[Bug 1918149] [NEW] qemu-user reports wrong fault_addr in signal handler

Mon, 08 Mar 2021 07:06:02 -0800 

Public bug reported:

When a SEGV signal occurs and si_addr of the info struct is nil, qemu
still tries to translate the address from host to guest
(handle_cpu_signal in accel/tcg/user-exec.c). This means, that the
actual signal handler, will receive a fault_addr that is something like
0xffffffffbf709000.

I was able to get this to happen, by branching to a non canonical address on 
aarch64.
I used 5.2 (commit: 553032db17). However, building from source, this only seems 
to happen, if I use the same configure flags as the debian build:

../configure --static --target-list=aarch64-linux-user --disable-system
--enable-trace-backends=simple --disable-linux-io-uring  --disable-pie
--extra-cflags="-fstack-protector-strong -Wformat -Werror=format-
security -Wdate-time -D_FORTIFY_SOURCE=2"  --extra-ldflags="-Wl,-z,relro
-Wl,--as-needed"

Let me know, if you need more details.

** Affects: qemu
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1918149

Title:
  qemu-user reports wrong fault_addr in signal handler

Status in QEMU:
  New

Bug description:
  When a SEGV signal occurs and si_addr of the info struct is nil, qemu
  still tries to translate the address from host to guest
  (handle_cpu_signal in accel/tcg/user-exec.c). This means, that the
  actual signal handler, will receive a fault_addr that is something
  like 0xffffffffbf709000.

  I was able to get this to happen, by branching to a non canonical address on 
aarch64.
  I used 5.2 (commit: 553032db17). However, building from source, this only 
seems to happen, if I use the same configure flags as the debian build:

  ../configure --static --target-list=aarch64-linux-user --disable-
  system --enable-trace-backends=simple --disable-linux-io-uring
  --disable-pie --extra-cflags="-fstack-protector-strong -Wformat
  -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2"  --extra-
  ldflags="-Wl,-z,relro -Wl,--as-needed"

  Let me know, if you need more details.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1918149/+subscriptions

Reply via email to