Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

kernel: faulty userspace signal handler causes kernel to crash #1200

Open
badochov opened this issue Oct 10, 2024 · 1 comment
Open

kernel: faulty userspace signal handler causes kernel to crash #1200

badochov opened this issue Oct 10, 2024 · 1 comment
Labels
bug Something isn't working kernel

Comments

@badochov
Copy link
Contributor

This program setting signal handler to a function causing segmentation fault results in kernel crashing.

#include <sys/threads.h>


void bad(void)
{
	volatile int *oops = NULL;
	*oops = 42;
}


int main(void)
{
	signalHandle(bad, 0, 0xffffffffUL);

	bad();

	return 0;
}

Run on: armv8r52-mps3an536-qemu

Exception log

Exception: 4 #Abort
 r0=1fffff90  r1=10029ea8  r2=10029eb0  r3=10029eb0
 r4=1002a000  r5=00000110  r6=2003522d  r7=10028000
 r8=200000e8  r9=20059938 r10=00000000  fp=10029fac
 ip=00000001  sp=10029e10  lr=10002db1  pc=10000288
psr=200000ff dfs=00000a10 dfa=1fffff98 ifs=00000000
ifa=00000000

lr points to:
https://github.com/phoenix-rtos/phoenix-rtos-kernel/blob/6624da07bc3e92b83ac0124375dc83565e6516a3/hal/armv8r/cpu.c#L114

The architecture doesn't matter, the root cause is, that when kernel encounters a segmentation fault or an illegal instruction in the process it calls the process' signal handler. If the signal handler is itself faulty it causes infinite loop of putting signal context onto the process stack. After the stack is filled, and ussually all data and text is overridden, kernel tries to put signal context into unmapped memory.

@badochov badochov added bug Something isn't working kernel labels Oct 10, 2024
@badochov
Copy link
Contributor Author

badochov commented Oct 10, 2024

Probably best solution would be to introduce user stack bounds check before any interaction.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working kernel
Projects
None yet
Development

No branches or pull requests

1 participant