From: Simon Marchi <simon.marchi@polymtl.ca>
To: Tom Tromey <tom@tromey.com>,
Simon Marchi via Gdb-patches <gdb-patches@sourceware.org>
Cc: Bruno Larsen <blarsen@redhat.com>
Subject: Re: [PATCH 2/7] gdb: add prepare_reinflate/reinflate around print_frame_args in info_frame_command_core
Date: Tue, 8 Nov 2022 14:55:33 -0500 [thread overview]
Message-ID: <756b070d-467d-b735-cfd0-8c57bae94a72@polymtl.ca> (raw)
In-Reply-To: <875yfp44nr.fsf@tromey.com>
On 11/8/22 14:39, Tom Tromey wrote:
>>>>>> "Simon" == Simon Marchi via Gdb-patches <gdb-patches@sourceware.org> writes:
>
> Simon> But this shows how the current frame_info_ptr is error-prone: you have
> Simon> two know which functions can, deep down their call tree, reinit the
> Simon> frame cache. And all their callers that have a frame_info_ptr object,
> Simon> recursively, must explicitly do prepare_reinflate / reinflate to protect
> Simon> themselves against their frame_info object being invalidated. It's very
> Simon> easy to forget some spots.
>
> Yeah. This problem already existed, and the rationale behind
> frame_info_ptr wasn't to fix it, but rather to expose it when it happens
> -- by crashing rather than allowing a UAF.
>
> Simon> I'm currently working on making frame_info_ptr work automatically,
> Simon> meaning it would grab the wrapped frame id automatically on
> Simon> construction, and reinflate the frame automatically if needed
>
> We tried this a bit, but the problem we hit was that computing the
> frame id require unwinding a bit, and since the code generally uses
> frame_info_ptr everywhere, gdb would end up unwinding everything.
With the final patch of this series ("gdb: add special handling for
frame level 0 in frame_info_ptr"), frame_info_ptr won't compute frame
0's frame id in order to prepare_reinflate or reinflate, so won't cause
extra unwinding. For other frames, the frame id is already computed
when the frame is created, so frame_info_ptr won't cause any more
unwinding that already happens by creating the frame_info objects.
With my prototype that grabs the frame id in frame_info_ptr's
constructor (except for frame 0), it requires that for the frame id to
be computed already. This means that the code paths involved in
computing the frame id wouldn't use frame_info_ptr anymore. So, for
instance, I would revert frame_this_id_ftype to take a plain
`frame_info *` (and that leads to pretty much the whole struct
frame_unwind API to go back to `frame_info *`. The point being that as
long as a frame doesn't have a computed id, it is not reinflatable
anyway. And this is not really the kind of spot that is at risk of
using a stale frame_info.
However, if we really want to keep using frame_info_ptr everywhere (even
in things like frame_this_id_ftype, just to be extra safe), then perhaps
we can have two classes. One that would provide the protection against
stale frame_info objects, which could be used everywhere, and one that
would do that + automatic reinflation.
Simon
next prev parent reply other threads:[~2022-11-08 19:55 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-07 15:53 [PATCH 1/7] gdb: clear other.m_cached_id in frame_info_ptr's move ctor Simon Marchi
2022-11-07 15:53 ` [PATCH 2/7] gdb: add prepare_reinflate/reinflate around print_frame_args in info_frame_command_core Simon Marchi
2022-11-08 9:32 ` Bruno Larsen
2022-11-08 15:55 ` Simon Marchi
2022-11-08 19:39 ` Tom Tromey
2022-11-08 19:55 ` Simon Marchi [this message]
2022-11-07 15:53 ` [PATCH 3/7] gdb: move frame_info_ptr method implementations to frame-info.c Simon Marchi
2022-11-08 9:55 ` Bruno Larsen
2022-11-08 17:39 ` Tom Tromey
2022-11-07 15:53 ` [PATCH 4/7] gdb: remove manual frame_info reinflation code in backtrace_command_1 Simon Marchi
2022-11-08 10:14 ` Bruno Larsen
2022-11-08 16:05 ` Simon Marchi
2022-11-07 15:53 ` [PATCH 5/7] gdb: use frame_id_p instead of comparing to null_frame_id in frame_info_ptr::reinflate Simon Marchi
2022-11-08 17:43 ` Tom Tromey
2022-11-07 15:53 ` [PATCH 6/7] gdb: add missing prepare_reinflate call in print_frame_info Simon Marchi
2022-11-08 10:28 ` Bruno Larsen
2022-11-08 11:31 ` Lancelot SIX
2022-11-08 16:08 ` Simon Marchi
2022-11-07 15:53 ` [PATCH 7/7] gdb: add special handling for frame level 0 in frame_info_ptr Simon Marchi
2022-11-08 10:40 ` Bruno Larsen
2022-11-08 16:19 ` Simon Marchi
2022-11-10 16:28 ` Bruno Larsen
2022-11-10 16:30 ` Simon Marchi
2022-11-08 8:53 ` [PATCH 1/7] gdb: clear other.m_cached_id in frame_info_ptr's move ctor Bruno Larsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=756b070d-467d-b735-cfd0-8c57bae94a72@polymtl.ca \
--to=simon.marchi@polymtl.ca \
--cc=blarsen@redhat.com \
--cc=gdb-patches@sourceware.org \
--cc=tom@tromey.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).