Re: [PATCH] i386 - sys_clone from vsyscall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

In-Reply-To: <[email protected]>

On Thu, 26 Jan 2006 at 15:12:08 +0000, Daniel fernandez wrote:

> > Your patch almost works but it copies the stack into the parent's address space.
> > Using access_process_vm() fixes it.  However, that still leaves unfixed the case
> > where vsyscall-int80 is used.
> 
> I copy the stack into the parent's address space becuase in this case
> the memory is shared, but  access_process_vm() is more elegant :).

My test program (below) doesn't use CLONE_VM.  With your patch the stack
data showed up only in the parent process, probably due to copy-on-write,
and the child gets SIGSEGV trying to transfer control to address 0.

> About vsyscall-int80, I don't know how to test that case in my
> computer but I think a solution could be:

I patched arch/i386/kernel/cpu/common.c to add a boot option "nox86sep"
similar to "nofxsr" and sure enough the test program dies when booting
with that option:

        $ ./test_clone2.ex
        SIGSEGV accessing 0x00000000 from EIP 0x00000000
        cloned; ret = 621

Your fix for this should work fine.

#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>

#ifdef INT80
#  define SYSCALL_STR "int $0x80\n\t"
#else
#  define SYSCALL_STR "call 0xffffe400\n\t"
#endif

#define CLONE	120
#define FLAGS	0

unsigned long child_stack[4096] __attribute__((__aligned__(4096)));
unsigned long *child_stack_ptr = &child_stack[2047];
struct sigaction sa;
int ret;

static void handler(int nr, siginfo_t *si, void *vuc)
{
	struct ucontext *uc = (struct ucontext *)vuc;
	struct sigcontext *sc = (struct sigcontext *)&uc->uc_mcontext;

	printf("SIGSEGV accessing 0x%08x from EIP 0x%08x\n",
	       (unsigned long)si->si_addr, sc->eip);

	sa.sa_handler = SIG_DFL;
	sa.sa_flags = 0;
	sigaction(SIGSEGV, &sa, NULL);
}

int main(int argc, char * const argv[])
{
	sa.sa_sigaction = handler;
	sa.sa_flags = SA_SIGINFO;
	sigaction(SIGSEGV, &sa, NULL);

	asm volatile(
		SYSCALL_STR
		: "=a"(ret)
		: "a"(CLONE), "b"(FLAGS), "c"(child_stack_ptr)
		: "memory"
	);

	printf("cloned; ret = %d\n", ret);
	_exit(0);
}
-- 
Chuck
Currently reading: _The Atrocity Archives_ by Charles Stross
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux