From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 2113 invoked by alias); 18 Dec 2017 12:25:35 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Received: (qmail 2102 invoked by uid 89); 18 Dec 2017 12:25:34 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.9 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy= X-HELO: mail-oi0-f68.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Jbtq0KzFLtW+e1G+kOqGIzLOyNsG+/vLcQ09Ad32Wiw=; b=En+gcVuQN7A7DYYlla80jUNKfhRffxaMXVGKGu11EYSdjSpXgbFLJCqGBOMG32Staz JYpDsRoY2/Y0D9coqhcpaIBgUPhsA+o9IA1dNk6neNjaLRjkZvLRjW8u+fBByRoOp6Yb fITNymj5l7cuHVnjsTfuXgLxiDF3aqecxPoMEd6bQwoi9KaHMVD8qoAUHKuHmxtBklS9 LtVWZb+lZaxnpvQYZ9wewFWHnMM82J6v2yZWbaOIwLqTP1YNoelE8w6yqZfLkWU7hPUd sOJCtlCilEeMZJZkgXPzHDz3/8lhltWwWN6bNYcIfz5hnVbpjBUrlde8sh2kSHg3Bwg0 QHuQ== X-Gm-Message-State: AKGB3mL3y8WN/yIAiOA1PoiqEYj5ABQER8g/EV3ZfC1tnKrbdVN4RG6P fpfabkpZ3KdhEj2k0DDnpkiPCE354HdPc+uvFwg= X-Google-Smtp-Source: ACJfBotDeYT83kJMS58TdBClLMgkrGaEaCNHsiagkshfoAGAABqWiHwpJlpjtYB1rbZje6fHkF7Ndm0ZHg8ud5AlmgQ= X-Received: by 10.202.205.131 with SMTP id d125mr13594710oig.250.1513599931246; Mon, 18 Dec 2017 04:25:31 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <4e80a87a-c90a-85a6-daf1-cbbf71d0bf58@redhat.com> References: <20171207174057.GA32196@gmail.com> <7e890f53-c331-d86e-ad13-b380a69d99eb@redhat.com> <814691a7-d946-1794-d6d8-7861f9ed2067@redhat.com> <08cf7c54-8bf0-27c0-863a-65cb76dd0728@redhat.com> <4e80a87a-c90a-85a6-daf1-cbbf71d0bf58@redhat.com> From: "H.J. Lu" Date: Mon, 18 Dec 2017 12:25:00 -0000 Message-ID: Subject: Re: [PATCH 1/2] Linux/x86: Update cancel_jmp_buf to match __jmp_buf_tag [BZ #22563] To: Florian Weimer Cc: GNU C Library Content-Type: text/plain; charset="UTF-8" X-SW-Source: 2017-12/txt/msg00546.txt.bz2 On Mon, Dec 18, 2017 at 3:49 AM, Florian Weimer wrote: > On 12/18/2017 12:42 PM, H.J. Lu wrote: >> >> We need to restore shadow stack pointer here so that we can jump back >> to the function where __sigsetjmp is called. > > > But neither __sigsetjmp (when called the second time) nor the function that > calls it return normally during cancellation, so it is still completely > unclear to me what issue you are observing. > > Could you post a backtrace from the CET verification failure, please? > Here is your testcase with full debug info: (gdb) r The program being debugged has been started already. Start it from the beginning? (y or n) y Starting program: /export/build/gnu/glibc-cet/build-x86_64-linux/nptl/tst-foo warning: Unable to find libthread_db matching inferior's thread library, thread debugging will not be available. Breakpoint 1, main () at tst-foo.c:52 52 { (gdb) ena 2 (gdb) c Continuing. [Switching to LWP 18711] Thread 2 "tst-foo" hit Breakpoint 2, __sigsetjmp () at ../sysdeps/unix/sysv/linux/x86_64/setjmp.S:26 26 ENTRY (__sigsetjmp) (gdb) bt #0 __sigsetjmp () at ../sysdeps/unix/sysv/linux/x86_64/setjmp.S:26 #1 0x0000000000400e15 in threadfunc (closure=) at tst-foo.c:44 #2 0x00007ffff7bbfcde in start_thread (arg=) at pthread_create.c:463 #3 0x00007ffff78f5f73 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 (gdb) f 1 #1 0x0000000000400e15 in threadfunc (closure=) at tst-foo.c:44 44 pthread_cleanup_push (handler1, NULL); Here we call __sigsetjmp with cancel_jmp_buf. There is a shadow stack for the normal call stack. We need to save shadow stack pointer so that we can lonjmp back here later. (gdb) dis 2 (gdb) ena 3 (gdb) c Continuing. Thread 2 "tst-foo" hit Breakpoint 3, __longjmp () at ../sysdeps/unix/sysv/linux/x86_64/__longjmp.S:30 30 ENTRY(__longjmp) (gdb) bt #0 __longjmp () at ../sysdeps/unix/sysv/linux/x86_64/__longjmp.S:30 If we don't restore shadow stack pointer, when we jump back to tst-foo.c:45, shadow stack won't match call stack when threadfunc () returns. #1 0x00007ffff7837f5f in __libc_siglongjmp (env=env@entry=0x7ffff7800ca0, val=val@entry=1) at longjmp.c:39 #2 0x00007ffff7bc899d in unwind_stop (version=, actions=, exc_class=, exc_obj=, context=, stop_parameter=0x7ffff7800ca0) at unwind.c:94 #3 0x00007ffff6df9b1e in _Unwind_ForcedUnwind_Phase2 (exc=exc@entry=0x7ffff7801d70, context=context@entry=0x7ffff7800550, frames_p=frames_p@entry=0x7ffff7800458) at /export/gnu/import/git/sources/gcc/libgcc/unwind.inc:170 #4 0x00007ffff6dfa170 in _Unwind_ForcedUnwind (exc=0x7ffff7801d70, stop=stop@entry=0x7ffff7bc88e0 , stop_argument=) at /export/gnu/import/git/sources/gcc/libgcc/unwind.inc:217 #5 0x00007ffff7bc8a84 in __GI___pthread_unwind (buf=) at unwind.c:121 #6 0x00007ffff7bbe46a in __do_cancel () at ./pthreadP.h:297 #7 sigcancel_handler (sig=, si=0x7ffff78007f0, ctx=) at nptl-init.c:216 #8 #9 0x00007ffff7bc99b2 in __libc_pause () at ../sysdeps/unix/sysv/linux/pause.c:30 #10 0x0000000000400d95 in pausefunc () at tst-foo.c:27 #11 0x0000000000400dca in handlerfunc () at tst-foo.c:35 #12 0x0000000000400e2a in threadfunc (closure=) at tst-foo.c:45 #13 0x00007ffff7bbfcde in start_thread (arg=) at pthread_create.c:463 #14 0x00007ffff78f5f73 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 (gdb) f 6 #6 0x00007ffff7bbe46a in __do_cancel () at ./pthreadP.h:297 297 __pthread_unwind ((__pthread_unwind_buf_t *) (gdb) list 292 struct pthread *self = THREAD_SELF; 293 294 /* Make sure we get no more cancellations. */ 295 THREAD_ATOMIC_BIT_SET (self, cancelhandling, EXITING_BIT); 296 297 __pthread_unwind ((__pthread_unwind_buf_t *) 298 THREAD_GETMEM (self, cleanup_jmp_buf)); 299 } 300 301 (gdb) Does it answer your question? -- H.J.