The getcontext() from the __fillcontextx() call in the
check_deferred_signal() returns twice, since handle_signal() emulates the return from the normal signal handler by sigreturn(2)ing the passed context. Second return is performed on the destroyed stack frame, because __fillcontextx() has already returned. This causes undefined and bad behaviour, usually the victim thread gets SIGSEGV. Avoid nested frame and the need to return from it by doing direct call to getcontext() in the check_deferred_signal() and using a new private libc helper __fillcontextx2() to complement the context with the extended CPU state if the deferred signal is still present. The __fillcontextx() is now unused, but is kept to allow older libthr.so to be used with the new libc. Mark __fillcontextx() as returning twice [1]. Reported by: pgj Pointy hat to: kib Discussed with: dim Tested by: pgj, dim Suggested by: jilles [1] MFC after: 1 week
This commit is contained in:
parent
ad600fe1aa
commit
55a1911ef2
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=251047
@ -57,14 +57,12 @@ __getcontextx_size(void)
|
||||
}
|
||||
|
||||
int
|
||||
__fillcontextx(char *ctx)
|
||||
__fillcontextx2(char *ctx)
|
||||
{
|
||||
struct amd64_get_xfpustate xfpu;
|
||||
ucontext_t *ucp;
|
||||
|
||||
ucp = (ucontext_t *)ctx;
|
||||
if (getcontext(ucp) == -1)
|
||||
return (-1);
|
||||
if (xstate_sz != 0) {
|
||||
xfpu.addr = (char *)(ucp + 1);
|
||||
xfpu.len = xstate_sz;
|
||||
@ -80,6 +78,18 @@ __fillcontextx(char *ctx)
|
||||
return (0);
|
||||
}
|
||||
|
||||
int
|
||||
__fillcontextx(char *ctx)
|
||||
{
|
||||
ucontext_t *ucp;
|
||||
|
||||
ucp = (ucontext_t *)ctx;
|
||||
if (getcontext(ucp) == -1)
|
||||
return (-1);
|
||||
__fillcontextx2(ctx);
|
||||
return (0);
|
||||
}
|
||||
|
||||
__weak_reference(__getcontextx, getcontextx);
|
||||
|
||||
ucontext_t *
|
||||
|
@ -39,6 +39,13 @@ __getcontextx_size(void)
|
||||
return (sizeof(ucontext_t));
|
||||
}
|
||||
|
||||
int
|
||||
__fillcontextx2(char *ctx)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
int
|
||||
__fillcontextx(char *ctx)
|
||||
{
|
||||
|
@ -529,5 +529,6 @@ FBSDprivate_1.0 {
|
||||
__elf_aux_vector;
|
||||
__pthread_map_stacks_exec;
|
||||
__fillcontextx;
|
||||
__fillcontextx2;
|
||||
__getcontextx_size;
|
||||
};
|
||||
|
@ -89,14 +89,12 @@ __getcontextx_size(void)
|
||||
}
|
||||
|
||||
int
|
||||
__fillcontextx(char *ctx)
|
||||
__fillcontextx2(char *ctx)
|
||||
{
|
||||
struct i386_get_xfpustate xfpu;
|
||||
ucontext_t *ucp;
|
||||
|
||||
ucp = (ucontext_t *)ctx;
|
||||
if (getcontext(ucp) == -1)
|
||||
return (-1);
|
||||
if (xstate_sz != 0) {
|
||||
xfpu.addr = (char *)(ucp + 1);
|
||||
xfpu.len = xstate_sz;
|
||||
@ -112,6 +110,18 @@ __fillcontextx(char *ctx)
|
||||
return (0);
|
||||
}
|
||||
|
||||
int
|
||||
__fillcontextx(char *ctx)
|
||||
{
|
||||
ucontext_t *ucp;
|
||||
|
||||
ucp = (ucontext_t *)ctx;
|
||||
if (getcontext(ucp) == -1)
|
||||
return (-1);
|
||||
__fillcontextx2(ctx);
|
||||
return (0);
|
||||
}
|
||||
|
||||
__weak_reference(__getcontextx, getcontextx);
|
||||
|
||||
ucontext_t *
|
||||
|
@ -39,6 +39,13 @@ __getcontextx_size(void)
|
||||
return (sizeof(ucontext_t));
|
||||
}
|
||||
|
||||
int
|
||||
__fillcontextx2(char *ctx)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
int
|
||||
__fillcontextx(char *ctx)
|
||||
{
|
||||
|
@ -39,6 +39,13 @@ __getcontextx_size(void)
|
||||
return (sizeof(ucontext_t));
|
||||
}
|
||||
|
||||
int
|
||||
__fillcontextx2(char *ctx)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
int
|
||||
__fillcontextx(char *ctx)
|
||||
{
|
||||
|
@ -39,6 +39,13 @@ __getcontextx_size(void)
|
||||
return (sizeof(ucontext_t));
|
||||
}
|
||||
|
||||
int
|
||||
__fillcontextx2(char *ctx)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
int
|
||||
__fillcontextx(char *ctx)
|
||||
{
|
||||
|
@ -39,6 +39,13 @@ __getcontextx_size(void)
|
||||
return (sizeof(ucontext_t));
|
||||
}
|
||||
|
||||
int
|
||||
__fillcontextx2(char *ctx)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
int
|
||||
__fillcontextx(char *ctx)
|
||||
{
|
||||
|
@ -39,6 +39,13 @@ __getcontextx_size(void)
|
||||
return (sizeof(ucontext_t));
|
||||
}
|
||||
|
||||
int
|
||||
__fillcontextx2(char *ctx)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
int
|
||||
__fillcontextx(char *ctx)
|
||||
{
|
||||
|
@ -323,8 +323,13 @@ check_deferred_signal(struct pthread *curthread)
|
||||
return;
|
||||
|
||||
#if defined(__amd64__) || defined(__i386__)
|
||||
uc = alloca(__getcontextx_size());
|
||||
__fillcontextx((char *)uc);
|
||||
int uc_len;
|
||||
uc_len = __getcontextx_size();
|
||||
uc = alloca(uc_len);
|
||||
getcontext(uc);
|
||||
if (curthread->deferred_siginfo.si_signo == 0)
|
||||
return;
|
||||
__fillcontextx2((char *)uc);
|
||||
#else
|
||||
ucontext_t ucv;
|
||||
uc = &ucv;
|
||||
|
@ -80,7 +80,8 @@ int swapcontext(ucontext_t *, const ucontext_t *);
|
||||
|
||||
#if __BSD_VISIBLE
|
||||
int __getcontextx_size(void);
|
||||
int __fillcontextx(char *ctx);
|
||||
int __fillcontextx(char *ctx) __returns_twice;
|
||||
int __fillcontextx2(char *ctx);
|
||||
#endif
|
||||
|
||||
__END_DECLS
|
||||
|
Loading…
Reference in New Issue
Block a user