This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH 1/2] Linux/x86: Update cancel_jmp_buf to match __jmp_buf_tag [BZ #22563]


On Mon, Dec 18, 2017 at 3:49 AM, Florian Weimer <fweimer@redhat.com> wrote:
> On 12/18/2017 12:42 PM, H.J. Lu wrote:
>>
>> We need to restore shadow stack pointer here so that we can jump back
>> to the function where __sigsetjmp  is called.
>
>
> But neither __sigsetjmp (when called the second time) nor the function that
> calls it return normally during cancellation, so it is still completely
> unclear to me what issue you are observing.
>
> Could you post a backtrace from the CET verification failure, please?
>

Here is your testcase with full debug info:

(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /export/build/gnu/glibc-cet/build-x86_64-linux/nptl/tst-foo
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.

Breakpoint 1, main () at tst-foo.c:52
52 {
(gdb) ena 2
(gdb) c
Continuing.
[Switching to LWP 18711]

Thread 2 "tst-foo" hit Breakpoint 2, __sigsetjmp () at
../sysdeps/unix/sysv/linux/x86_64/setjmp.S:26
26 ENTRY (__sigsetjmp)
(gdb) bt
#0  __sigsetjmp () at ../sysdeps/unix/sysv/linux/x86_64/setjmp.S:26
#1  0x0000000000400e15 in threadfunc (closure=<optimized out>) at tst-foo.c:44
#2  0x00007ffff7bbfcde in start_thread (arg=<optimized out>) at
pthread_create.c:463
#3  0x00007ffff78f5f73 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95
(gdb) f 1
#1  0x0000000000400e15 in threadfunc (closure=<optimized out>) at tst-foo.c:44
44   pthread_cleanup_push (handler1, NULL);

Here we call __sigsetjmp with cancel_jmp_buf.  There is a shadow stack for
the normal call stack.  We need to save shadow stack pointer so that we can
lonjmp back here later.

(gdb) dis 2
(gdb) ena 3
(gdb) c
Continuing.

Thread 2 "tst-foo" hit Breakpoint 3, __longjmp () at
../sysdeps/unix/sysv/linux/x86_64/__longjmp.S:30
30 ENTRY(__longjmp)
(gdb) bt
#0  __longjmp () at ../sysdeps/unix/sysv/linux/x86_64/__longjmp.S:30

If we don't restore shadow stack pointer, when we jump back to  tst-foo.c:45,
shadow stack won't match call stack when threadfunc () returns.

#1  0x00007ffff7837f5f in __libc_siglongjmp
(env=env@entry=0x7ffff7800ca0, val=val@entry=1) at longjmp.c:39
#2  0x00007ffff7bc899d in unwind_stop (version=<optimized out>,
actions=<optimized out>, exc_class=<optimized out>,
    exc_obj=<optimized out>, context=<optimized out>,
stop_parameter=0x7ffff7800ca0) at unwind.c:94
#3  0x00007ffff6df9b1e in _Unwind_ForcedUnwind_Phase2
(exc=exc@entry=0x7ffff7801d70,
    context=context@entry=0x7ffff7800550,
frames_p=frames_p@entry=0x7ffff7800458)
    at /export/gnu/import/git/sources/gcc/libgcc/unwind.inc:170
#4  0x00007ffff6dfa170 in _Unwind_ForcedUnwind (exc=0x7ffff7801d70,
stop=stop@entry=0x7ffff7bc88e0 <unwind_stop>,
    stop_argument=<optimized out>) at
/export/gnu/import/git/sources/gcc/libgcc/unwind.inc:217
#5  0x00007ffff7bc8a84 in __GI___pthread_unwind (buf=<optimized out>)
at unwind.c:121
#6  0x00007ffff7bbe46a in __do_cancel () at ./pthreadP.h:297
#7  sigcancel_handler (sig=<optimized out>, si=0x7ffff78007f0,
ctx=<optimized out>) at nptl-init.c:216
#8  <signal handler called>
#9  0x00007ffff7bc99b2 in __libc_pause () at
../sysdeps/unix/sysv/linux/pause.c:30
#10 0x0000000000400d95 in pausefunc () at tst-foo.c:27
#11 0x0000000000400dca in handlerfunc () at tst-foo.c:35
#12 0x0000000000400e2a in threadfunc (closure=<optimized out>) at tst-foo.c:45
#13 0x00007ffff7bbfcde in start_thread (arg=<optimized out>) at
pthread_create.c:463
#14 0x00007ffff78f5f73 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95
(gdb) f 6
#6  0x00007ffff7bbe46a in __do_cancel () at ./pthreadP.h:297
297   __pthread_unwind ((__pthread_unwind_buf_t *)
(gdb) list
292   struct pthread *self = THREAD_SELF;
293
294   /* Make sure we get no more cancellations.  */
295   THREAD_ATOMIC_BIT_SET (self, cancelhandling, EXITING_BIT);
296
297   __pthread_unwind ((__pthread_unwind_buf_t *)
298     THREAD_GETMEM (self, cleanup_jmp_buf));
299 }
300
301
(gdb)

Does it answer your question?

-- 
H.J.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]