mirror of
https://sourceware.org/git/glibc.git
synced 2024-12-01 17:30:07 +00:00
5ee506ed35
A not so recent kernel change[1] changed how the trampoline
`__kernel_sigtramp_rt64` is used to call signal handlers.
This was exposed on the test misc/tst-sigcontext-get_pc
Before kernel 5.9, the kernel set LR to the trampoline address and
jumped directly to the signal handler, and at the end the signal
handler, as any other function, would `blr` to the address set. In
other words, the trampoline was executed just at the end of the signal
handler and the only thing it did was call sigreturn. But since
kernel 5.9 the kernel set CTRL to the signal handler and calls to the
trampoline code, the trampoline then `bctrl` to the address in CTRL,
setting the LR to the next instruction in the middle of the
trampoline, when the signal handler returns, the rest of the
trampoline code executes the same code as before.
Here is the full trampoline code as of kernel 5.11.0-rc5 for
reference:
V_FUNCTION_BEGIN(__kernel_sigtramp_rt64)
.Lsigrt_start:
bctrl /* call the handler */
addi r1, r1, __SIGNAL_FRAMESIZE
li r0,__NR_rt_sigreturn
sc
.Lsigrt_end:
V_FUNCTION_END(__kernel_sigtramp_rt64)
This new behavior breaks how `backtrace()` uses to detect the
trampoline frame to correctly reconstruct the stack frame when it is
called from inside a signal handling.
This workaround rely on the fact that the trampoline code is at very
least two (maybe 3?) instructions in size (as it is in the 32 bits
version, only on `li` and `sc`), so it is safe to check the return
address be in the range __kernel_sigtramp_rt64 .. + 4.
[1] subject: powerpc/64/signal: Balance return predictor stack in signal trampoline
commit: 0138ba5783ae0dcc799ad401a1e8ac8333790df9
url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0138ba5783ae0dcc799ad401a1e8ac8333790df9
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
||
|---|---|---|
| .. | ||
| a2 | ||
| be | ||
| bits | ||
| cell | ||
| fpu | ||
| le | ||
| multiarch | ||
| power4 | ||
| power6 | ||
| power7 | ||
| power8 | ||
| __longjmp-common.S | ||
| __longjmp.S | ||
| addmul_1.S | ||
| atomic-machine.h | ||
| backtrace.c | ||
| bsd-_setjmp.S | ||
| bsd-setjmp.S | ||
| bzero.S | ||
| configure | ||
| configure.ac | ||
| crti.S | ||
| crtn.S | ||
| dl-dtprocnum.h | ||
| dl-irel.h | ||
| dl-machine.c | ||
| dl-machine.h | ||
| dl-trampoline.S | ||
| entry.h | ||
| ffsll.c | ||
| hp-timing.h | ||
| Implies | ||
| lshift.S | ||
| Makefile | ||
| memcpy.S | ||
| memset.S | ||
| mul_1.S | ||
| ppc-mcount.S | ||
| register-dump.h | ||
| rtld-memset.c | ||
| setjmp-bug21895.c | ||
| setjmp-common.S | ||
| setjmp.S | ||
| stackguard-macros.h | ||
| start.S | ||
| strchr.S | ||
| strcmp.S | ||
| strlen.S | ||
| strncmp.S | ||
| submul_1.S | ||
| sysdep.h | ||
| tls-macros.h | ||
| tst-audit.h | ||
| tst-setjmp-bug21895-static.c | ||
| tst-ucontext-ppc64-vscr.c | ||