Re: [PATCH v1 1/1] m68k: Move signal frame following exception on 68020/030

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, May 6, 2023 at 11:36 AM Finn Thain <fthain@xxxxxxxxxxxxxx> wrote:

On 68030/020, an instruction such as, moveml %a2-%a3/%a5,%sp@- may cause
a stack page fault during instruction execution (i.e. not at an
instruction boundary) and produce a format 0xB exception frame.

In this situation, the value of USP will be unreliable. If a signal is to
be delivered following the exception, this USP value is used to calculate
the location for a signal frame. This can result in a corrupted user
stack.

The corruption was detected in dash (actually in glibc) where it showed
up as an intermittent "stack smashing detected" message and crash
following signal delivery for SIGCHLD.

It was hard to reproduce that failure because delivery of the signal
raced with the page fault and because the kernel places an unpredictable
gap of up to 7 bytes between the USP and the signal frame.

A format 0xB exception frame can be produced by a bus error or an address
error. The 68030 Users Manual says that address errors occur immediately
upon detection during instruction prefetch. The instruction pipeline
allows prefetch to overlap with other instructions, which means an
address error can arise during the execution of a different instruction.
So it seems likely that this patch may help in the address error case also.

Reported-and-tested-by: Stan Johnson <userm57@xxxxxxxxx>
Link: https://lore.kernel.org/all/CAMuHMdW3yD22_ApemzW_6me3adq6A458u1_F0v-1EYwK_62jPA@xxxxxxxxxxxxxx/
Cc: Michael Schmitz <schmitzmic@xxxxxxxxx>
Cc: Andreas Schwab <schwab@xxxxxxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Co-developed-by: Michael Schmitz <schmitzmic@xxxxxxxxx>
Signed-off-by: Michael Schmitz <schmitzmic@xxxxxxxxx>
Signed-off-by: Finn Thain <fthain@xxxxxxxxxxxxxx>


Reviewed-by: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx>
i.e. will queue as a fix in the m68k for-v6.4 branch.

I plan to send this upstream later this week, so any additional
testing would be appreciated.

Thanks!

Gr{oetje,eeting}s,

                        Geert


--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds
[Index of Archives]     [Video for Linux]     [Yosemite News]     [Linux S/390]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux