[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 1/6] user-exec: handle synchronous signals from QEMU
From: |
Alex Bennée |
Subject: |
[Qemu-devel] [PULL 1/6] user-exec: handle synchronous signals from QEMU gracefully |
Date: |
Tue, 28 Mar 2017 12:09:31 +0100 |
When "tcg: enable thread-per-vCPU" (commit 3725794) was merged the
lifetime of current_cpu was changed. Previously a broken linux-user
call might abort() which can eventually escalate into a SIGSEGV which
would then crash qemu as it attempted to deref a NULL current_cpu.
After commit 3725794 it would attempt to fixup state and re-start the
run-loop and much hilarity (i.e. a looping lockup) would ensue from
jumping into a stale jmp_env.
As we can actually tell if we are in the run-loop from looking at the
cpu->running flag we should catch this badness first and abort()
cleanly rather than try to soldier on. There is a theoretical race
between the flag being set and sigsetjmp refreshing the jump buffer
but we can try really hard to not introduce crashes into that code.
[LV: setgroups03 fails on powerpc LTP]
Reported-by: Laurent Vivier <address@hidden>
Signed-off-by: Alex Bennée <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
---
user-exec.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/user-exec.c b/user-exec.c
index 6db075884d..a8f95fa1e1 100644
--- a/user-exec.c
+++ b/user-exec.c
@@ -57,10 +57,23 @@ static void cpu_exit_tb_from_sighandler(CPUState *cpu,
sigset_t *old_set)
static inline int handle_cpu_signal(uintptr_t pc, unsigned long address,
int is_write, sigset_t *old_set)
{
- CPUState *cpu;
+ CPUState *cpu = current_cpu;
CPUClass *cc;
int ret;
+ /* For synchronous signals we expect to be coming from the vCPU
+ * thread (so current_cpu should be valid) and either from running
+ * code or during translation which can fault as we cross pages.
+ *
+ * If neither is true then something has gone wrong and we should
+ * abort rather than try and restart the vCPU execution.
+ */
+ if (!cpu || !cpu->running) {
+ printf("qemu:%s received signal outside vCPU context @ pc=0x%"
+ PRIxPTR "\n", __func__, pc);
+ abort();
+ }
+
#if defined(DEBUG_SIGNAL)
printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
pc, address, is_write, *(unsigned long *)old_set);
@@ -83,7 +96,7 @@ static inline int handle_cpu_signal(uintptr_t pc, unsigned
long address,
* currently executing TB was modified and must be exited
* immediately.
*/
- cpu_exit_tb_from_sighandler(current_cpu, old_set);
+ cpu_exit_tb_from_sighandler(cpu, old_set);
g_assert_not_reached();
default:
g_assert_not_reached();
@@ -94,7 +107,6 @@ static inline int handle_cpu_signal(uintptr_t pc, unsigned
long address,
are still valid segv ones */
address = h2g_nocheck(address);
- cpu = current_cpu;
cc = CPU_GET_CLASS(cpu);
/* see if it is an MMU fault */
g_assert(cc->handle_mmu_fault);
--
2.11.0
- [Qemu-devel] [PULL 0/6] MTTCG fixes for rc2, Alex Bennée, 2017/03/28
- [Qemu-devel] [PULL 2/6] bsd-user: align use of mmap_lock to that of linux-user, Alex Bennée, 2017/03/28
- [Qemu-devel] [PULL 5/6] tcg: Add a new line after incompatibility warning, Alex Bennée, 2017/03/28
- [Qemu-devel] [PULL 4/6] ui/console: use exclusive mechanism directly, Alex Bennée, 2017/03/28
- [Qemu-devel] [PULL 3/6] ui/console: ensure do_safe_dpy_refresh holds BQL, Alex Bennée, 2017/03/28
- [Qemu-devel] [PULL 1/6] user-exec: handle synchronous signals from QEMU gracefully,
Alex Bennée <=
- [Qemu-devel] [PULL 6/6] replay/replay.c: bump REPLAY_VERSION, Alex Bennée, 2017/03/28
- Re: [Qemu-devel] [PULL 0/6] MTTCG fixes for rc2, Peter Maydell, 2017/03/28