• Vineet Gupta's avatar
    ARCv2: STAR 9000808988: signals involving Delay Slot · 0798bebd
    Vineet Gupta authored
    [ Upstream commit 0d7b8855 ]
    
    Reported by Anton as LTP:munmap01 failing with Illegal Instruction
    Exception.
    
       --------------------->8--------------------------------------
       mmap2(NULL, 24576, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) = 0x200d2000
       munmap(0x200d2000, 24576)               = 0
       --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x200d2000}
       ---
       potentially unexpected fatal signal 4.
       Path: /munmap01
       CPU: 0 PID: 61 Comm: munmap01 Not tainted 3.13.0-g5d5c46d9a556 #8
       task: 9f1a8000 ti: 9f154000 task.ti: 9f154000
    
       [ECR   ]: 0x00020100 => Illegal Insn
       [EFA   ]: 0x0001354c
       [BLINK ]: 0x200515d4
       [ERET  ]: 0x1354c
           @off 0x1354c in [/munmap01]
           VMA: 0x00010000 to 0x00018000
       [STAT32]: 0x800802c0
       ...
       --------------------->8--------------------------------------
    
    The issue was
    1. munmap01 accessed unmapped memory (on purpose) with signal handler
       installed for SIGSEGV
    
    2. The faulting instruction happened to be in Delay Slot
       00011864 <main>:
          11908:	bl.d       13284 <tst_resm>
          1190c:	stb        r16,[r2]
    
    3. kernel sets up the reg file for signal handler and correctly clears
       the DE bit in pt_regs->status32 placeholder
    
    4. However RESTORE_CALLEE_SAVED_USER macro is not adjusted for ARCv2,
       and it over-writes the above with orig/stale value of status32
    
    5. After RTIE, userspace signal handler executes a non branch
       instruction with DE bit set, triggering Illegal Instruction Exception.
    Reported-by: default avatarAnton Kolesov <akolesov@synopsys.com>
    Signed-off-by: default avatarVineet Gupta <vgupta@synopsys.com>
    Signed-off-by: default avatarSasha Levin <alexander.levin@verizon.com>
    0798bebd
entry.h 16.3 KB