From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 95824 invoked by alias); 26 Jun 2018 11:31:09 -0000 Mailing-List: contact gnu-gabi-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: gnu-gabi-owner@sourceware.org Received: (qmail 79203 invoked by uid 89); 26 Jun 2018 11:30:55 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.99.4 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.2 required=5.0 tests=AWL,BAYES_00,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=unusual, backtrace X-Spam-Status: No, score=-2.2 required=5.0 tests=AWL,BAYES_00,SPF_HELO_PASS autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-Spam-User: qpsmtpd, 3 recipients X-HELO: mx1.redhat.com Received: from mx3-rdu2.redhat.com (HELO mx1.redhat.com) (66.187.233.73) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 26 Jun 2018 11:30:54 +0000 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3A1BF40122B9; Tue, 26 Jun 2018 11:30:51 +0000 (UTC) Received: from oldenburg.str.redhat.com (ovpn-116-177.ams2.redhat.com [10.36.116.177]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 28EB32166B5D; Tue, 26 Jun 2018 11:30:50 +0000 (UTC) Subject: Re: Invalid program counters and unwinding To: Jakub Jelinek Cc: Nathan Sidwell , GCC , GNU C Library , Binutils , gnu-gabi@sourceware.org References: <7ada5491-f3f4-e048-dfec-6e51cd937163@acm.org> <0c58f1bb-220c-d03d-7375-6066fb7d53e6@redhat.com> <20180626112544.GP7166@tucnak> From: Florian Weimer Message-ID: <94c0c9cd-ab66-959a-fe46-9b14d3b8dfca@redhat.com> Date: Mon, 01 Jan 2018 00:00:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <20180626112544.GP7166@tucnak> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Tue, 26 Jun 2018 11:30:51 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Tue, 26 Jun 2018 11:30:51 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'fweimer@redhat.com' RCPT:'' X-IsSubscribed: yes X-SW-Source: 2018-q2/txt/msg00020.txt.bz2 On 06/26/2018 01:25 PM, Jakub Jelinek wrote: > On Tue, Jun 26, 2018 at 01:01:06PM +0200, Florian Weimer wrote: >> On 06/26/2018 12:56 PM, Nathan Sidwell wrote: >>> On 06/26/2018 05:26 AM, Florian Weimer wrote: >>> >>>> So it looks to me that the caller of _Unwind_Find_FDE needs to >>>> ensure that the PC is a valid element of the call stack.  Is this a >>>> correct assumption? >>> >>> I thought this was an (implicit?) requirement. You're unwinding a stack >>> to deliver an exception up it.  Are there use cases where that is not >>> the case? >> >> We have something approaching this scenario. >> >> pthread_cancel in glibc unwinds the stack using DWARF information until >> encounters a frame without unwind information, when it switches to longjmp >> to get past that obstacle. >> >> However, at the point of transition from a valid DWARF frame into the >> wilderness (without unwind data), we should still have accurate information >> on the caller's PC, so _Unwind_Find_FDE will reliably fail to find any >> unwind data for it. It's not a random pointer somewhere else, so I think >> even the pthread_cancel case is fully supported. > > The usual ways to get bogus PCs in the frames is: > 1) stack corruption > 2) setcontext/swapcontext with uninitialized or corrupted ucontext_t > 3) bogus unwind info (compiler or linker etc. bug) But if that happens, all bets are off, and we could still get a crash with the current implementation. And any approach which does not inhibit concurrent dlclose will only make things worse if there are such concurrent calls, which is perhaps an unusual combination. > At least for unwinding, I think we don't and shouldn't care, we assume only > valid programs. For cases like _Unwind_Backtrace when used to print info in > case of fatal signal or stack corruption, it is more questionable, but at > least the current implmentation doesn't care either. At least glibc no longer tries to print a backtrace from a corrupted stack. Thanks, Florian