On Mon, 24 Apr 2023, Michael Schmitz wrote:
I don't understand these results. If usp was really overwritten, the
program would have crashed early, no?
I think we're still at the point where rec() is called recursively,
before any returns.
Right. I wasn't thinking.
I'll try to confirm that each "overwrote usp" error from movemlrt.c
corresponds to visible corruption at the given address in the core dump.
Exception right before crash was an interrupt in this case (only seen
that once in this context, though I've seen lots of those in the
course of the test runs). Frame start calculated from siginfo pointer
value in this case.
I didn't realize that you could get a crash from a signal delivered
following an interrupt. I'll try to modify the kernel such that
signals are not delivered after page faults.
Yes, that was news to me, too.
That seems to be a mistake (?) I didn't see any failures when I patched
the kernel to skip signal delivery after a page fault.
