From owner-svn-src-all@FreeBSD.ORG  Tue May 28 04:54:19 2013
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 67F4E3CF;
 Tue, 28 May 2013 04:54:19 +0000 (UTC) (envelope-from kib@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 by mx1.freebsd.org (Postfix) with ESMTP id 49B627FB;
 Tue, 28 May 2013 04:54:19 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.6/8.14.6) with ESMTP id r4S4sJkA014292;
 Tue, 28 May 2013 04:54:19 GMT (envelope-from kib@svn.freebsd.org)
Received: (from kib@localhost)
 by svn.freebsd.org (8.14.6/8.14.5/Submit) id r4S4sHHn014272;
 Tue, 28 May 2013 04:54:17 GMT (envelope-from kib@svn.freebsd.org)
Message-Id: <201305280454.r4S4sHHn014272@svn.freebsd.org>
From: Konstantin Belousov <kib@FreeBSD.org>
Date: Tue, 28 May 2013 04:54:17 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r251047 - in head: lib/libc/amd64/gen lib/libc/arm/gen
 lib/libc/gen lib/libc/i386/gen lib/libc/ia64/gen lib/libc/mips/gen
 lib/libc/powerpc/gen lib/libc/powerpc64/gen lib/libc/sparc64/ge...
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 May 2013 04:54:19 -0000

Author: kib
Date: Tue May 28 04:54:16 2013
New Revision: 251047
URL: http://svnweb.freebsd.org/changeset/base/251047

Log:
  The getcontext() from the __fillcontextx() call in the
  check_deferred_signal() returns twice, since handle_signal() emulates
  the return from the normal signal handler by sigreturn(2)ing the
  passed context.  Second return is performed on the destroyed stack
  frame, because __fillcontextx() has already returned.  This causes
  undefined and bad behaviour, usually the victim thread gets SIGSEGV.
  
  Avoid nested frame and the need to return from it by doing direct call
  to getcontext() in the check_deferred_signal() and using a new private
  libc helper __fillcontextx2() to complement the context with the
  extended CPU state if the deferred signal is still present.
  
  The __fillcontextx() is now unused, but is kept to allow older
  libthr.so to be used with the new libc.
  
  Mark __fillcontextx() as returning twice [1].
  
  Reported by:	pgj
  Pointy hat to:	kib
  Discussed with:	dim
  Tested by:	pgj, dim
  Suggested by:	jilles [1]
  MFC after:	1 week

Modified:
  head/lib/libc/amd64/gen/getcontextx.c
  head/lib/libc/arm/gen/getcontextx.c
  head/lib/libc/gen/Symbol.map
  head/lib/libc/i386/gen/getcontextx.c
  head/lib/libc/ia64/gen/getcontextx.c
  head/lib/libc/mips/gen/getcontextx.c
  head/lib/libc/powerpc/gen/getcontextx.c
  head/lib/libc/powerpc64/gen/getcontextx.c
  head/lib/libc/sparc64/gen/getcontextx.c
  head/lib/libthr/thread/thr_sig.c
  head/sys/sys/ucontext.h

Modified: head/lib/libc/amd64/gen/getcontextx.c
==============================================================================
--- head/lib/libc/amd64/gen/getcontextx.c	Mon May 27 22:45:05 2013	(r251046)
+++ head/lib/libc/amd64/gen/getcontextx.c	Tue May 28 04:54:16 2013	(r251047)
@@ -57,14 +57,12 @@ __getcontextx_size(void)
 }
 
 int
-__fillcontextx(char *ctx)
+__fillcontextx2(char *ctx)
 {
 	struct amd64_get_xfpustate xfpu;
 	ucontext_t *ucp;
 
 	ucp = (ucontext_t *)ctx;
-	if (getcontext(ucp) == -1)
-		return (-1);
 	if (xstate_sz != 0) {
 		xfpu.addr = (char *)(ucp + 1);
 		xfpu.len = xstate_sz;
@@ -80,6 +78,18 @@ __fillcontextx(char *ctx)
 	return (0);
 }
 
+int
+__fillcontextx(char *ctx)
+{
+	ucontext_t *ucp;
+
+	ucp = (ucontext_t *)ctx;
+	if (getcontext(ucp) == -1)
+		return (-1);
+	__fillcontextx2(ctx);
+	return (0);
+}
+
 __weak_reference(__getcontextx, getcontextx);
 
 ucontext_t *

Modified: head/lib/libc/arm/gen/getcontextx.c
==============================================================================
--- head/lib/libc/arm/gen/getcontextx.c	Mon May 27 22:45:05 2013	(r251046)
+++ head/lib/libc/arm/gen/getcontextx.c	Tue May 28 04:54:16 2013	(r251047)
@@ -40,6 +40,13 @@ __getcontextx_size(void)
 }
 
 int
+__fillcontextx2(char *ctx)
+{
+
+	return (0);
+}
+
+int
 __fillcontextx(char *ctx)
 {
 	ucontext_t *ucp;

Modified: head/lib/libc/gen/Symbol.map
==============================================================================
--- head/lib/libc/gen/Symbol.map	Mon May 27 22:45:05 2013	(r251046)
+++ head/lib/libc/gen/Symbol.map	Tue May 28 04:54:16 2013	(r251047)
@@ -529,5 +529,6 @@ FBSDprivate_1.0 {
 	__elf_aux_vector;
 	__pthread_map_stacks_exec;
 	__fillcontextx;
+	__fillcontextx2;
 	__getcontextx_size;
 };

Modified: head/lib/libc/i386/gen/getcontextx.c
==============================================================================
--- head/lib/libc/i386/gen/getcontextx.c	Mon May 27 22:45:05 2013	(r251046)
+++ head/lib/libc/i386/gen/getcontextx.c	Tue May 28 04:54:16 2013	(r251047)
@@ -89,14 +89,12 @@ __getcontextx_size(void)
 }
 
 int
-__fillcontextx(char *ctx)
+__fillcontextx2(char *ctx)
 {
 	struct i386_get_xfpustate xfpu;
 	ucontext_t *ucp;
 
 	ucp = (ucontext_t *)ctx;
-	if (getcontext(ucp) == -1)
-		return (-1);
 	if (xstate_sz != 0) {
 		xfpu.addr = (char *)(ucp + 1);
 		xfpu.len = xstate_sz;
@@ -112,6 +110,18 @@ __fillcontextx(char *ctx)
 	return (0);
 }
 
+int
+__fillcontextx(char *ctx)
+{
+	ucontext_t *ucp;
+
+	ucp = (ucontext_t *)ctx;
+	if (getcontext(ucp) == -1)
+		return (-1);
+	__fillcontextx2(ctx);
+	return (0);
+}
+
 __weak_reference(__getcontextx, getcontextx);
 
 ucontext_t *

Modified: head/lib/libc/ia64/gen/getcontextx.c
==============================================================================
--- head/lib/libc/ia64/gen/getcontextx.c	Mon May 27 22:45:05 2013	(r251046)
+++ head/lib/libc/ia64/gen/getcontextx.c	Tue May 28 04:54:16 2013	(r251047)
@@ -40,6 +40,13 @@ __getcontextx_size(void)
 }
 
 int
+__fillcontextx2(char *ctx)
+{
+
+	return (0);
+}
+
+int
 __fillcontextx(char *ctx)
 {
 	ucontext_t *ucp;

Modified: head/lib/libc/mips/gen/getcontextx.c
==============================================================================
--- head/lib/libc/mips/gen/getcontextx.c	Mon May 27 22:45:05 2013	(r251046)
+++ head/lib/libc/mips/gen/getcontextx.c	Tue May 28 04:54:16 2013	(r251047)
@@ -40,6 +40,13 @@ __getcontextx_size(void)
 }
 
 int
+__fillcontextx2(char *ctx)
+{
+
+	return (0);
+}
+
+int
 __fillcontextx(char *ctx)
 {
 	ucontext_t *ucp;

Modified: head/lib/libc/powerpc/gen/getcontextx.c
==============================================================================
--- head/lib/libc/powerpc/gen/getcontextx.c	Mon May 27 22:45:05 2013	(r251046)
+++ head/lib/libc/powerpc/gen/getcontextx.c	Tue May 28 04:54:16 2013	(r251047)
@@ -40,6 +40,13 @@ __getcontextx_size(void)
 }
 
 int
+__fillcontextx2(char *ctx)
+{
+
+	return (0);
+}
+
+int
 __fillcontextx(char *ctx)
 {
 	ucontext_t *ucp;

Modified: head/lib/libc/powerpc64/gen/getcontextx.c
==============================================================================
--- head/lib/libc/powerpc64/gen/getcontextx.c	Mon May 27 22:45:05 2013	(r251046)
+++ head/lib/libc/powerpc64/gen/getcontextx.c	Tue May 28 04:54:16 2013	(r251047)
@@ -40,6 +40,13 @@ __getcontextx_size(void)
 }
 
 int
+__fillcontextx2(char *ctx)
+{
+
+	return (0);
+}
+
+int
 __fillcontextx(char *ctx)
 {
 	ucontext_t *ucp;

Modified: head/lib/libc/sparc64/gen/getcontextx.c
==============================================================================
--- head/lib/libc/sparc64/gen/getcontextx.c	Mon May 27 22:45:05 2013	(r251046)
+++ head/lib/libc/sparc64/gen/getcontextx.c	Tue May 28 04:54:16 2013	(r251047)
@@ -40,6 +40,13 @@ __getcontextx_size(void)
 }
 
 int
+__fillcontextx2(char *ctx)
+{
+
+	return (0);
+}
+
+int
 __fillcontextx(char *ctx)
 {
 	ucontext_t *ucp;

Modified: head/lib/libthr/thread/thr_sig.c
==============================================================================
--- head/lib/libthr/thread/thr_sig.c	Mon May 27 22:45:05 2013	(r251046)
+++ head/lib/libthr/thread/thr_sig.c	Tue May 28 04:54:16 2013	(r251047)
@@ -323,8 +323,13 @@ check_deferred_signal(struct pthread *cu
 		return;
 
 #if defined(__amd64__) || defined(__i386__)
-	uc = alloca(__getcontextx_size());
-	__fillcontextx((char *)uc);
+	int uc_len;
+	uc_len = __getcontextx_size();
+	uc = alloca(uc_len);
+	getcontext(uc);
+	if (curthread->deferred_siginfo.si_signo == 0)
+		return;
+	__fillcontextx2((char *)uc);
 #else
 	ucontext_t ucv;
 	uc = &ucv;

Modified: head/sys/sys/ucontext.h
==============================================================================
--- head/sys/sys/ucontext.h	Mon May 27 22:45:05 2013	(r251046)
+++ head/sys/sys/ucontext.h	Tue May 28 04:54:16 2013	(r251047)
@@ -80,7 +80,8 @@ int	swapcontext(ucontext_t *, const ucon
 
 #if __BSD_VISIBLE
 int __getcontextx_size(void);
-int __fillcontextx(char *ctx);
+int __fillcontextx(char *ctx) __returns_twice;
+int __fillcontextx2(char *ctx);
 #endif
 
 __END_DECLS