On 6/17/19 9:18 AM, Alex Bennée wrote:
>
> Richard Henderson <richard.hender...@linaro.org> writes:
>
>> Check page flags before letting an invalid pc cause a SIGSEGV.
>>
>> Prepare for eventially validating PROT_EXEC. The current wrinkle being
>> that we have a problem with our implementation of signals. We should
>> be using a vdso like the kernel, but we instead put the trampoline on
>> the stack. In the meantime, let PROT_READ match PROT_EXEC.
>
> We can come up with a test case for this right? Would it be triggered by
> having:
>
> __attribute__((aligned(PAGE_SIZE)))
> void some_func(void) {
> /* does something */
> }
>
> __attribute__((aligned(PAGE_SIZE)))
> ... rest of code ...
>
> main () {
> mmap(&some_func, PAGE_SIZE, PROT_READ, MAP_ANONYMOUS, 0, 0);
> some_func()
> /* causes SEGV */
> mmap(&some_func, PAGE_SIZE, PROT_READ|PROT_EXEC, MAP_ANONYMOUS, 0, 0);
> some_func()
> /* works */
> }
>
> Or is it trickier to mess with your own mapped memory?
It's trickier than that, but I do have a simple test case.
https://bugs.launchpad.net/qemu/+bug/1832916
But fixing that, as I mention above, makes signal trampolines fail.
Or did you mean for Christophe's failure? That's easier -- just make a NULL
function call.
r~
