Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CRASH vsyscall hook with native thread #4663

Open
derekbruening opened this issue Jan 9, 2021 · 0 comments
Open

CRASH vsyscall hook with native thread #4663

derekbruening opened this issue Jan 9, 2021 · 0 comments
Labels
Bug-DRCrash OpSys-Linux

Comments

@derekbruening
Copy link
Contributor

My expanded api.detach_signal test for #1921 in PR #4662 uses the start/stop interface and has a thread executing system calls with SIGUSR2 blocked for a while, guaranteeing a native thread enters the vsyscall hook. That hook jumps to a thread-shared exit stub, whose first instruction spills %eax into %fs:0x0, which faults for the native thread.

The vsyscall code is about to execute 3 pops: so we could consider those
registers dead and either spill eax into one of those, or directly put the
linkstub address into one of them? Normally the stub then jumps to a
thread-shared fcache_return with more %fs refs, so we would have to
special-case things. It would be tricky to go run DR code w/o using the
app stack. Maybe we should instead have the regular stub with a prefix
that checks for the %fs selector being 0 and jumps to the displaced code if
so??
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug-DRCrash OpSys-Linux
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@derekbruening