Bug 27435 - Attach on solaris segfaults GDB
Summary: Attach on solaris segfaults GDB
Status: RESOLVED FIXED
Alias: None
Product: gdb
Classification: Unclassified
Component: gdb (show other bugs)
Version: 10.1
: P2 normal
Target Milestone: 10.2
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-02-18 16:12 UTC by Simon Marchi
Modified: 2021-11-22 06:47 UTC (History)
20 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Simon Marchi 2021-02-18 16:12:03 UTC
As reported here:

https://sourceware.org/pipermail/gdb-patches/2021-February/176202.html

Attaching on Solaris segfaults GDB since 10.1.
Comment 1 Sourceware Commits 2021-02-22 16:43:28 UTC
The master branch has been updated by Simon Marchi <simark@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=de146e1946ee45f2552c6b56714793a2eba9b823

commit de146e1946ee45f2552c6b56714793a2eba9b823
Author: Simon Marchi <simon.marchi@polymtl.ca>
Date:   Mon Feb 22 11:41:32 2021 -0500

    gdb: push target earlier in procfs_target::attach (PR 27435)
    
    Since this is a GDB 9 -> 10 regression, I would like to push it to
    gdb-10-branch.
    
    This is a follow-up to:
    
      https://sourceware.org/pipermail/gdb-patches/2021-February/176202.html
    
    This patch fixes a segfault seen when attaching to a process on Solaris.
    The steps leading to the segfault are:
    
     - procfs_target::attach calls do_attach, at this point the inferior's
       process slot in the target stack is empty.
     - do_attach adds a thread with `add_thread (&the_procfs_target, ptid)`
     - in add_thread_silent, the passed target (&the_procfs_target) is
       passed to find_inferior_ptid
     - find_inferior_ptid returns nullptr, as there is no inferior with this
       ptid that has &the_procfs_target as its process target
     - the nullptr `inf` is passed to find_thread_ptid, which dereferences
       it, causing a segfault
     - back in procfs_target::attach, after do_attach, we push the
       the_procfs_target on the inferior's target stack, although we never
       reach this because the segfault happens before.
    
    To fix this, I think we need to do the same as is done in
    inf_ptrace_target::attach: push the target early and unpush it in case
    the attach fails (and keep it if the attach succeeds).
    
    Implement it by moving target_unpush_up to target.h, so it can be
    re-used here.  Make procfs_target::attach use it.  Note that just like
    is mentioned in inf_ptrace_target::attach, we should push the target
    before calling target_pid_to_str, so that calling target_pid_to_str ends
    up in procfs_target::pid_to_str.
    
    Tested by trying to attach on a process on gcc211 on the gcc compile
    farm.
    
    gdb/ChangeLog:
    
            PR gdb/27435
            * inf-ptrace.c (struct target_unpusher): Move to target.h.
            (target_unpush_up): Likewise.
            * procfs.c (procfs_target::attach): Push target early.  Use
            target_unpush_up to unpush target in case of error.
            * target.h (struct target_unpusher): Move here.
            (target_unpush_up): Likewise.
    
    Change-Id: I88aff8b20204e1ca1d792e27ac6bc34fc1aa0d52
Comment 2 Sourceware Commits 2021-02-22 16:47:56 UTC
The gdb-10-branch branch has been updated by Simon Marchi <simark@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2907db7e77c403926b2c6556d72f2c7dd19cce01

commit 2907db7e77c403926b2c6556d72f2c7dd19cce01
Author: Simon Marchi <simon.marchi@polymtl.ca>
Date:   Mon Feb 22 11:41:32 2021 -0500

    gdb: push target earlier in procfs_target::attach (PR 27435)
    
    Since this is a GDB 9 -> 10 regression, I would like to push it to
    gdb-10-branch.
    
    This is a follow-up to:
    
      https://sourceware.org/pipermail/gdb-patches/2021-February/176202.html
    
    This patch fixes a segfault seen when attaching to a process on Solaris.
    The steps leading to the segfault are:
    
     - procfs_target::attach calls do_attach, at this point the inferior's
       process slot in the target stack is empty.
     - do_attach adds a thread with `add_thread (&the_procfs_target, ptid)`
     - in add_thread_silent, the passed target (&the_procfs_target) is
       passed to find_inferior_ptid
     - find_inferior_ptid returns nullptr, as there is no inferior with this
       ptid that has &the_procfs_target as its process target
     - the nullptr `inf` is passed to find_thread_ptid, which dereferences
       it, causing a segfault
     - back in procfs_target::attach, after do_attach, we push the
       the_procfs_target on the inferior's target stack, although we never
       reach this because the segfault happens before.
    
    To fix this, I think we need to do the same as is done in
    inf_ptrace_target::attach: push the target early and unpush it in case
    the attach fails (and keep it if the attach succeeds).
    
    Implement it by moving target_unpush_up to target.h, so it can be
    re-used here.  Make procfs_target::attach use it.  Note that just like
    is mentioned in inf_ptrace_target::attach, we should push the target
    before calling target_pid_to_str, so that calling target_pid_to_str ends
    up in procfs_target::pid_to_str.
    
    Tested by trying to attach on a process on gcc211 on the gcc compile
    farm.
    
    gdb/ChangeLog:
    
            PR gdb/27435
            * inf-ptrace.c (struct target_unpusher): Move to target.h.
            (target_unpush_up): Likewise.
            * procfs.c (procfs_target::attach): Push target early.  Use
            target_unpush_up to unpush target in case of error.
            * target.h (struct target_unpusher): Move here.
            (target_unpush_up): Likewise.
    
    Change-Id: I88aff8b20204e1ca1d792e27ac6bc34fc1aa0d52
Comment 3 Simon Marchi 2021-02-22 16:48:22 UTC
Fixed.
Comment 4 Ahmed Sayeed 2021-06-27 18:01:16 UTC Comment hidden (spam)
Comment 5 Sherry 2021-07-14 04:39:36 UTC Comment hidden (spam)
Comment 6 Richard Robinson 2021-08-09 06:18:57 UTC Comment hidden (spam)
Comment 7 Madison Wilson 2021-08-09 09:36:47 UTC Comment hidden (spam)
Comment 8 hawex77340@cnxingye.com 2021-08-09 09:48:18 UTC Comment hidden (spam)
Comment 9 james rohan 2021-09-02 11:06:22 UTC Comment hidden (spam)
Comment 10 Kim Olsun 2021-09-05 07:35:39 UTC Comment hidden (spam)
Comment 11 james robin 2021-09-06 09:08:35 UTC Comment hidden (spam)
Comment 13 Mehmet gelisin 2021-09-10 19:37:33 UTC Comment hidden (spam)
Comment 14 diheto 2021-09-22 10:20:06 UTC Comment hidden (spam)
Comment 15 Kylan 2021-09-26 13:31:36 UTC Comment hidden (spam)
Comment 16 Gulsen Engin 2021-10-09 11:00:25 UTC Comment hidden (spam)
Comment 17 svitvitraga 2021-10-09 17:52:31 UTC Comment hidden (spam)
Comment 18 ahkitchenremodel 2021-10-18 12:53:11 UTC Comment hidden (spam)
Comment 19 Canerkin 2021-10-18 19:58:14 UTC Comment hidden (spam)
Comment 20 progonsaytu 2021-10-19 07:13:56 UTC Comment hidden (spam)
Comment 21 glassmtech 2021-10-24 10:01:53 UTC Comment hidden (spam)
Comment 22 treeremovalcl1 2021-11-15 20:15:24 UTC Comment hidden (spam)
Comment 23 gexed96894 2021-11-22 06:47:55 UTC Comment hidden (spam)