Re: [uml-user] [PATCH] remove csum_partial_copy_generic_i386 to clean up exception table

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Sat, Jun 28, 2014 at 12:06:28PM +0800, Real Name wrote:
> On Sat, Jun 21, 2014 at 03:28:52PM +0800, Real Name wrote:
> > On Thu, Jun 05, 2014 at 11:49:49PM +0200, Richard Weinberger wrote:
> > > Am 05.06.2014 06:15, schrieb Honggang Li:
> > > > arch/x86/um/checksum_32.S had been copy & paste from x86. When build
> > > > x86 uml, csum_partial_copy_generic_i386 mess up the exception table.
> > > > In fact, exception table dose not work in uml kernel.
> > > 
> > > Are you sure that exception tables do not work on UML?
> > > I said, I'm not sure. Can you please find out?
> > 
> > Hi,
> >  After traced i386 uml kernel with gdb , I'm sure exception tables 
> > do *not* work. When csum_partial_copy_generic_i386 read user space memory, 
> > an access error exception arises, however, the segv function always
> > return zero. So, the fixup nerver executed. The uml system hang (not
> > kernel panic).
> 
> The kernel hang because the SEGV signal handler can't modify the EIP
> register in signal context. 
> 
> Here is the summary why exception table dose not works for linux (>3.3):
> 1) broken exception table (706276543b699d80f546e45f8b12574e7b18d952)
> 2) arch_fixup modify the local copy of regs. 	

hi, Richard
ping? are you agree with what i said?

> > 
> > thanks.
> > 
> > > 
> > > In arch/um/kernel/trap.c:segv() we have the mechanism for it:
> > >         else if (!is_user && arch_fixup(ip, regs))
> > >                 goto out;
> 0) access invalid memory address in kernel (no mm for the address. it is
> easy to force invalid memory acess in kernel. I cast 0x1234 as a void
> pointer, and pass it to csum_partial_copy_generic_i386)
> 1) SEGV signal arise
> 1.1) hard_handler (arch/um/os-Linux/signal.c)
> The third argument of hard_handler point to signal context.
> 1.2) call sig_handler 
> 1.3) call sig_handler_common (dump the registers in signal context into
> 	local var struct uml_pt_regs r.). line 36 is the key point why
> exception table dose not works in UML.
> 
> 34         if (sig == SIGSEGV) {
> 35                 /* For segfaults, we want the data from the	sigcontext. */
> 36                 get_regs_from_mc(&r, mc);
> 37                 GET_FAULTINFO_FROM_MC(r.faultinfo, mc);
> 38         
> 
> 1.4) call segv_handler (arch/um/kernel/trap.c)
> 1.5) call segv
> 1.6) call arch_fixup (arch/x86/um/fault.c)
> 1.7) arch_fixup (UPT_IP(regs) = fixup->fixup;) set the EIP register of
> local copy uml_pt_regs
> 1.8) When function return to sig_handler, the EIP change lost
> 1.9) When hard_handler signal handler return, it restore the EIP with
> the address arise the SEGV in step 0. The fixup section never be
> executed. If exception table works, UML kernel should run fixup code in
> here.
> 
> Then repeate step 0 to 1.9, kernel hang on.
> 
> thanks
> 
> > > 
> > > The interesting question is, is this by design or was it just copy&pasted from x86
> > > many moons ago? :)
> > > 
> > > > And csum_partial_copy_generic_i386 never been called. So, delete it.
> > > 
> > > I like such clean ups. :-)
> > > 
> > > Thanks,
> > > //richard