From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 60800 invoked by alias); 18 Dec 2017 13:19:18 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Received: (qmail 60790 invoked by uid 89); 18 Dec 2017 13:19:18 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.7 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=Hx-languages-length:2917 X-HELO: mail-ot0-f195.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=TQj5lhRCm8Ot44rybgR01dFsMY2EAcOyIDrksrgc8xE=; b=rI9+mSWY0uB98FdHO4hY4b4WHWK7Q5drizXJpbSHxLAsVYeithqWFSP23GFziT4tmo fuA+qJ/O2MnctMtX1xWykATmAPCvibXKvS7O+4aF2qtpXWVZ6PWPvOvB4DoxBzAQpdBy g9r1jYiDNwMJ5/cHTRX3y+WYc7HONVvTHQRExTOmash0ocl0X1+Ev4HbMcARCHV1+FIH gZ3JjvJLXQ9I3YSFint+CjN/65ypzn0uZryYyuf3F5XpqNu7n67I89Gde3kq3nSYFG9S tkRsnSjhe8KUodEKohEpD/tCrypL4/hd/SWJLyC5njc0LKYzfI1Wvrb1uu2rD8syz6DM kfLw== X-Gm-Message-State: AKGB3mL3seg/hUWClrPEl1693U/Wgy6mY7CifwX2iX2TkFgGISqtAiea Bui7/tvylqR0hrhnWxWhX8WGZIDIkAPgSyu5vfM= X-Google-Smtp-Source: ACJfBosFN87deZF2fEtufeya2QwY6egcXoUxhdbDiMkCHXTGTWTv6xV46It2j1O7CLHh4hIsREY0+RUZMk7dwGQX4c4= X-Received: by 10.157.65.241 with SMTP id v46mr2824359oti.365.1513603154548; Mon, 18 Dec 2017 05:19:14 -0800 (PST) MIME-Version: 1.0 In-Reply-To: References: <20171207174057.GA32196@gmail.com> <7e890f53-c331-d86e-ad13-b380a69d99eb@redhat.com> <814691a7-d946-1794-d6d8-7861f9ed2067@redhat.com> <08cf7c54-8bf0-27c0-863a-65cb76dd0728@redhat.com> <4e80a87a-c90a-85a6-daf1-cbbf71d0bf58@redhat.com> From: "H.J. Lu" Date: Mon, 18 Dec 2017 13:19:00 -0000 Message-ID: Subject: Re: [PATCH 1/2] Linux/x86: Update cancel_jmp_buf to match __jmp_buf_tag [BZ #22563] To: Florian Weimer Cc: GNU C Library Content-Type: text/plain; charset="UTF-8" X-SW-Source: 2017-12/txt/msg00549.txt.bz2 On Mon, Dec 18, 2017 at 4:52 AM, Florian Weimer wrote: > On 12/18/2017 01:25 PM, H.J. Lu wrote: >> >> If we don't restore shadow stack pointer, when we jump back to >> tst-foo.c:45, >> shadow stack won't match call stack when threadfunc () returns. > > > But threadfunc never returns if the thread is canceled, so I'm still as > puzzled as before. Sorry. True, threadfunc never returns. Instead, it lonjmps back to start_thread: Thread 2 "tst-foo" hit Breakpoint 2, __longjmp () at ../sysdeps/unix/sysv/linux/x86_64/__longjmp.S:30 30 ENTRY(__longjmp) (gdb) bt #0 __longjmp () at ../sysdeps/unix/sysv/linux/x86_64/__longjmp.S:30 #1 0x00007ffff7837f5f in __libc_siglongjmp (env=env@entry=0x7ffff7800eb0, val=val@entry=1) at longjmp.c:39 #2 0x00007ffff7bc899d in unwind_stop (version=, actions=, exc_class=, exc_obj=, context=, stop_parameter=0x7ffff7800eb0) at unwind.c:94 #3 0x00007ffff6df9b1e in _Unwind_ForcedUnwind_Phase2 ( exc=exc@entry=0x7ffff7801d70, context=context@entry=0x7ffff7800c40, frames_p=frames_p@entry=0x7ffff7800b48) at /export/gnu/import/git/sources/gcc/libgcc/unwind.inc:170 #4 0x00007ffff6dfa170 in _Unwind_ForcedUnwind (exc=0x7ffff7801d70, stop=stop@entry=0x7ffff7bc88e0 , stop_argument=) at /export/gnu/import/git/sources/gcc/libgcc/unwind.inc:217 #5 0x00007ffff7bc8a84 in __GI___pthread_unwind (buf=) at unwind.c:121 #6 0x00007ffff7bc8aa4 in __GI___pthread_unwind_next ( buf=buf@entry=0x7ffff7800da0) at unwind.c:136 #7 0x0000000000400e4f in threadfunc (closure=) at tst-foo.c:44 #8 0x00007ffff7bbfcde in start_thread (arg=) at pthread_create.c:463 #9 0x00007ffff78f5f73 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 (gdb) 104 jmpq *%rdx (gdb) next start_thread (arg=) at pthread_create.c:436 436 if (__glibc_likely (! not_first_call)) (gdb) bt #0 start_thread (arg=) at pthread_create.c:436 #1 0x00007ffff78f5f73 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 (gdb) list 431 unwind_buf.priv.data.prev = NULL; 432 unwind_buf.priv.data.cleanup = NULL; 433 434 int not_first_call; 435 not_first_call = setjmp ((struct __jmp_buf_tag *) unwind_buf.cancel_jmp_buf); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This has to save and restore shadow stack pointer. Since we only have one __sigsetjmp and one __longjmp, when shadow stack is enabled, they have to save and restore shadow stack pointer. It means cancel_jmp_buf has to match __jmp_buf_tag. 436 if (__glibc_likely (! not_first_call)) 437 { 438 /* Store the new cleanup handler info. */ 439 THREAD_SETMEM (pd, cleanup_jmp_buf, &unwind_buf); 440 (gdb) Does it answer your question? -- H.J.