• J
    uml: fix FP register corruption · 2f56debd
    Jeff Dike 提交于
    Commit ee3d9bd4 ("uml: simplify SIGSEGV
    handling"), while greatly simplifying the kernel SIGSEGV handler that
    runs in the process address space, introduced a bug which corrupts FP
    state in the process.
    
    Previously, the SIGSEGV handler called the sigreturn system call by hand - it
    couldn't return through the restorer provided to it because that could try to
    call the libc restorer which likely wouldn't exist in the process address
    space.  So, it blocked off some signals, including SIGUSR1, on entry to the
    SIGSEGV handler, queued a SIGUSR1 to itself, and invoked sigreturn.  The
    SIGUSR1 was delivered, and was visible to the UML kernel after sigreturn
    finished.
    
    The commit eliminated the signal masking and the call to sigreturn.  The
    handler simply hits itself with a SIGTRAP to let the UML kernel know that it
    is finished.  UML then restores the process registers, which effectively
    longjmps the process out of the signal handler, skipping sigreturn's restoring
    of register state and the signal mask.
    
    The bug is that the host apparently sets used_fp to 0 when it saves the
    process FP state in the sigcontext on the process signal stack.  Thus, when
    the process is longjmped out of the handler, its FP state is corrupt because
    it wasn't saved on the context switch to the UML kernel.
    
    This manifested itself as sleep hanging.  For some reason, sleep uses floating
    point in order to calculate the sleep interval.  When a page fault corrupts
    its FP state, it is faked into essentially sleeping forever.
    
    This patch saves the FP state before entering the SIGSEGV handler and restores
    it afterwards.
    Signed-off-by: NJeff Dike <jdike@linux.intel.com>
    Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
    2f56debd
registers.c 1.7 KB
新手
引导
客服 返回
顶部