Signed-off-by: Jinoh Kang jinoh.kang.kr@gmail.com --- include/winnt.h | 116 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 116 insertions(+)
diff --git a/include/winnt.h b/include/winnt.h index c80efee077d..e80c10bd49c 100644 --- a/include/winnt.h +++ b/include/winnt.h @@ -915,6 +915,122 @@ NTSYSAPI PSLIST_ENTRY WINAPI RtlInterlockedPushEntrySList(PSLIST_HEADER, PSLIST_ NTSYSAPI WORD WINAPI RtlQueryDepthSList(PSLIST_HEADER);
+/* Fast fail (__fastfail) codes */ + +#define FAST_FAIL_LEGACY_GS_VIOLATION 0 +#define FAST_FAIL_VTGUARD_CHECK_FAILURE 1 +#define FAST_FAIL_STACK_COOKIE_CHECK_FAILURE 2 +#define FAST_FAIL_CORRUPT_LIST_ENTRY 3 +#define FAST_FAIL_INCORRECT_STACK 4 +#define FAST_FAIL_INVALID_ARG 5 +#define FAST_FAIL_GS_COOKIE_INIT 6 +#define FAST_FAIL_FATAL_APP_EXIT 7 +#define FAST_FAIL_RANGE_CHECK_FAILURE 8 +#define FAST_FAIL_UNSAFE_REGISTRY_ACCESS 9 +#define FAST_FAIL_GUARD_ICALL_CHECK_FAILURE 10 +#define FAST_FAIL_GUARD_WRITE_CHECK_FAILURE 11 +#define FAST_FAIL_INVALID_FIBER_SWITCH 12 +#define FAST_FAIL_INVALID_SET_OF_CONTEXT 13 +#define FAST_FAIL_INVALID_REFERENCE_COUNT 14 +#define FAST_FAIL_INVALID_JUMP_BUFFER 18 +#define FAST_FAIL_MRDATA_MODIFIED 19 +#define FAST_FAIL_CERTIFICATION_FAILURE 20 +#define FAST_FAIL_INVALID_EXCEPTION_CHAIN 21 +#define FAST_FAIL_CRYPTO_LIBRARY 22 +#define FAST_FAIL_INVALID_CALL_IN_DLL_CALLOUT 23 +#define FAST_FAIL_INVALID_IMAGE_BASE 24 +#define FAST_FAIL_DLOAD_PROTECTION_FAILURE 25 +#define FAST_FAIL_UNSAFE_EXTENSION_CALL 26 +#define FAST_FAIL_DEPRECATED_SERVICE_INVOKED 27 +#define FAST_FAIL_INVALID_BUFFER_ACCESS 28 +#define FAST_FAIL_INVALID_BALANCED_TREE 29 +#define FAST_FAIL_INVALID_NEXT_THREAD 30 +#define FAST_FAIL_GUARD_ICALL_CHECK_SUPPRESSED 31 +#define FAST_FAIL_APCS_DISABLED 32 +#define FAST_FAIL_INVALID_IDLE_STATE 33 +#define FAST_FAIL_MRDATA_PROTECTION_FAILURE 34 +#define FAST_FAIL_UNEXPECTED_HEAP_EXCEPTION 35 +#define FAST_FAIL_INVALID_LOCK_STATE 36 +#define FAST_FAIL_GUARD_JUMPTABLE 37 +#define FAST_FAIL_INVALID_LONGJUMP_TARGET 38 +#define FAST_FAIL_INVALID_DISPATCH_CONTEXT 39 +#define FAST_FAIL_INVALID_THREAD 40 +#define FAST_FAIL_INVALID_SYSCALL_NUMBER 41 +#define FAST_FAIL_INVALID_FILE_OPERATION 42 +#define FAST_FAIL_LPAC_ACCESS_DENIED 43 +#define FAST_FAIL_GUARD_SS_FAILURE 44 +#define FAST_FAIL_LOADER_CONTINUITY_FAILURE 45 +#define FAST_FAIL_GUARD_EXPORT_SUPPRESSION_FAILURE 46 +#define FAST_FAIL_INVALID_CONTROL_STACK 47 +#define FAST_FAIL_SET_CONTEXT_DENIED 48 +#define FAST_FAIL_INVALID_IAT 49 +#define FAST_FAIL_HEAP_METADATA_CORRUPTION 50 +#define FAST_FAIL_PAYLOAD_RESTRICTION_VIOLATION 51 +#define FAST_FAIL_LOW_LABEL_ACCESS_DENIED 52 +#define FAST_FAIL_ENCLAVE_CALL_FAILURE 53 +#define FAST_FAIL_UNHANDLED_LSS_EXCEPTON 54 +#define FAST_FAIL_ADMINLESS_ACCESS_DENIED 55 +#define FAST_FAIL_UNEXPECTED_CALL 56 +#define FAST_FAIL_CONTROL_INVALID_RETURN_ADDRESS 57 +#define FAST_FAIL_UNEXPECTED_HOST_BEHAVIOR 58 +#define FAST_FAIL_FLAGS_CORRUPTION 59 +#define FAST_FAIL_VEH_CORRUPTION 60 +#define FAST_FAIL_ETW_CORRUPTION 61 +#define FAST_FAIL_RIO_ABORT 62 +#define FAST_FAIL_INVALID_PFN 63 +#define FAST_FAIL_GUARD_ICALL_CHECK_FAILURE_XFG 64 +#define FAST_FAIL_CAST_GUARD 65 +#define FAST_FAIL_HOST_VISIBILITY_CHANGE 66 +#define FAST_FAIL_KERNEL_CET_SHADOW_STACK_ASSIST 67 +#define FAST_FAIL_PATCH_CALLBACK_FAILED 68 +#define FAST_FAIL_NTDLL_PATCH_FAILED 69 +#define FAST_FAIL_INVALID_FLS_DATA 70 +#define FAST_FAIL_INVALID_FAST_FAIL_CODE 0xFFFFFFFF + +#if defined(__GNUC__) +#if defined(__x86_64__) +static FORCEINLINE DECLSPEC_NORETURN void __fastfail(unsigned int code) +{ + register ULONGLONG val __asm__("rcx") = code; + __asm__ __volatile__( "int $0x29" :: "r" (val) : "memory" ); +#if defined(__GNUC__) && ((__GNUC__ > 4) || ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 5))) + __builtin_unreachable(); +#endif +} +#elif defined(__i386__) +static FORCEINLINE DECLSPEC_NORETURN void __fastfail(unsigned int code) +{ + register ULONG val __asm__("ecx") = code; + __asm__ __volatile__( "int $0x29" :: "r" (val) : "memory" ); +#if defined(__GNUC__) && ((__GNUC__ > 4) || ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 5))) + __builtin_unreachable(); +#endif +} +#elif defined(__aarch64__) +static FORCEINLINE DECLSPEC_NORETURN void __fastfail(unsigned int code) +{ + register ULONGLONG val __asm__("x0") = code; + __asm__ __volatile__( "brk #0xf003" :: "r" (val) : "memory" ); +#if defined(__GNUC__) && ((__GNUC__ > 4) || ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 5))) + __builtin_unreachable(); +#endif +} +#elif defined(__arm__) +static FORCEINLINE DECLSPEC_NORETURN void __fastfail(unsigned int code) +{ + register ULONG val __asm__("r0") = code; + __asm__ __volatile__( "udf #0xfb" :: "r" (val) : "memory" ); +#if defined(__GNUC__) && ((__GNUC__ > 4) || ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 5))) + __builtin_unreachable(); +#endif +} +#endif /* __x86_64__ */ +#elif defined(_MSC_VER) && (_MSC_VER >= 1610) +DECLSPEC_NORETURN void __fastfail(unsigned int); +#pragma intrinsic(__fastfail) +#endif /* __GNUC__ */ + + /* Heap flags */
#define HEAP_NO_SERIALIZE 0x00000001
Signed-off-by: Jinoh Kang jinoh.kang.kr@gmail.com --- dlls/ntdll/tests/exception.c | 93 ++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+)
diff --git a/dlls/ntdll/tests/exception.c b/dlls/ntdll/tests/exception.c index 4307016f149..488a5e94729 100644 --- a/dlls/ntdll/tests/exception.c +++ b/dlls/ntdll/tests/exception.c @@ -8397,6 +8397,91 @@ static void test_ripevent(DWORD numexc) pRtlRemoveVectoredExceptionHandler(vectored_handler); }
+static void subtest_fastfail(unsigned int code) +{ + char cmdline[MAX_PATH]; + PROCESS_INFORMATION pi; + STARTUPINFOA si = { 0 }; + DEBUG_EVENT de; + DWORD continuestatus; + BOOL ret; + BOOL had_ff = FALSE, had_se = FALSE; + + sprintf(cmdline, "%s %s %s %u", my_argv[0], my_argv[1], "fastfail", code); + si.cb = sizeof(si); + ret = CreateProcessA(NULL, cmdline, NULL, NULL, FALSE, DEBUG_PROCESS, NULL, NULL, &si, &pi); + ok(ret, "could not create child process error: %u\n", GetLastError()); + if (!ret) + return; + + do + { + continuestatus = DBG_CONTINUE; + ok(WaitForDebugEvent(&de, INFINITE), "reading debug event\n"); + + if (de.dwDebugEventCode == EXCEPTION_DEBUG_EVENT) + { + if (de.u.Exception.ExceptionRecord.ExceptionCode == STATUS_STACK_BUFFER_OVERRUN) + { + ok(!de.u.Exception.dwFirstChance, "must be a second chance exception\n"); + ok(de.u.Exception.ExceptionRecord.NumberParameters == 1, "expected exactly one parameter, got %u\n", + de.u.Exception.ExceptionRecord.NumberParameters); + ok(de.u.Exception.ExceptionRecord.ExceptionInformation[0] == code, "expected %u for code, got %Iu\n", + code, de.u.Exception.ExceptionRecord.ExceptionInformation[0]); + had_ff = TRUE; + } + + if (de.u.Exception.dwFirstChance) + { + continuestatus = DBG_EXCEPTION_NOT_HANDLED; + } + else + { + had_se = TRUE; + pNtTerminateProcess(pi.hProcess, 0); + } + } + + ContinueDebugEvent(de.dwProcessId, de.dwThreadId, continuestatus); + + } while (de.dwDebugEventCode != EXIT_PROCESS_DEBUG_EVENT); + + todo_wine + ok(had_ff || broken(had_se) /* Win7 */, "fast fail did not occur\n"); + + wait_child_process( pi.hProcess ); + ret = CloseHandle(pi.hThread); + ok(ret, "error %u\n", GetLastError()); + ret = CloseHandle(pi.hProcess); + ok(ret, "error %u\n", GetLastError()); + + return; +} + +static void test_fastfail(void) +{ + unsigned int codes[] = { + FAST_FAIL_LEGACY_GS_VIOLATION, + FAST_FAIL_VTGUARD_CHECK_FAILURE, + FAST_FAIL_STACK_COOKIE_CHECK_FAILURE, + FAST_FAIL_CORRUPT_LIST_ENTRY, + FAST_FAIL_INCORRECT_STACK, + FAST_FAIL_INVALID_ARG, + FAST_FAIL_GS_COOKIE_INIT, + FAST_FAIL_FATAL_APP_EXIT, + FAST_FAIL_INVALID_FAST_FAIL_CODE, + 0xdeadbeefUL, + }; + unsigned int i; + + for (i = 0; i < ARRAY_SIZE(codes); i++) + { + winetest_push_context("__fastfail(%#x)", codes[i]); + subtest_fastfail(codes[i]); + winetest_pop_context(); + } +} + static DWORD breakpoint_exceptions;
static LONG CALLBACK breakpoint_handler(EXCEPTION_POINTERS *ExceptionInfo) @@ -10628,6 +10713,13 @@ START_TEST(exception) if (my_argc >= 4) { void *addr; + + if (strcmp(my_argv[2], "fastfail") == 0) + { + __fastfail(strtoul(my_argv[3], NULL, 0)); + return; + } + sscanf( my_argv[3], "%p", &addr );
if (addr != &test_stage) @@ -10766,6 +10858,7 @@ START_TEST(exception) test_thread_context(); test_outputdebugstring(1, FALSE); test_ripevent(1); + test_fastfail(); test_breakpoint(1); test_closehandle(0, (HANDLE)0xdeadbeef); /* Call of Duty WWII writes to BeingDebugged then closes an invalid handle,
__fastfail() is used by the Visual C++ runtime and Windows system libraries to signal that the in-process state is corrupted and unrecoverable.
If __fastfail() is invoked, the NT kernel raises a second-chance non-continuable exception STATUS_STACK_BUFFER_OVERRUN. This quickly terminates the process, bypassing all in-process exception handlers (since they all rely on the potentially corrupted process state).
Signed-off-by: Jinoh Kang jinoh.kang.kr@gmail.com ---
Notes: v3 -> v4: fix BRK #0xF003 detection on ARM64 add comments v4 -> v5: use NtRaiseException()
dlls/ntdll/tests/exception.c | 1 - dlls/ntdll/unix/signal_arm.c | 40 +++++++++++++++++++++++++++++++-- dlls/ntdll/unix/signal_arm64.c | 40 +++++++++++++++++++++++++++++++++ dlls/ntdll/unix/signal_i386.c | 38 ++++++++++++++++++++++++++++++- dlls/ntdll/unix/signal_x86_64.c | 35 +++++++++++++++++++++++++++++ 5 files changed, 150 insertions(+), 4 deletions(-)
diff --git a/dlls/ntdll/tests/exception.c b/dlls/ntdll/tests/exception.c index 488a5e94729..71d25fa3e93 100644 --- a/dlls/ntdll/tests/exception.c +++ b/dlls/ntdll/tests/exception.c @@ -8446,7 +8446,6 @@ static void subtest_fastfail(unsigned int code)
} while (de.dwDebugEventCode != EXIT_PROCESS_DEBUG_EVENT);
- todo_wine ok(had_ff || broken(had_se) /* Win7 */, "fast fail did not occur\n");
wait_child_process( pi.hProcess ); diff --git a/dlls/ntdll/unix/signal_arm.c b/dlls/ntdll/unix/signal_arm.c index a1bcb0ddd32..5d919167d0d 100644 --- a/dlls/ntdll/unix/signal_arm.c +++ b/dlls/ntdll/unix/signal_arm.c @@ -615,6 +615,32 @@ static void setup_exception( ucontext_t *sigcontext, EXCEPTION_RECORD *rec ) }
+/*********************************************************************** + * raise_second_chance_exception + * + * Raise a second chance exception. + */ +static void raise_second_chance_exception( ucontext_t *sigcontext, EXCEPTION_RECORD *rec ) +{ + CONTEXT context; + + rec->ExceptionAddress = (void *)PC_sig(sigcontext); + if (is_inside_syscall( sigcontext )) + { + /* Windows would bug check here */ + ERR("Direct second chance exception code %x flags %x addr %p (inside syscall)\n", + rec->ExceptionCode, rec->ExceptionFlags, rec->ExceptionAddress ); + NtTerminateProcess( NtCurrentProcess(), rec->ExceptionCode ); + } + else + { + save_context( &context, sigcontext ); + NtRaiseException( rec, &context, FALSE ); + restore_context( &context, sigcontext ); + } +} + + /*********************************************************************** * call_user_apc_dispatcher */ @@ -812,13 +838,23 @@ static void segv_handler( int signal, siginfo_t *siginfo, void *sigcontext ) switch (get_trap_code(signal, context)) { case TRAP_ARM_PRIVINFLT: /* Invalid opcode exception */ - if (*(WORD *)PC_sig(context) == 0xdefe) /* breakpoint */ + switch (*(WORD *)PC_sig(context)) { + case 0xdefb: /* __fastfail */ + rec.ExceptionCode = STATUS_STACK_BUFFER_OVERRUN; + rec.ExceptionFlags = EH_NONCONTINUABLE; + rec.NumberParameters = 1; + rec.ExceptionInformation[0] = REGn_sig( 0, context ); + raise_second_chance_exception( context, &rec ); + return; + case 0xdefe: /* breakpoint */ rec.ExceptionCode = EXCEPTION_BREAKPOINT; rec.NumberParameters = 1; break; + default: + rec.ExceptionCode = EXCEPTION_ILLEGAL_INSTRUCTION; + break; } - rec.ExceptionCode = EXCEPTION_ILLEGAL_INSTRUCTION; break; case TRAP_ARM_PAGEFLT: /* Page fault */ rec.NumberParameters = 2; diff --git a/dlls/ntdll/unix/signal_arm64.c b/dlls/ntdll/unix/signal_arm64.c index 94f280e218a..26910173b81 100644 --- a/dlls/ntdll/unix/signal_arm64.c +++ b/dlls/ntdll/unix/signal_arm64.c @@ -656,6 +656,32 @@ static void setup_exception( ucontext_t *sigcontext, EXCEPTION_RECORD *rec ) }
+/*********************************************************************** + * raise_second_chance_exception + * + * Raise a second chance exception. + */ +static void raise_second_chance_exception( ucontext_t *sigcontext, EXCEPTION_RECORD *rec ) +{ + CONTEXT context; + + rec->ExceptionAddress = (void *)PC_sig(sigcontext); + if (is_inside_syscall( sigcontext )) + { + /* Windows would bug check here */ + ERR("Direct second chance exception code %x flags %x addr %p (inside syscall)\n", + rec->ExceptionCode, rec->ExceptionFlags, rec->ExceptionAddress ); + NtTerminateProcess( NtCurrentProcess(), rec->ExceptionCode ); + } + else + { + save_context( &context, sigcontext ); + NtRaiseException( rec, &context, FALSE ); + restore_context( &context, sigcontext ); + } +} + + /*********************************************************************** * call_user_apc_dispatcher */ @@ -908,6 +934,7 @@ static void bus_handler( int signal, siginfo_t *siginfo, void *sigcontext ) static void trap_handler( int signal, siginfo_t *siginfo, void *sigcontext ) { EXCEPTION_RECORD rec = { 0 }; + ucontext_t *context = sigcontext;
switch (siginfo->si_code) { @@ -916,6 +943,19 @@ static void trap_handler( int signal, siginfo_t *siginfo, void *sigcontext ) break; case TRAP_BRKPT: default: + /* debug exceptions do not update ESR on Linux, so we fetch the instruction directly. */ + if (!(PSTATE_sig( context ) & 0x10) && /* AArch64 (not WoW) */ + !(PC_sig( context ) & 3) && + *(ULONG *)PC_sig( context ) == 0xd43e0060UL) /* brk #0xf003 */ + { + /* __fastfail */ + rec.ExceptionCode = STATUS_STACK_BUFFER_OVERRUN; + rec.ExceptionFlags = EH_NONCONTINUABLE; + rec.NumberParameters = 1; + rec.ExceptionInformation[0] = REGn_sig( 0, context ); + raise_second_chance_exception( context, &rec ); + return; + } rec.ExceptionCode = EXCEPTION_BREAKPOINT; rec.NumberParameters = 1; break; diff --git a/dlls/ntdll/unix/signal_i386.c b/dlls/ntdll/unix/signal_i386.c index 6bb5649e2b5..f0074216de6 100644 --- a/dlls/ntdll/unix/signal_i386.c +++ b/dlls/ntdll/unix/signal_i386.c @@ -1485,6 +1485,30 @@ static void setup_exception( ucontext_t *sigcontext, EXCEPTION_RECORD *rec ) setup_raise_exception( sigcontext, stack, rec, &xcontext ); }
+/*********************************************************************** + * raise_second_chance_exception + * + * Raise a second chance exception. + */ +static void raise_second_chance_exception( ucontext_t *sigcontext, EXCEPTION_RECORD *rec, struct xcontext *xcontext ) +{ + rec->ExceptionAddress = (void *)EIP_sig( sigcontext ); + if (is_inside_syscall( sigcontext )) + { + /* Windows would bug check here */ + WINE_ERR("Direct second chance exception code %x flags %x addr %p (inside syscall)\n", + rec->ExceptionCode, rec->ExceptionFlags, rec->ExceptionAddress ); + NtTerminateProcess( NtCurrentProcess(), rec->ExceptionCode ); + } + else + { + save_context( xcontext, sigcontext ); + NtRaiseException( rec, &xcontext->c, FALSE ); + restore_context( xcontext, sigcontext ); + } +} + + /* stack layout when calling an user apc function. * FIXME: match Windows ABI. */ struct apc_stack_layout @@ -1780,8 +1804,20 @@ static void segv_handler( int signal, siginfo_t *siginfo, void *sigcontext ) EXCEPTION_RECORD rec = { 0 }; struct xcontext xcontext; ucontext_t *ucontext = sigcontext; - void *stack = setup_exception_record( sigcontext, &rec, &xcontext ); + void *stack;
+ if (TRAP_sig(ucontext) == TRAP_x86_PROTFLT && ERROR_sig(ucontext) == ((0x29 << 3) | 2)) + { + /* __fastfail: process state is corrupted - skip setup_exception_record */ + rec.ExceptionCode = STATUS_STACK_BUFFER_OVERRUN; + rec.ExceptionFlags = EH_NONCONTINUABLE; + rec.NumberParameters = 1; + rec.ExceptionInformation[0] = ECX_sig( ucontext ); + raise_second_chance_exception( ucontext, &rec, &xcontext ); + return; + } + + stack = setup_exception_record( sigcontext, &rec, &xcontext ); switch (TRAP_sig(ucontext)) { case TRAP_x86_OFLOW: /* Overflow exception */ diff --git a/dlls/ntdll/unix/signal_x86_64.c b/dlls/ntdll/unix/signal_x86_64.c index 68e0c7ce66e..90fa04f0309 100644 --- a/dlls/ntdll/unix/signal_x86_64.c +++ b/dlls/ntdll/unix/signal_x86_64.c @@ -2198,6 +2198,30 @@ static void setup_exception( ucontext_t *sigcontext, EXCEPTION_RECORD *rec ) }
+/*********************************************************************** + * raise_second_chance_exception + * + * Raise a second chance exception. + */ +static void raise_second_chance_exception( ucontext_t *sigcontext, EXCEPTION_RECORD *rec, struct xcontext *xcontext ) +{ + rec->ExceptionAddress = (void *)RIP_sig(sigcontext); + if (is_inside_syscall( sigcontext )) + { + /* Windows would bug check here */ + ERR("Direct second chance exception code %x flags %x addr %p (inside syscall)\n", + rec->ExceptionCode, rec->ExceptionFlags, rec->ExceptionAddress ); + NtTerminateProcess( NtCurrentProcess(), rec->ExceptionCode ); + } + else + { + save_context( xcontext, sigcontext ); + NtRaiseException( rec, &xcontext->c, FALSE ); + restore_context( xcontext, sigcontext ); + } +} + + /*********************************************************************** * call_user_apc_dispatcher */ @@ -2560,6 +2584,17 @@ static void segv_handler( int signal, siginfo_t *siginfo, void *sigcontext ) struct xcontext context; ucontext_t *ucontext = sigcontext;
+ if (TRAP_sig(ucontext) == TRAP_x86_PROTFLT && ERROR_sig(ucontext) == ((0x29 << 3) | 2)) + { + /* __fastfail: process state is corrupted */ + rec.ExceptionCode = STATUS_STACK_BUFFER_OVERRUN; + rec.ExceptionFlags = EH_NONCONTINUABLE; + rec.NumberParameters = 1; + rec.ExceptionInformation[0] = RCX_sig( ucontext ); + raise_second_chance_exception( ucontext, &rec, &context ); + return; + } + rec.ExceptionAddress = (void *)RIP_sig(ucontext); save_context( &context, sigcontext );
Today, the UDF instruction handler code assumes Thumb mode code, and cannot recognise the UDF.W form or equivalent instructions in ARM mode encoding.
Fix this by generalising the UDF instruction parser code.
Signed-off-by: Jinoh Kang jinoh.kang.kr@gmail.com --- dlls/ntdll/unix/signal_arm.c | 35 ++++++++++++++++++++++++++++++++--- 1 file changed, 32 insertions(+), 3 deletions(-)
diff --git a/dlls/ntdll/unix/signal_arm.c b/dlls/ntdll/unix/signal_arm.c index 5d919167d0d..eaa41d9e139 100644 --- a/dlls/ntdll/unix/signal_arm.c +++ b/dlls/ntdll/unix/signal_arm.c @@ -360,6 +360,35 @@ static inline WORD get_error_code( const ucontext_t *sigcontext ) }
+/*********************************************************************** + * get_udf_immediate + * + * Get the immediate operand if the PC is at a UDF instruction. + */ +static inline int get_udf_immediate( const ucontext_t *sigcontext ) +{ + if (CPSR_sig(sigcontext) & 0x20) + { + WORD thumb_insn = *(WORD *)PC_sig(sigcontext); + if ((thumb_insn >> 8) == 0xde) return thumb_insn & 0xff; + if ((thumb_insn & 0xfff0) == 0xf7f0) /* udf.w */ + { + WORD ext = *(WORD *)(PC_sig(sigcontext) + 2); + if ((ext & 0xf000) == 0xa000) return ((thumb_insn & 0xf) << 12) | (ext & 0x0fff); + } + } + else + { + DWORD arm_insn = *(DWORD *)PC_sig(sigcontext); + if ((arm_insn & 0xfff000f0) == 0xe7f000f0) + { + return ((arm_insn >> 4) & 0xfff0) | (arm_insn & 0xf); + } + } + return -1; +} + + /*********************************************************************** * save_context * @@ -838,16 +867,16 @@ static void segv_handler( int signal, siginfo_t *siginfo, void *sigcontext ) switch (get_trap_code(signal, context)) { case TRAP_ARM_PRIVINFLT: /* Invalid opcode exception */ - switch (*(WORD *)PC_sig(context)) + switch (get_udf_immediate( context )) { - case 0xdefb: /* __fastfail */ + case 0xfb: /* __fastfail */ rec.ExceptionCode = STATUS_STACK_BUFFER_OVERRUN; rec.ExceptionFlags = EH_NONCONTINUABLE; rec.NumberParameters = 1; rec.ExceptionInformation[0] = REGn_sig( 0, context ); raise_second_chance_exception( context, &rec ); return; - case 0xdefe: /* breakpoint */ + case 0xfe: /* breakpoint */ rec.ExceptionCode = EXCEPTION_BREAKPOINT; rec.NumberParameters = 1; break;
Hi,
On 2022-01-19 12:06, Jinoh Kang wrote:
+#if defined(__GNUC__) +#if defined(__x86_64__) +static FORCEINLINE DECLSPEC_NORETURN void __fastfail(unsigned int code) +{
- register ULONGLONG val __asm__("rcx") = code;
- __asm__ __volatile__( "int $0x29" :: "r" (val) : "memory" );
Any reason to prefer this "manual move" into a register over specifying r/ecx as an input into the assembly block? I.e.
__asm__ __volatile__( "int $0x29" :: "c" ((ULONG_PTR)code) : "memory" );
As an added bonus, that would make the function identical between x64 and x86. (The cast to ULONG_PTR is to make the compiler aware that the upper bits of rcx _must_ be zero, rather than just letting it happen incidentally.)
Something similar might be applicable to ARM, too, but I'm not sure.
Thanks, Thomas
On 1/20/22 02:49, Thomas Faber wrote:
Hi,
On 2022-01-19 12:06, Jinoh Kang wrote:
+#if defined(__GNUC__) +#if defined(__x86_64__) +static FORCEINLINE DECLSPEC_NORETURN void __fastfail(unsigned int code) +{ + register ULONGLONG val __asm__("rcx") = code; + __asm__ __volatile__( "int $0x29" :: "r" (val) : "memory" );
Any reason to prefer this "manual move" into a register over specifying r/ecx as an input into the assembly block?
It's just a style preference, nothing much. Since now that i see other code seems to use specific-register constraints, perhaps I should follow that instead...
I.e.
__asm__ __volatile__( "int $0x29" :: "c" ((ULONG_PTR)code) : "memory" );
As an added bonus, that would make the function identical between x64 and x86. (The cast to ULONG_PTR is to make the compiler aware that the upper bits of rcx _must_ be zero, rather than just letting it happen incidentally.)
Something similar might be applicable to ARM, too, but I'm not sure.
There's no such thing as specific-register constraints in ARM/ARM64.
Thanks, Thomas