Re: [uml-devel] [PATCH] remove csum_partial_copy_generic_i386 to clean up exception table

[Real Name <enjoymindful@gmail.com>]

On Sat, Jun 21, 2014 at 03:28:52PM +0800, Real Name wrote:
> On Thu, Jun 05, 2014 at 11:49:49PM +0200, Richard Weinberger wrote:
> > Am 05.06.2014 06:15, schrieb Honggang Li:
> > > arch/x86/um/checksum_32.S had been copy & paste from x86. When build
> > > x86 uml, csum_partial_copy_generic_i386 mess up the exception table.
> > > In fact, exception table dose not work in uml kernel.
> > 
> > Are you sure that exception tables do not work on UML?
> > I said, I'm not sure. Can you please find out?
> 
> Hi,
>  After traced i386 uml kernel with gdb , I'm sure exception tables 
> do *not* work. When csum_partial_copy_generic_i386 read user space memory, 
> an access error exception arises, however, the segv function always
> return zero. So, the fixup nerver executed. The uml system hang (not
> kernel panic).

The kernel hang because the SEGV signal handler can't modify the EIP
register in signal context. 

Here is the summary why exception table dose not works for linux (>3.3):
1) broken exception table (706276543b699d80f546e45f8b12574e7b18d952)
2) arch_fixup modify the local copy of regs. 	
> 
> thanks.
> 
> > 
> > In arch/um/kernel/trap.c:segv() we have the mechanism for it:
> >         else if (!is_user && arch_fixup(ip, regs))
> >                 goto out;
0) access invalid memory address in kernel (no mm for the address. it is
easy to force invalid memory acess in kernel. I cast 0x1234 as a void
pointer, and pass it to csum_partial_copy_generic_i386)
1) SEGV signal arise
1.1) hard_handler (arch/um/os-Linux/signal.c)
The third argument of hard_handler point to signal context.
1.2) call sig_handler 
1.3) call sig_handler_common (dump the registers in signal context into
	local var struct uml_pt_regs r.). line 36 is the key point why
exception table dose not works in UML.

34         if (sig == SIGSEGV) {
35                 /* For segfaults, we want the data from the	sigcontext. */
36                 get_regs_from_mc(&r, mc);
37                 GET_FAULTINFO_FROM_MC(r.faultinfo, mc);
38         

1.4) call segv_handler (arch/um/kernel/trap.c)
1.5) call segv
1.6) call arch_fixup (arch/x86/um/fault.c)
1.7) arch_fixup (UPT_IP(regs) = fixup->fixup;) set the EIP register of
local copy uml_pt_regs
1.8) When function return to sig_handler, the EIP change lost
1.9) When hard_handler signal handler return, it restore the EIP with
the address arise the SEGV in step 0. The fixup section never be
executed. If exception table works, UML kernel should run fixup code in
here.

Then repeate step 0 to 1.9, kernel hang on.

thanks

> > 
> > The interesting question is, is this by design or was it just copy&pasted from x86
> > many moons ago? :)
> > 
> > > And csum_partial_copy_generic_i386 never been called. So, delete it.
> > 
> > I like such clean ups. :-)
> > 
> > Thanks,
> > //richard

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel