If we get a fault in the gateway page, which would happen if we try
to deliver a signal and the RSE backing store has been exhausted or the backing store pointer has been clobbered, we need to make sure we call userret() and do_ast() when we exit from trap(). Not adjusting the local variable 'user' in this case will prevent the faulty process from being terminated and we end up in an infinite fault repetition. Faulty process provided by: bento
This commit is contained in:
parent
f283a408d2
commit
f09b81f8be
@ -699,7 +699,9 @@ trap(int vector, struct trapframe *framep)
|
||||
/*
|
||||
* Additionally check the privilege level. We don't want to
|
||||
* panic when we're in the gateway page, running at user
|
||||
* level. This happens for the signal trampolines.
|
||||
* level. This happens for the signal trampolines. Note that
|
||||
* when that happens, user is defined as 0 above. We need to
|
||||
* set user to 1 to force calling userret() and do_ast().
|
||||
*/
|
||||
if (!TRAPF_USERMODE(framep)) {
|
||||
/* Check for copyin/copyout fault. */
|
||||
@ -711,7 +713,8 @@ trap(int vector, struct trapframe *framep)
|
||||
goto out;
|
||||
}
|
||||
goto dopanic;
|
||||
}
|
||||
} else
|
||||
user = 1;
|
||||
ucode = va;
|
||||
i = (rv == KERN_PROTECTION_FAILURE) ? SIGBUS : SIGSEGV;
|
||||
break;
|
||||
|
Loading…
Reference in New Issue
Block a user