This patch clears up the wording of the first part of the BUGS section
of the sigaction.2 man page.
Currently, it is very unclear when exactly the bug can occur, and
there is no example, which I aim to fix.
I also attach the source code of a C program that, when run on an x86
Linux computer, shows that my example behaves like I say it does. The
code runs the int instruction for each value from 0 to 255 with all
registers set to 0 to show what is contained in the siginfo_t returned
to the signal handler afterwards.
The program is based on the attachment to bug 205831 on the kernel
Bugzilla, which first dealt with this issue, you can find that bug
report here: https://bugzilla.kernel.org/show_bug.cgi?id=205831. The
text of my contribution is also partially based on the BUGS section of
the signal.2 man page.
Signed-off-by: Mikołaj Kołek <kolek.mikolaj@xxxxxxxxx>
---
man/man2/sigaction.2 | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/man/man2/sigaction.2 b/man/man2/sigaction.2
index df8826e71..2b797355b 100644
--- a/man/man2/sigaction.2
+++ b/man/man2/sigaction.2
@@ -1129,13 +1129,29 @@ .SS Undocumented
See the relevant Linux kernel sources for details.
This use is obsolete now.
.SH BUGS
-When delivering a signal with a
+When delivering a signal resulting from a hardware exception with a
.B SA_SIGINFO
handler,
the kernel does not always provide meaningful values
for all of the fields of the
.I siginfo_t
that are relevant for that signal.
+For example, when the x86
+.I int
+instruction is called with a forbidden argument
+(any number other than 3 or 128), a
+.BR SIGSEGV
+signal is delivered, but the
+.I siginfo_t
+passed to the signal handler has all its fields besides
+.I si_signo
+and
+.I si_code
+set to zero, even if other fields should be set (as an example,
+.I si_addr
+should be non-zero for all
+.BR SIGSEGV
+signals).
.P
Up to and including Linux 2.6.13, specifying
.B SA_NODEFER
--
2.46.0
#define CR "\n\t"
#define _GNU_SOURCE 1
#include <signal.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <ucontext.h>
#include <unistd.h>
struct sigdata {
int sig;
uintptr_t pc;
};
static struct sigdata results;
static siginfo_t siginfo;
void handler(int s, siginfo_t *si, void *v) {
ucontext_t *uc = (ucontext_t*) v;
const uint8_t *pc = (const uint8_t*) uc->uc_mcontext.gregs[REG_RIP];
results.sig = s;
results.pc = (uintptr_t) uc->uc_mcontext.gregs[REG_RIP];
siginfo = *si;
//skip the faulting instruction
if(*pc == 0xCC || *pc == 0xF1)
uc->uc_mcontext.gregs[REG_RIP] += 1;
else if(*pc == 0xCD)
uc->uc_mcontext.gregs[REG_RIP] += 2;
else
; //assume the PC has already been advanced over the fault
}
static __attribute__((noinline)) void trap(unsigned char trapno) {
unsigned int dummy;
asm volatile(
"leaq 1f(%%rip), %%rcx"
CR "addq %%rcx, %%rax"
CR "xor %%rbx, %%rbx"
CR "xor %%rcx, %%rcx"
CR "xor %%rdx, %%rdx"
CR "xor %%rsi, %%rsi"
CR "xor %%rdi, %%rdi"
CR "xor %%rbp, %%rbp"
CR "xor %%r8, %%r8"
CR "xor %%r9, %%r8"
CR "xor %%r10, %%r10"
CR "xor %%r11, %%r11"
CR "xor %%r12, %%r12"
CR "xor %%r13, %%r13"
CR "xor %%r14, %%r14"
CR "xor %%r15, %%r15"
CR "call *%%rax"
CR "jmp 2f"
CR ".p2align 3"
"\n1:"
CR ".irp i,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15"
CR ".irp j,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15"
CR "xor %%rax, %%rax"
CR ".byte 0xCD,(\\i*16 + \\j)"
CR "ret"
CR ".p2align 3"
CR ".endr"
CR ".endr"
"\n2:"
:
: "a" (trapno * 8)
: "rbx", "rcx", "rdx", "rsi", "rdi",
"r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15"
);
}
int main() {
struct sigaction sa = { 0 };
sa.sa_sigaction = &handler;
sa.sa_flags = SA_SIGINFO | SA_RESTART;
sigaction(SIGBUS, &sa, 0);
sigaction(SIGFPE, &sa, 0);
sigaction(SIGILL, &sa, 0);
sigaction(SIGSEGV, &sa, 0);
sigaction(SIGSYS, &sa, 0);
sigaction(SIGTRAP, &sa, 0);
for(int i = 0; i < 256; i++) {
trap(i);
printf("int $0x%02x: sig=%2d code=%04x addr=%016lx pc=%016lx\n",
i,
results.sig,
siginfo.si_code,
(uintptr_t) siginfo.si_addr,
results.pc
);
}
return 0;
}
