...@@ -56,6 +56,22 @@ unsigned long get_thread_reg(int reg, jmp_buf *buf)
int have_fpx_regs = 1; int have_fpx_regs = 1;
int get_fp_registers(int pid, unsigned long *regs)
{
if (have_fpx_regs)
return save_fpx_registers(pid, regs);
else
return save_fp_registers(pid, regs);
}
int put_fp_registers(int pid, unsigned long *regs)
{
if (have_fpx_regs)
return restore_fpx_registers(pid, regs);
else
return restore_fp_registers(pid, regs);
}
void arch_init_registers(int pid) void arch_init_registers(int pid)
{ {
unsigned long fpx_regs[HOST_XFP_SIZE]; unsigned long fpx_regs[HOST_XFP_SIZE];
......
...@@ -40,3 +40,13 @@ unsigned long get_thread_reg(int reg, jmp_buf *buf) ...@@ -40,3 +40,13 @@ unsigned long get_thread_reg(int reg, jmp_buf *buf)
return 0; return 0;
} }
} }
int get_fp_registers(int pid, unsigned long *regs)
{
return save_fp_registers(pid, regs);
}
int put_fp_registers(int pid, unsigned long *regs)
{
return restore_fp_registers(pid, regs);
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment