内存访问错误sys_rt_sigaction(信号处理程序)

在这篇“ 接口Linux信号”文章之后,我一直试图sys_rt_sigaction在 。使用 函数时, 有效。 *sigaction

sys_rt_sigaction通话有什么问题?

回答:

#include<signal.h>

#include<stdio.h>

#include<time.h>

void handler(int){printf("handler\n");}

void restorer(){asm volatile("mov $15,%%rax\nsyscall":::"rax");}

struct sigaction act{handler};

timespec ts{10,0};

int main(){

act.sa_flags=0x04000000;

act.sa_restorer=&restorer;

//*

asm volatile("\

mov $13,%%rax\n\

mov %0,%%rdi\n\

mov %1,%%rsi\n\

mov %2,%%rdx\n\

mov $8,%%r10\n\

syscall\n\

mov %%rax,%%rdi\n\

mov $60,%%rax\n\

#syscall\n\

"::"i"(7),"p"(&act),"p"(0):"rax","rdi","rsi","rdx","r10");

/**/

/*

sigaction(7,&act,0);

/**/

nanosleep(&ts,0);

}

回答:

g++ -o bin -std=c++11

g++ -o bin -std=c++11 -no-pie

回答:

kill -7 `pidof bin`

回答:

在x86-64 linux中,必须提供a,sa_restorer而您尚未提供。

内核源码的相关部分:

            /* x86-64 should always use SA_RESTORER. */

if (ksig->ka.sa.sa_flags & SA_RESTORER) {

put_user_ex(ksig->ka.sa.sa_restorer, &frame->pretcode);

} else {

/* could use a vstub here */

err |= -EFAULT;

}

在C库包装为您完成此:

  kact.sa_flags = act->sa_flags | SA_RESTORER;

kact.sa_restorer = &restore_rt;

使用更新的代码,您确实确实有一个还原器,但是您有两个问题:它已损坏并且您将其错误传递。查看上面提到的C库源代码,您可以找到以下注释:

/* The difference here is that the sigaction structure used in the

kernel is not the same as we use in the libc. Therefore we must

translate it here. */

另外,由于函数序言,您不能将C

++函数用作恢复器。此外,printf不支持从信号处理程序进行调用(但可以在此处使用)。最后,正如大卫·沃尔弗德(David

Wohlferd)所指出的那样,您的clo语是错误的。总而言之,以下内容可能是重新设计的版本:

#include<stdio.h>

#include<unistd.h>

#include<time.h>

void handler(int){

const char msg[] = "handler\n";

write(0, msg, sizeof(msg));

}

extern "C" void restorer();

asm volatile("restorer:mov $15,%rax\nsyscall");

struct kernel_sigaction {

void (*k_sa_handler) (int);

unsigned long sa_flags;

void (*sa_restorer) (void);

unsigned long sa_mask;

};

struct kernel_sigaction act{handler};

timespec ts{10,0};

int main(){

act.sa_flags=0x04000000;

act.sa_restorer=&restorer;

asm volatile("\

mov $13,%%rax\n\

mov %0,%%rdi\n\

mov %1,%%rsi\n\

mov %2,%%rdx\n\

mov $8,%%r10\n\

syscall\n\

"::"i"(7),"p"(&act),"p"(0):"rax","rcx", "rdi","rsi","rdx","r8", "r9", "r10", "r11");

nanosleep(&ts,0);

}

它仍然很hacky,显然,您不应该这样做。

以上是 内存访问错误sys_rt_sigaction(信号处理程序) 的全部内容, 来源链接: utcz.com/qa/409798.html

回到顶部