From patchwork Mon Apr 9 14:07:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 133042 Delivered-To: patches@linaro.org Received: by 10.46.84.29 with SMTP id i29csp293965ljb; Mon, 9 Apr 2018 07:07:17 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/9X98tvG+Ujt4R9wDvc103eP7GJqcKq9Apozc4bAJBVEtqOgJ1diINk6RVsB5wPzfc6TIH X-Received: by 10.223.191.15 with SMTP id p15mr28002194wrh.156.1523282836947; Mon, 09 Apr 2018 07:07:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523282836; cv=none; d=google.com; s=arc-20160816; b=xkj0Gon7PHv3nk32wte7O6bxJ7uzNAey2smAiQRg7Tv0PSmoL+ZFg3B/xVJFOajB/c JHX5rHkmrjBgrgfiRbhDDefwiG+hmo9ULdSxIYe+MdHyO5rzaVZ+L4e2ZZLqB+pY1143 r9+Pq5V3ijL6aOfihBa8A5JnyUMFK6Pymjzsf+CNRhdtriBW/DAJ13UW61KWP/zy6lmQ 8L/8k6VQHndpkqL/LVea/qwCH/ho4F5TMGeJ3tgNKaFhAySD461JQ9lZ6nT0f7xgs+pl 6I/cJ8UQzIJembAcfN08JC3QAkmt9m4JU7//XW24xev1FuftACu5wwG39KUSbeglXQrH /cTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=message-id:date:subject:cc:to:from:arc-authentication-results; bh=FhKh5smnaKjR8+IFEFHdaxMGPCeZ2/fIDqTPT3kLxyc=; b=QK9SjFbP99y8fpp64WbHYXzjHFuBnMqXO2Yks+qXCQLJaQKcY1dmMWpJAdmMILIVv5 OVAcGK/opmtKxFYg47Lwmxp/yQBT+V9aIbH7nq2qdomsnAvBRGhj2l+EnF2B2Na/pzh5 gJnay6zrOrMhfZtSvx9GFnQKtzSvBaU1yG45bQ8d9Y5Hj36qijOwbLOGLSoqUEZkDSnn nQI8OhLb77lZbGpT9PwbMSWj1uybrEREDa5f4YFTxn969AsjvyDidFVXlNi/5gaa1Gre FBtkHU4yKmN/q0R/V5t67rNmoyF/04zxKdw/UhioaBUkc1qo7AJRVb3/MbvsqujlpngL 9YDA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id n15si468868wmc.182.2018.04.09.07.07.16 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 09 Apr 2018 07:07:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1f5XRz-0005DA-Bt; Mon, 09 Apr 2018 15:07:15 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: patches@linaro.org, Richard Henderson , Richard Henwood , Riku Voipio , Laurent Vivier Subject: [PATCH for-2.12] linux-user/signal.c: Ensure AArch64 signal frame isn't too small Date: Mon, 9 Apr 2018 15:07:14 +0100 Message-Id: <20180409140714.26841-1-peter.maydell@linaro.org> X-Mailer: git-send-email 2.16.2 The AArch64 signal frame design was extended for SVE in commit 8c5931de0ac77388096d79ceb, so that instead of having a fixed setup we now add various records to the frame, with some of them possibly overflowing into an extra space outside the original 4K reserved block in the target_sigcontext. However, we failed to ensure that we always at least allocate the 4K reserved block. This is ABI, and some userspace programs rely on it. In particular the dash shell would segfault if the frame wasn't as big enough. (Compare the kernel's sigframe_size() function in arch/arm64/kernel/signal.c.) Reported-by: Richard Henwood Fixes: https://bugs.launchpad.net/bugs/1761535 Fixes: 8c5931de0ac77388096d79ceb Signed-off-by: Peter Maydell --- linux-user/signal.c | 6 ++++++ 1 file changed, 6 insertions(+) -- 2.16.2 Reviewed-by: Laurent Vivier Reviewed-by: Richard Henderson diff --git a/linux-user/signal.c b/linux-user/signal.c index 046d4c8aa0..8d9e6e8410 100644 --- a/linux-user/signal.c +++ b/linux-user/signal.c @@ -1850,6 +1850,12 @@ static void target_setup_frame(int usig, struct target_sigaction *ka, fr_ofs = layout.total_size; layout.total_size += sizeof(struct target_rt_frame_record); + /* We must always provide at least the standard 4K reserved space, + * even if we don't use all of it (this is part of the ABI) + */ + layout.total_size = MAX(layout.total_size, + sizeof(struct target_rt_sigframe)); + frame_addr = get_sigframe(ka, env, layout.total_size); trace_user_setup_frame(env, frame_addr); if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0)) {