From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on2070.outbound.protection.outlook.com [40.107.15.70]) by sourceware.org (Postfix) with ESMTPS id 616973858CDB for ; Mon, 5 Feb 2024 08:35:10 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 616973858CDB Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 616973858CDB Authentication-Results: server2.sourceware.org; arc=pass smtp.remote-ip=40.107.15.70 ARC-Seal: i=3; a=rsa-sha256; d=sourceware.org; s=key; t=1707122118; cv=pass; b=Us9NTGIAZeiXDvuIOIxeZKeyqextuYvqNd8mJ7jsfqSXiPo9403Z+xXJSeNQD2nB1oPGOetWjR3bfplI5xgZktq8Q6AsTPTA7+Noff50u3EbHTFf5NIhqbFrjv9w+VQtzhgluIIL1oCWkJT9WgQFpRbFlm3fubsA3qGhjX5kVbs= ARC-Message-Signature: i=3; a=rsa-sha256; d=sourceware.org; s=key; t=1707122118; c=relaxed/simple; bh=QSFWamphS1bo3nw8i1AAzUKs9w5f0gw69O5tf49qBy0=; h=DKIM-Signature:DKIM-Signature:Message-ID:Date:Subject:To:From: MIME-Version; b=YwnT1m2N+V0bJIXf9HvPPiI3x/DkA36AUolgQpkoo4tacAYTvtCbXbxaA4zeziGmqwvWZNd5/4IqWbsUvY71PA5jLWDsKThVtogxuSlRpQkMdbE/50yBNy9QAmFFRndJVtsN79RVWObzLGoLusoblf6+5rFTEMJxfOwgMhVKEzI= ARC-Authentication-Results: i=3; server2.sourceware.org ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=RyGxcVm0gJ1/ToSG7fOxqWuWa8ZVmMJvR2WQ1S07XXbpNsENbw8fmawGzknlCsM3cvCjO0jN51MpNiFqYapRX7TQ4Ukt059LFpD+m6DWgSE4WWSLbUiX1zB4hL++eIFn1Ax0HrExY+Xg0IfzcMPfiYbASOsYUajuiK3yqHnLtmaW//TDtpm2uSq0XuEUHi7f6exvXmOJk9WcopWC6y6HX131+a/QJVv5lsduPqk+kgbvjggaaF41Y7LdKqkm5RMjzemr3VD14q1ZFfGkSNhYFjYZniX58nYoIxDNWyTK7IxXmf1HlZyZduU7gLZrqGkOM40nMXUFujEOKoWk9waI+g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vWVSQOQFqBbGVQs6GijyKPPAfYZvLP/kjJNXq0GrPbM=; b=jSAT403uNHRSgUl2OhjP1XR6vq+IUvoXtHmHUWcivyCVl9XPth3V7RTzXPcK3nhRrBFLmqMNHx1O7ORPz3Xn9jso9tKEHg2crrc/kuTEOdX8nJ3/DOaAOG6gg+jkzKDPzCEK58ayJdykuLrq6sgLLiSxMrrBpvihVky4H8yaskNm/7cbuK69KJOApGTfIKKH8amGWkQsAApWJ+CjOwJ1OgfY2osCU7Kr1ciqLG1gZNBYkB3L1GTo6e6krZiYKUNj7YXHHXQBThvYC5SR6heTCr9tTR6Mcobv0UtIE17RB7RsiEgEyDAyItsknKtspb6zKhq+e4REUhx8U9Oxsi76Sw== ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=sourceware.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com]) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vWVSQOQFqBbGVQs6GijyKPPAfYZvLP/kjJNXq0GrPbM=; b=sUuRbfHAeXHUtHn8druMIDLVCs8qfcPGpVq15YwC7MKOGBh32IWvcXI1oRpSWmnwp97osUrEK1B7Q3WMF3LXfeRUMVtn0sd/o15f46u+s8IhemnkErPeeTMg2VDH7vwCoLntEiIUObM7+FkgJI6isyLGpPsua8h7ePhjQ+T3cgI= Received: from DB6PR0301CA0090.eurprd03.prod.outlook.com (2603:10a6:6:30::37) by DU0PR08MB10326.eurprd08.prod.outlook.com (2603:10a6:10:472::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.34; Mon, 5 Feb 2024 08:35:06 +0000 Received: from DB5PEPF00014B8B.eurprd02.prod.outlook.com (2603:10a6:6:30:cafe::72) by DB6PR0301CA0090.outlook.office365.com (2603:10a6:6:30::37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.34 via Frontend Transport; Mon, 5 Feb 2024 08:35:06 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5PEPF00014B8B.mail.protection.outlook.com (10.167.8.199) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.19 via Frontend Transport; Mon, 5 Feb 2024 08:35:05 +0000 Received: ("Tessian outbound 1076c872ecc6:v228"); Mon, 05 Feb 2024 08:35:05 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: c3a2be26ef0d2382 X-CR-MTA-TID: 64aa7808 Received: from 349ea29b4385.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 974034B8-9DA3-4599-91DB-407B557FF81E.1; Mon, 05 Feb 2024 08:34:58 +0000 Received: from EUR03-AM7-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 349ea29b4385.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 05 Feb 2024 08:34:58 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FJxkqyX0IhYiI+BD4nLDGOijGJcke46jDuUZ+2HXuYIuuXvzLAe889jFZSN8tJUYlxvU206/FPnNaGTVhlElFXiPT1RbbuLDpAfF3IDCuNH48ddIAG3dAT88KKPwuFu4houCCQpRlf5/3eLfTaDL6EJuHA7jbA1kbAvHf965RQBXvNciKwyeE0jOEpXrmExnE1BlQtCPAJqeRJhRk3ZO0gNfX9p7dO29g5BJWM9qJp5Iia3Y+iieC61aXCudVLZCnhkmqcDmGW2sv3zdY8tyCwGYkyw5HybpL6aBADpWAJ4jvtEfgmJd1vqJ3UY66H2rAXb73ImatQBkC8wRpLq7UA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vWVSQOQFqBbGVQs6GijyKPPAfYZvLP/kjJNXq0GrPbM=; b=aVpnoM3VeK0oTtv4GoNLi6B1mmrzcjiE6Hmh0y8LLlHxfFFZRaXYa0eOkMwShsAGbRLQJ/Z/xkygSHHS8mG4aTv7TCo68etq0llvgMrhhs/FgBnSaSqGwH8Ok+4YxpJxP/N0olNoHzCQBoAi7oTkgn5b8CsMXdhCe8chiMhthGo5LXByyznyjceC3CaP9bYOkkwJb4B5PymUy03ZBldMLYEoW2xRcywdH3n6BlMf6FDpAtfdqgDXPLF7KcBqI43MkuYFzOHiqp32O9zTKS3MDmXJ0C6ssA8MMeEYJm4cfroGiCckQYnimDU2tiswsT+umIAWX3eRsuUE1PMzUVpENQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vWVSQOQFqBbGVQs6GijyKPPAfYZvLP/kjJNXq0GrPbM=; b=sUuRbfHAeXHUtHn8druMIDLVCs8qfcPGpVq15YwC7MKOGBh32IWvcXI1oRpSWmnwp97osUrEK1B7Q3WMF3LXfeRUMVtn0sd/o15f46u+s8IhemnkErPeeTMg2VDH7vwCoLntEiIUObM7+FkgJI6isyLGpPsua8h7ePhjQ+T3cgI= Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; Received: from VI1PR08MB3919.eurprd08.prod.outlook.com (2603:10a6:803:c4::31) by GV1PR08MB8356.eurprd08.prod.outlook.com (2603:10a6:150:a6::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.34; Mon, 5 Feb 2024 08:34:56 +0000 Received: from VI1PR08MB3919.eurprd08.prod.outlook.com ([fe80::935e:b3a1:b0fd:99ac]) by VI1PR08MB3919.eurprd08.prod.outlook.com ([fe80::935e:b3a1:b0fd:99ac%4]) with mapi id 15.20.7249.032; Mon, 5 Feb 2024 08:34:55 +0000 Message-ID: <7cd725bb-8b54-4389-a822-200f02e72391@arm.com> Date: Mon, 5 Feb 2024 08:34:50 +0000 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] [gdb/tdep] Fix use-after-free in arm_exidx_fill_cache To: Tom de Vries , gdb-patches@sourceware.org References: <20240205055440.8889-1-tdevries@suse.de> Content-Language: en-US From: Luis Machado In-Reply-To: <20240205055440.8889-1-tdevries@suse.de> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-ClientProxiedBy: LO4P123CA0393.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:18f::20) To VI1PR08MB3919.eurprd08.prod.outlook.com (2603:10a6:803:c4::31) MIME-Version: 1.0 X-MS-TrafficTypeDiagnostic: VI1PR08MB3919:EE_|GV1PR08MB8356:EE_|DB5PEPF00014B8B:EE_|DU0PR08MB10326:EE_ X-MS-Office365-Filtering-Correlation-Id: 697f6418-673b-417a-dedf-08dc26255a68 x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: bGqxdWGfMICjd3B/fNo6CsjxCQICUeF726Smx6KjGQvA9J8wZ7WaCGfBQtLnrcMrqvWJpFxl4Bds+V+e8fxrgqZyyE22HxTv+FTZecOaUs14MSnHR4Fj1dWCspqieE8XX7+lrDk5xAzGdgSLzXQ8+S407a1XVV49YmKB/Da5w5sRyDBPw5yj7lmwxhNfTdGkx56jvo291kB3TjVb9J/OYSOJjXHwTNqeEia9oxpqCqfTaMTEZd8sxgSlPeEn9u9GlSnyaA5QUM/artcSBS2K/whTDxCfrMre+wR84DD9WQUw0NlBnozqm/Bvy44xt7JCqrgg8IKdpJo6MEO8Tjz1ZHExz5gBX6DN7fl03V0nYThCdDAeZG186nNFQCasZEpyFkuXIcSn2oauXib6s5WNaCzscnCh4Z3WQZXZR8Mt+6nUXfko5qtpTUm1wZ9PDrdGJexJaqSQQWR46Vxrb776JLgOt35iuzUV022Rxq6h9IIUu9dO583FYK5OIMGpvY/K5Ccru95j/1Tmv1+8IEaoEvXoN/hzGJEpbJ9DSy2uAMdbExmIeAQ8nyAx5u43kKy+02mewUqr/nWRSILIHT/AU7PDODanS8nsu1o4/wE01+OGUJUKfEWiiNxLOdcDXW1lu10SovsYSMFVHtgqqz2OwQ== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VI1PR08MB3919.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(346002)(376002)(136003)(366004)(396003)(39860400002)(230922051799003)(64100799003)(1800799012)(451199024)(186009)(84970400001)(31686004)(38100700002)(2906002)(83380400001)(86362001)(31696002)(966005)(2616005)(26005)(6666004)(6506007)(53546011)(6486002)(478600001)(6512007)(36756003)(66946007)(66556008)(66476007)(316002)(41300700001)(8676002)(8936002)(44832011)(5660300002)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1PR08MB8356 Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5PEPF00014B8B.eurprd02.prod.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: e523d55a-23e9-442d-91eb-08dc2625549a X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Z+t1fDDcugUelDpS9vNLqK9pWNi0sbAxeSPfHqtYiV1VTTrWk9ETqjenomABSRwRAV3TZKdwTybV4l8uEGE0P4Eml3lP/IaDN6t9OtIdZVDwB2TTJ0a1OYQW4gln3mDBYyWju8eSR2Yxe5DlsBTojOyG2+AEDZVf+Vg+kkwRWkNUnbhkkc3g1NH75smcMAVmclEbKLh50+5Xs0luPLHyQ/ZYep8IduBphTGensfPGrTlrAbEZRYAbcVkVVpDApwJhs82CO1bZaWdhODrGoufCchP4gfWfpdrGNV/IKNdQGq9z/3JAJsEC5fjxskcaWMeS7lmRXTqgLKmERwm3DNtUFnd1Q4aiIIgckv2Bn/T34VrsoX/jIcPev4fsWF62VbUE/vCGWObGyBfdL4M9H6BAv+0gSkQIYbI1TnBfb90MfxZYiJ0EkygiIhwN/rSVBEI2bHvy4LAF1fOHo9XM2WSH34imiN5iBZxkdeFfIiUfXkBSsedLt3PYyI1ZB27hrGyRNA+UC6zQtKn9yS/IVl2J0pVvaK2c4Ue/QDSDWUGS1/JlOiRQ1aK5/1Z1iqcRw/K6kvTMbuLBIQPLiviKsxy34grBkYxw0GnyfG0kXtyxldwYHl8BXxE8rR477dwOTLOE3Jd0bUy8Lm76LuVZhvSiM3AEBB3pYoALC9JqOZKxz8udfseTfHMbQOY3RTiupncIBBufOL6t1Hh+PIq+LcAFv20hdyprXnaaprqeffqbtp6C0Mu+jCAy0QTVThPPpmY X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230031)(4636009)(39860400002)(346002)(376002)(396003)(136003)(230922051799003)(64100799003)(186009)(1800799012)(82310400011)(451199024)(40470700004)(46966006)(36840700001)(41300700001)(2616005)(6506007)(26005)(53546011)(6512007)(47076005)(83380400001)(336012)(70206006)(40460700003)(84970400001)(316002)(40480700001)(8676002)(8936002)(478600001)(6486002)(36756003)(966005)(31686004)(6666004)(356005)(81166007)(86362001)(36860700001)(5660300002)(31696002)(82740400003)(70586007)(2906002)(44832011)(43740500002);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Feb 2024 08:35:05.2235 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 697f6418-673b-417a-dedf-08dc26255a68 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: DB5PEPF00014B8B.eurprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR08MB10326 X-Spam-Status: No, score=-11.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,FORGED_SPF_HELO,GIT_PATCH_0,KAM_DMARC_NONE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE,TXREP,T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 2/5/24 05:54, Tom de Vries wrote: > On arm-linux the linaro CI occasionally reports: > ... > (gdb) up 10 > #4 0x0001b864 in pthread_join () > (gdb) FAIL: gdb.threads/staticthreads.exp: up 10 > ... > while this is expected: > ... > (gdb) up 10 > #3 0x00010568 in main (argc=1, argv=0xfffeede4) at staticthreads.c:76 > 76 pthread_join (thread, NULL); > (gdb) PASS: gdb.threads/staticthreads.exp: up 10 > ... > > Thiago investigated the problem, and using valgrind found an invalid read in > arm_exidx_fill_cache. > > The problem happens as follows: > - an objfile and corresponding per_bfd are allocated > - some memory is allocated in arm_exidx_new_objfile using > objfile->objfile_obstack, for the "exception table entry cache". > - a symbol reread is triggered, and the objfile, including the > objfile_obstack, is destroyed > - a new objfile is allocated, using the same per_bfd > - again arm_exidx_new_objfile is called, but since the same per_bfd is used, > it doesn't allocate any new memory for the "exception table entry cache". > - the "exception table entry cache" is accessed by arm_exidx_fill_cache, > and we have a use-after-free. > > This is a regression since commit a2726d4ff80 ("[ARM] Store exception handling > information per-bfd instead of per-objfile"), which changed the "exception > table entry cache" from per-objfile to per-bfd, but failed to update the > obstack_alloc. > > Fix this by using objfile->per_bfd->storage_obstack instead of > objfile->objfile_obstack. > > I couldn't reproduce the FAIL myself, but Thiago confirmed that the patch > fixes it. > > Tested on arm-linux. > > PR tdep/31254 > Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=31254 > --- > gdb/arm-tdep.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/gdb/arm-tdep.c b/gdb/arm-tdep.c > index 0d0431e0d1c..861d50a6a3b 100644 > --- a/gdb/arm-tdep.c > +++ b/gdb/arm-tdep.c > @@ -2701,7 +2701,7 @@ arm_exidx_new_objfile (struct objfile *objfile) > if (n_bytes || n_words) > { > gdb_byte *p = entry > - = (gdb_byte *) obstack_alloc (&objfile->objfile_obstack, > + = (gdb_byte *) obstack_alloc (&objfile->per_bfd->storage_obstack, > n_bytes + n_words * 4 + 1); > > while (n_bytes--) > > base-commit: 029e52bac7f3a6dd8b39f7f3d298b73174da806b Looks like I missed a spot in the per-bfd conversion there. Thanks Thiago and Tom for the investigation and fix. This is OK. Approved-By: Luis Machado