From patchwork Mon Mar 20 15:34:40 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Alex_Benn=C3=A9e?= X-Patchwork-Id: 95563 Delivered-To: patch@linaro.org Received: by 10.140.89.233 with SMTP id v96csp996691qgd; Mon, 20 Mar 2017 08:35:51 -0700 (PDT) X-Received: by 10.200.55.241 with SMTP id e46mr28298036qtc.200.1490024151329; Mon, 20 Mar 2017 08:35:51 -0700 (PDT) Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id z19si13169572qtb.278.2017.03.20.08.35.51 for (version=TLS1 cipher=AES128-SHA bits=128/128); Mon, 20 Mar 2017 08:35:51 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:33581 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cpzLa-0003vI-Rp for patch@linaro.org; Mon, 20 Mar 2017 11:35:50 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35974) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cpzKA-0003tu-2h for qemu-devel@nongnu.org; Mon, 20 Mar 2017 11:34:23 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cpzK8-0005nh-HI for qemu-devel@nongnu.org; Mon, 20 Mar 2017 11:34:22 -0400 Received: from mail-wr0-x22f.google.com ([2a00:1450:400c:c0c::22f]:35508) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1cpzK8-0005mW-Ar for qemu-devel@nongnu.org; Mon, 20 Mar 2017 11:34:20 -0400 Received: by mail-wr0-x22f.google.com with SMTP id g10so94999566wrg.2 for ; Mon, 20 Mar 2017 08:34:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=VPZMOjeWpB8wpq21enEwuZNBpJ2lCNS85JMYMqSYPgw=; b=Ijt14uc3nBOS0+I59kmWGZMWFIGbppqbVHNu9iHidtj+OIkTBtd9TZS6R/g0CZlUxU UCriU3ROq/6ANDUH/4gbx484Iwr3e7O4PP5ZKO2lhg5Kdcti2bIIxn108/cZyXsujBEM uJF0AM5Gte0CIWCW/DhusdlPjoR8KAX2FandY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=VPZMOjeWpB8wpq21enEwuZNBpJ2lCNS85JMYMqSYPgw=; b=HVOvIrbWhYxp81J4ghFWR/quJubFa+5cv04eZBHWyiRxWmZMm9ddb4pf62kFcFhT8y kauuvvsgYIv/mU+FYmhqoCnPS68RHxKMKDiZRb+YcMtqyWRQNfyJOfwnzWP6xAFuxCIr mZQtXq4avB2oEsgwHG4dKhLWHnd1LwJpN5hRRvFnL+snP+qhPJZ4zyOz0MXQCCmyVMrJ S5nP7a81nD5l9+N22tDhQ0TLQWqiAGWBNH4AQu9qcl//Hspm2pHqgfyI6jzgwj8OoPs2 YyPu79h6qdLxICfxiTjItKoWn1cGZ6L+Uom3FhO1wFHVnbScAj+Hq+2xpvFfVs2embjJ bSwQ== X-Gm-Message-State: AFeK/H36iXYM2t9ZcJAs09+FuV5SUO3G7SymVS7lerySnwOikmquRjhqGdOzf7fG4YCMdE0B X-Received: by 10.223.148.35 with SMTP id 32mr25955197wrq.82.1490024059151; Mon, 20 Mar 2017 08:34:19 -0700 (PDT) Received: from zen.linaro.local ([81.128.185.34]) by smtp.gmail.com with ESMTPSA id t103sm21323268wrc.43.2017.03.20.08.34.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 20 Mar 2017 08:34:17 -0700 (PDT) Received: from zen.linaroharston (localhost [127.0.0.1]) by zen.linaro.local (Postfix) with ESMTP id 9C1A73E0189; Mon, 20 Mar 2017 15:34:41 +0000 (GMT) From: =?utf-8?q?Alex_Benn=C3=A9e?= To: peter.maydell@linaro.org, rth@twiddle.net, pbonzini@redhat.com Date: Mon, 20 Mar 2017 15:34:40 +0000 Message-Id: <20170320153441.2181-3-alex.bennee@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20170320153441.2181-1-alex.bennee@linaro.org> References: <20170320153441.2181-1-alex.bennee@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c0c::22f Subject: [Qemu-devel] [PATCH v1 2/3] user-exec: handle synchronous signals from QEMU gracefully X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: mttcg@listserver.greensocs.com, nikunj@linux.vnet.ibm.com, Riku Voipio , a.rigo@virtualopensystems.com, qemu-devel@nongnu.org, cota@braap.org, bobby.prani@gmail.com, =?utf-8?q?Alex_Benn=C3=A9e?= , fred.konrad@greensocs.com Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" When "tcg: enable thread-per-vCPU" (commit 3725794) was merged the lifetime of current_cpu was changed. Previously a broken linux-user call might abort() which can eventually escalate into a SIGSEGV which would then crash qemu as it attempted to deref a NULL current_cpu. After commit 3725794 it would attempt to fixup state and re-start the run-loop and much hilarity (i.e. a looping lockup) would ensue from jumping into a stale jmp_env. As we can actually tell if we are in the run-loop from looking at the cpu->running flag we should catch this badness first and abort() cleanly rather than try to soldier on. There is a theoretical race between the flag being set and sigsetjmp refreshing the jump buffer but we can try really hard to not introduce crashes into that code. [LV: setgroups03 fails on powerpc LTP] Reported-by: Laurent Vivier Signed-off-by: Alex Bennée --- user-exec.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) -- 2.11.0 Reviewed-by: Richard Henderson diff --git a/user-exec.c b/user-exec.c index 6db075884d..a8f95fa1e1 100644 --- a/user-exec.c +++ b/user-exec.c @@ -57,10 +57,23 @@ static void cpu_exit_tb_from_sighandler(CPUState *cpu, sigset_t *old_set) static inline int handle_cpu_signal(uintptr_t pc, unsigned long address, int is_write, sigset_t *old_set) { - CPUState *cpu; + CPUState *cpu = current_cpu; CPUClass *cc; int ret; + /* For synchronous signals we expect to be coming from the vCPU + * thread (so current_cpu should be valid) and either from running + * code or during translation which can fault as we cross pages. + * + * If neither is true then something has gone wrong and we should + * abort rather than try and restart the vCPU execution. + */ + if (!cpu || !cpu->running) { + printf("qemu:%s received signal outside vCPU context @ pc=0x%" + PRIxPTR "\n", __func__, pc); + abort(); + } + #if defined(DEBUG_SIGNAL) printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n", pc, address, is_write, *(unsigned long *)old_set); @@ -83,7 +96,7 @@ static inline int handle_cpu_signal(uintptr_t pc, unsigned long address, * currently executing TB was modified and must be exited * immediately. */ - cpu_exit_tb_from_sighandler(current_cpu, old_set); + cpu_exit_tb_from_sighandler(cpu, old_set); g_assert_not_reached(); default: g_assert_not_reached(); @@ -94,7 +107,6 @@ static inline int handle_cpu_signal(uintptr_t pc, unsigned long address, are still valid segv ones */ address = h2g_nocheck(address); - cpu = current_cpu; cc = CPU_GET_CLASS(cpu); /* see if it is an MMU fault */ g_assert(cc->handle_mmu_fault);