Michael Schmitz <schmitzmic@xxxxxxxxx> writes:
Hi Eric,
On 21/07/21 8:32 am, Eric W. Biederman wrote:
diff --git a/arch/m68k/fpsp040/skeleton.S b/arch/m68k/fpsp040/skeleton.S
index a8f4161..6c92d38 100644
--- a/arch/m68k/fpsp040/skeleton.S
+++ b/arch/m68k/fpsp040/skeleton.S
@@ -502,7 +502,17 @@ in_ea:
.section .fixup,#alloc,#execinstr
.even
1:
+
+ SAVE_ALL_INT
+ SAVE_SWITCH_STACK
^^^^^^^^^^
I don't think this saves the registers in the well known fixed location
on the stack because some registers are saved at the exception entry
point.
The FPU exception entry points are not using the exception entry code in
head.S. These entry points are stored in the exception vector table directly. No
saving of a syscall stack frame happens there. The FPU places its exception
frame on the stack, and that is what the FPU exception handlers use.
(If these have to call out to the generic exception handlers again, they will
build a minimal stack frame, see code in skeleton.S.)
Calling fpsp040_die() is no different from calling a syscall that may need to
have access to the full stack frame. The 'fixed location' is just 'on the stack
before calling fpsp040_die()', again this is no different from calling
e.g. sys_fork() which does not take a pointer to the begin of the stack frame as
an argument.
I must admit I never looked at how do_exit() figures out where the stack frame
containing the saved registers is stored, I just assumed it unwinds the stack up
to the point where the caller syscall was made, and works from there. The same
strategy ought to work here.
For do_exit the part we need to be careful with is PTRACE_EVENT_EXIT,
which means it is ptrace that we need to look at.
For m68k the code in put_reg and get_reg finds the registers by looking
at task->thread.esp0.
I was expecting m68k to use the same technique as alpha which expects a
fixed offset from task_stack_page(task).
So your code will work if you add code to update task->thread.esp0 which
is also known as THREAD_ESP0 in entry.S
Without being saved at the well known fixed location if some process
stops in PTRACE_EVENT_EXIT in do_exit we likely get some complete
gibberish.
That is probably safe.
jbra fpsp040_die
+ addql #8,%sp
+ addql #8,%sp
+ addql #8,%sp
+ addql #8,%sp
+ addql #8,%sp
+ addql #4,%sp
+ rts
Especially as everything after jumping to fpsp040_die does not execute.
Unless we change fpsp040_die() to call force_sig(SIGSEGV).
Yes. I think we would probably need to have it also call get_signal and
all of that, because I don't think the very light call path for that
exception includes testing if signals are pending.
The way the code is structured it is actively incorrect to return from
fpsp040_die, as the code does not know what to do if it reads a byte
from userspace and there is nothing there.
So instead of handling -EFAULT like most pieces of kernel code the code
just immediately calls do_exit, and does not even attempt to handle
the error.
That is not my favorite strategy at all, but I suspect it isn't worth
it, or safe to update the skeleton.S to handle errors. Especially as we
have not even figured out how to test that code yet.
Eric
