mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

user-exec: handle synchronous signals from QEMU gracefully

Browse Source 
When "tcg: enable thread-per-vCPU" (commit 3725794) was merged the
lifetime of current_cpu was changed. Previously a broken linux-user
call might abort() which can eventually escalate into a SIGSEGV which
would then crash qemu as it attempted to deref a NULL current_cpu.
After commit 3725794 it would attempt to fixup state and re-start the
run-loop and much hilarity (i.e. a looping lockup) would ensue from
jumping into a stale jmp_env.

As we can actually tell if we are in the run-loop from looking at the
cpu->running flag we should catch this badness first and abort()
cleanly rather than try to soldier on. There is a theoretical race
between the flag being set and sigsetjmp refreshing the jump buffer
but we can try really hard to not introduce crashes into that code.

[LV: setgroups03 fails on powerpc LTP]
Reported-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Alex Bennée 2017-03-20 11:31:44 +00:00
parent ea2afcf5b6
commit 02bed6bd5f
1 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
user-exec.c
View File

@ -57,10 +57,23 @@ static void cpu_exit_tb_from_sighandler(CPUState *cpu, sigset_t *old_set)
static inline int handle_cpu_signal(uintptr_t pc, unsigned long address, static inline int handle_cpu_signal(uintptr_t pc, unsigned long address,
int is_write, sigset_t *old_set) int is_write, sigset_t *old_set)
{ {
CPUState *cpu; CPUState *cpu = current_cpu;
CPUClass *cc; CPUClass *cc;
int ret; int ret;
/* For synchronous signals we expect to be coming from the vCPU
* thread (so current_cpu should be valid) and either from running
* code or during translation which can fault as we cross pages.
*
* If neither is true then something has gone wrong and we should
* abort rather than try and restart the vCPU execution.
*/
if (!cpu || !cpu->running) {
printf("qemu:%s received signal outside vCPU context @ pc=0x%"
PRIxPTR "\n", __func__, pc);
abort();
}
#if defined(DEBUG_SIGNAL) #if defined(DEBUG_SIGNAL)
printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n", printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
pc, address, is_write, *(unsigned long *)old_set); pc, address, is_write, *(unsigned long *)old_set);
@ -83,7 +96,7 @@ static inline int handle_cpu_signal(uintptr_t pc, unsigned long address,
* currently executing TB was modified and must be exited * currently executing TB was modified and must be exited
* immediately. * immediately.
*/ */
cpu_exit_tb_from_sighandler(current_cpu, old_set); cpu_exit_tb_from_sighandler(cpu, old_set);
g_assert_not_reached(); g_assert_not_reached();
default: default:
g_assert_not_reached(); g_assert_not_reached();
@ -94,7 +107,6 @@ static inline int handle_cpu_signal(uintptr_t pc, unsigned long address,
are still valid segv ones */ are still valid segv ones */
address = h2g_nocheck(address); address = h2g_nocheck(address);
cpu = current_cpu;
cc = CPU_GET_CLASS(cpu); cc = CPU_GET_CLASS(cpu);
/* see if it is an MMU fault */ /* see if it is an MMU fault */
g_assert(cc->handle_mmu_fault); g_assert(cc->handle_mmu_fault);