Public bug reported: The aarch64 vDSO __kernel_clock_gettime implementation crashes when clock_gettime is called with CLOCK_MONOTONIC_COARSE or CLOCK_REALTIME_COARSE, with a SIGSEGV or SIGBUS respectively.
In the implementation (http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/kernel/vdso/gettimeofday.S#n89) a value other than CLOCK_REALTIME or CLOCK_MONOTONIC branches past the usual "mov x2, x30" which preserves lr for return later. Anything other than CLOCK_REALTIME_COARSE and CLOCK_MONOTONIC_COARSE then branches directly to the svc call, which correctly returns to the caller. But CLOCK_REALTIME_COARSE and CLOCK_MONOTONIC_COARSE execute the special coarse path then fall through to the normal CLOCK_REALTIME/CLOCK_MONOTONIC path, which does a 'ret x2' at the end, despite not having saved x30 to x2 in the _COARSE case. So it ends up setting pc to clk_id, which is either 4 or 5, giving a translation or alignment fault. ** Affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1239109 Title: aarch64 clock_gettime with CLOCK_REALTIME_COARSE or CLOCK_MONOTONIC_COARSE fails with SIGBUS or SIGSEGV Status in “linux” package in Ubuntu: New Bug description: The aarch64 vDSO __kernel_clock_gettime implementation crashes when clock_gettime is called with CLOCK_MONOTONIC_COARSE or CLOCK_REALTIME_COARSE, with a SIGSEGV or SIGBUS respectively. In the implementation (http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/kernel/vdso/gettimeofday.S#n89) a value other than CLOCK_REALTIME or CLOCK_MONOTONIC branches past the usual "mov x2, x30" which preserves lr for return later. Anything other than CLOCK_REALTIME_COARSE and CLOCK_MONOTONIC_COARSE then branches directly to the svc call, which correctly returns to the caller. But CLOCK_REALTIME_COARSE and CLOCK_MONOTONIC_COARSE execute the special coarse path then fall through to the normal CLOCK_REALTIME/CLOCK_MONOTONIC path, which does a 'ret x2' at the end, despite not having saved x30 to x2 in the _COARSE case. So it ends up setting pc to clk_id, which is either 4 or 5, giving a translation or alignment fault. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1239109/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
