Bug 27435 - Attach on solaris segfaults GDB
Summary: Attach on solaris segfaults GDB
Status: RESOLVED FIXED
Alias: None
Product: gdb
Classification: Unclassified
Component: gdb (show other bugs)
Version: 10.1
: P2 normal
Target Milestone: 10.2
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-02-18 16:12 UTC by Simon Marchi
Modified: 2021-02-22 16:48 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Simon Marchi 2021-02-18 16:12:03 UTC
As reported here:

https://sourceware.org/pipermail/gdb-patches/2021-February/176202.html

Attaching on Solaris segfaults GDB since 10.1.
Comment 1 cvs-commit@gcc.gnu.org 2021-02-22 16:43:28 UTC
The master branch has been updated by Simon Marchi <simark@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=de146e1946ee45f2552c6b56714793a2eba9b823

commit de146e1946ee45f2552c6b56714793a2eba9b823
Author: Simon Marchi <simon.marchi@polymtl.ca>
Date:   Mon Feb 22 11:41:32 2021 -0500

    gdb: push target earlier in procfs_target::attach (PR 27435)
    
    Since this is a GDB 9 -> 10 regression, I would like to push it to
    gdb-10-branch.
    
    This is a follow-up to:
    
      https://sourceware.org/pipermail/gdb-patches/2021-February/176202.html
    
    This patch fixes a segfault seen when attaching to a process on Solaris.
    The steps leading to the segfault are:
    
     - procfs_target::attach calls do_attach, at this point the inferior's
       process slot in the target stack is empty.
     - do_attach adds a thread with `add_thread (&the_procfs_target, ptid)`
     - in add_thread_silent, the passed target (&the_procfs_target) is
       passed to find_inferior_ptid
     - find_inferior_ptid returns nullptr, as there is no inferior with this
       ptid that has &the_procfs_target as its process target
     - the nullptr `inf` is passed to find_thread_ptid, which dereferences
       it, causing a segfault
     - back in procfs_target::attach, after do_attach, we push the
       the_procfs_target on the inferior's target stack, although we never
       reach this because the segfault happens before.
    
    To fix this, I think we need to do the same as is done in
    inf_ptrace_target::attach: push the target early and unpush it in case
    the attach fails (and keep it if the attach succeeds).
    
    Implement it by moving target_unpush_up to target.h, so it can be
    re-used here.  Make procfs_target::attach use it.  Note that just like
    is mentioned in inf_ptrace_target::attach, we should push the target
    before calling target_pid_to_str, so that calling target_pid_to_str ends
    up in procfs_target::pid_to_str.
    
    Tested by trying to attach on a process on gcc211 on the gcc compile
    farm.
    
    gdb/ChangeLog:
    
            PR gdb/27435
            * inf-ptrace.c (struct target_unpusher): Move to target.h.
            (target_unpush_up): Likewise.
            * procfs.c (procfs_target::attach): Push target early.  Use
            target_unpush_up to unpush target in case of error.
            * target.h (struct target_unpusher): Move here.
            (target_unpush_up): Likewise.
    
    Change-Id: I88aff8b20204e1ca1d792e27ac6bc34fc1aa0d52
Comment 2 cvs-commit@gcc.gnu.org 2021-02-22 16:47:56 UTC
The gdb-10-branch branch has been updated by Simon Marchi <simark@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2907db7e77c403926b2c6556d72f2c7dd19cce01

commit 2907db7e77c403926b2c6556d72f2c7dd19cce01
Author: Simon Marchi <simon.marchi@polymtl.ca>
Date:   Mon Feb 22 11:41:32 2021 -0500

    gdb: push target earlier in procfs_target::attach (PR 27435)
    
    Since this is a GDB 9 -> 10 regression, I would like to push it to
    gdb-10-branch.
    
    This is a follow-up to:
    
      https://sourceware.org/pipermail/gdb-patches/2021-February/176202.html
    
    This patch fixes a segfault seen when attaching to a process on Solaris.
    The steps leading to the segfault are:
    
     - procfs_target::attach calls do_attach, at this point the inferior's
       process slot in the target stack is empty.
     - do_attach adds a thread with `add_thread (&the_procfs_target, ptid)`
     - in add_thread_silent, the passed target (&the_procfs_target) is
       passed to find_inferior_ptid
     - find_inferior_ptid returns nullptr, as there is no inferior with this
       ptid that has &the_procfs_target as its process target
     - the nullptr `inf` is passed to find_thread_ptid, which dereferences
       it, causing a segfault
     - back in procfs_target::attach, after do_attach, we push the
       the_procfs_target on the inferior's target stack, although we never
       reach this because the segfault happens before.
    
    To fix this, I think we need to do the same as is done in
    inf_ptrace_target::attach: push the target early and unpush it in case
    the attach fails (and keep it if the attach succeeds).
    
    Implement it by moving target_unpush_up to target.h, so it can be
    re-used here.  Make procfs_target::attach use it.  Note that just like
    is mentioned in inf_ptrace_target::attach, we should push the target
    before calling target_pid_to_str, so that calling target_pid_to_str ends
    up in procfs_target::pid_to_str.
    
    Tested by trying to attach on a process on gcc211 on the gcc compile
    farm.
    
    gdb/ChangeLog:
    
            PR gdb/27435
            * inf-ptrace.c (struct target_unpusher): Move to target.h.
            (target_unpush_up): Likewise.
            * procfs.c (procfs_target::attach): Push target early.  Use
            target_unpush_up to unpush target in case of error.
            * target.h (struct target_unpusher): Move here.
            (target_unpush_up): Likewise.
    
    Change-Id: I88aff8b20204e1ca1d792e27ac6bc34fc1aa0d52
Comment 3 Simon Marchi 2021-02-22 16:48:22 UTC
Fixed.