|
| From: | Richard Henderson |
| Subject: | Re: [PATCH 1/3] linux-user/aarch64: Add ESR signal frame for SIGSEGV, SIGBUS |
| Date: | Tue, 29 Aug 2023 14:03:36 -0700 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 |
On 8/29/23 07:35, Peter Maydell wrote:
+ /* See arch/arm64/mm/fault.c, set_thread_esr. */ + if (sig == TARGET_SIGSEGV || sig == TARGET_SIGBUS) { + return true; + }It's possible to get here without env->exception.syndrome being set correctly, I think, if we take a host SIGSEGV or SIGBUS and host_signal_handler() calls either cpu_loop_exit_sigsegv() or cpu_loop_exit_sigbus(). Can also happen for other places that call one of those two functions, like allocation_tag_mem(). At least, I can't see where we would be setting syndrome in that code path.
cpu_loop_exit_sig* go through arm_cpu_record_sigsegv and arm_cpu_record_sigbus, which use the normal fault processing paths to populate FAR_EL1 and ESR_EL1.
Maybe we should do the "sanitize ESR for fault addresses in the upper half of guest address space" logic that the kernel set_thread_esr() does?
I guess we could, though I'm not sure how such an address could occur. r~
| [Prev in Thread] | Current Thread | [Next in Thread] |