Re: [uml-devel] [PATCH] remove csum_partial_copy_generic_i386 to clean up exception table

[Richard Weinberger <richard@nod.at>]

Am 18.07.2014 01:13, schrieb Real Name:
> On Sat, Jun 28, 2014 at 12:06:28PM +0800, Real Name wrote:
>> On Sat, Jun 21, 2014 at 03:28:52PM +0800, Real Name wrote:
>>> On Thu, Jun 05, 2014 at 11:49:49PM +0200, Richard Weinberger wrote:
>>>> Am 05.06.2014 06:15, schrieb Honggang Li:
>>>>> arch/x86/um/checksum_32.S had been copy & paste from x86. When build
>>>>> x86 uml, csum_partial_copy_generic_i386 mess up the exception table.
>>>>> In fact, exception table dose not work in uml kernel.
>>>>
>>>> Are you sure that exception tables do not work on UML?
>>>> I said, I'm not sure. Can you please find out?
>>>
>>> Hi,
>>>  After traced i386 uml kernel with gdb , I'm sure exception tables 
>>> do *not* work. When csum_partial_copy_generic_i386 read user space memory, 
>>> an access error exception arises, however, the segv function always
>>> return zero. So, the fixup nerver executed. The uml system hang (not
>>> kernel panic).
>>
>> The kernel hang because the SEGV signal handler can't modify the EIP
>> register in signal context. 
>>
>> Here is the summary why exception table dose not works for linux (>3.3):
>> 1) broken exception table (706276543b699d80f546e45f8b12574e7b18d952)
>> 2) arch_fixup modify the local copy of regs. 	
> 
> hi, Richard
> ping? are you agree with what i said?
>

Yeah, I think we can merge both of your patches in 3.17. :)

Thanks,
//richard

>>>
>>> thanks.
>>>
>>>>
>>>> In arch/um/kernel/trap.c:segv() we have the mechanism for it:
>>>>         else if (!is_user && arch_fixup(ip, regs))
>>>>                 goto out;
>> 0) access invalid memory address in kernel (no mm for the address. it is
>> easy to force invalid memory acess in kernel. I cast 0x1234 as a void
>> pointer, and pass it to csum_partial_copy_generic_i386)
>> 1) SEGV signal arise
>> 1.1) hard_handler (arch/um/os-Linux/signal.c)
>> The third argument of hard_handler point to signal context.
>> 1.2) call sig_handler 
>> 1.3) call sig_handler_common (dump the registers in signal context into
>> 	local var struct uml_pt_regs r.). line 36 is the key point why
>> exception table dose not works in UML.
>>
>> 34         if (sig == SIGSEGV) {
>> 35                 /* For segfaults, we want the data from the	sigcontext. */
>> 36                 get_regs_from_mc(&r, mc);
>> 37                 GET_FAULTINFO_FROM_MC(r.faultinfo, mc);
>> 38         
>>
>> 1.4) call segv_handler (arch/um/kernel/trap.c)
>> 1.5) call segv
>> 1.6) call arch_fixup (arch/x86/um/fault.c)
>> 1.7) arch_fixup (UPT_IP(regs) = fixup->fixup;) set the EIP register of
>> local copy uml_pt_regs
>> 1.8) When function return to sig_handler, the EIP change lost
>> 1.9) When hard_handler signal handler return, it restore the EIP with
>> the address arise the SEGV in step 0. The fixup section never be
>> executed. If exception table works, UML kernel should run fixup code in
>> here.
>>
>> Then repeate step 0 to 1.9, kernel hang on.
>>
>> thanks
>>
>>>>
>>>> The interesting question is, is this by design or was it just copy&pasted from x86
>>>> many moons ago? :)
>>>>
>>>>> And csum_partial_copy_generic_i386 never been called. So, delete it.
>>>>
>>>> I like such clean ups. :-)
>>>>
>>>> Thanks,
>>>> //richard

------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel