Le 21/04/12 14:50, Jean-Yves Migeon a écrit :
The machine did not drop into ddb, it simply rebooted. Unfortunately
it did not leave a core dump behind, so I don't have much to look at
just yet. When I get home later today, I will try to get more info.
BTW, this occurred while running the ATF test from a non-privileged
user, so if there's a bug lurking in these recent changes, it could be
considered to be a security vulnerability - non-priv user should not
be able to crash the box...
:)
Okay, thanks for the report. So this rules out Virtual Box, it seems to
happen on native amd64 too.
I am taking a look right now.
This seems to be a bug in the trap handling code. The signal is caught
correctly (it reaches T_ALIGNFLT|T_USER in trap()), but things blow up
just after: we end signalling the process with a SIGILL (which does not
come from trap()).
Using 32 bits compat mode (cc -m 32) also causes the crash. So something
in e_trapsignal() or userret() goes wrong. Still digging.
--
jym@
