From nobody Mon May 6 03:46:22 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1523282931763112.37708480284084; Mon, 9 Apr 2018 07:08:51 -0700 (PDT) Received: from localhost ([::1]:41157 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f5XTR-0003Ci-6q for importer@patchew.org; Mon, 09 Apr 2018 10:08:45 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59654) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1f5XSA-0002QM-Hn for qemu-devel@nongnu.org; Mon, 09 Apr 2018 10:07:27 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1f5XS5-0002wn-PT for qemu-devel@nongnu.org; Mon, 09 Apr 2018 10:07:26 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:40734) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1f5XS2-0002tV-8c; Mon, 09 Apr 2018 10:07:18 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1f5XRz-0005DA-Bt; Mon, 09 Apr 2018 15:07:15 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Date: Mon, 9 Apr 2018 15:07:14 +0100 Message-Id: <20180409140714.26841-1-peter.maydell@linaro.org> X-Mailer: git-send-email 2.16.2 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PATCH for-2.12] linux-user/signal.c: Ensure AArch64 signal frame isn't too small X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Riku Voipio , Richard Henderson , Richard Henwood , patches@linaro.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" The AArch64 signal frame design was extended for SVE in commit 8c5931de0ac77388096d79ceb, so that instead of having a fixed setup we now add various records to the frame, with some of them possibly overflowing into an extra space outside the original 4K reserved block in the target_sigcontext. However, we failed to ensure that we always at least allocate the 4K reserved block. This is ABI, and some userspace programs rely on it. In particular the dash shell would segfault if the frame wasn't as big enough. (Compare the kernel's sigframe_size() function in arch/arm64/kernel/signal.c.) Reported-by: Richard Henwood Fixes: https://bugs.launchpad.net/bugs/1761535 Fixes: 8c5931de0ac77388096d79ceb Signed-off-by: Peter Maydell Reviewed-by: Laurent Vivier Reviewed-by: Richard Henderson --- linux-user/signal.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/linux-user/signal.c b/linux-user/signal.c index 046d4c8aa0..8d9e6e8410 100644 --- a/linux-user/signal.c +++ b/linux-user/signal.c @@ -1850,6 +1850,12 @@ static void target_setup_frame(int usig, struct targ= et_sigaction *ka, fr_ofs =3D layout.total_size; layout.total_size +=3D sizeof(struct target_rt_frame_record); =20 + /* We must always provide at least the standard 4K reserved space, + * even if we don't use all of it (this is part of the ABI) + */ + layout.total_size =3D MAX(layout.total_size, + sizeof(struct target_rt_sigframe)); + frame_addr =3D get_sigframe(ka, env, layout.total_size); trace_user_setup_frame(env, frame_addr); if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0)) { --=20 2.16.2