From: Florian Weimer <fweimer@redhat.com>
To: "H.J. Lu" <hjl.tools@gmail.com>,
GNU C Library <libc-alpha@sourceware.org>,
GCC Development <gcc@gcc.gnu.org>,
Carlos O'Donell <carlos@redhat.com>
Subject: Re: RFA: Need to extend x86 psABI to support thread cancellation and alternate signal stack
Date: Tue, 27 Mar 2018 06:31:00 -0000 [thread overview]
Message-ID: <d90b8489-87e9-794c-e8b1-81ee1058bba2@redhat.com> (raw)
In-Reply-To: <CAMe9rOp_ODUck1Oa6cRPKVRkedQ=sq8RrNwPtBQ5RSvyEun-iw@mail.gmail.com>
On 03/27/2018 12:43 AM, H.J. Lu wrote:
> On Linux, when alternate signal stack is used with thread cancellation,
> _Unwind_Resume fails when it tries to unwind shadow stack from signal
> handler on alternate signal stack. The issue is that signal handler on
> alternate signal stack uses a separate shadow stack and we must switch
> to the original shadow stack to unwind it. But frame count will be wrong
> in this case. For thread cancellation, there is no need to unwind shadow
> stack since it will long jump back and exit.
>
> One possibility is
>
> 1. Add _URC_NO_REASON_CANCEL.
> 2. unwind_stop in libpthread returns _URC_NO_REASON_CANCEL.
> 3. _Unwind_ForcedUnwind_Phase2 sets frames to 1 for
> _URC_NO_REASON_CANCEL
I assume the sequence of events goes like this:
1. The program receives a signal with a SA_ONSTACK handler.
2. The program switches to the alternate signal stack (including an
alternate shadow stack) and runs the handler.
3. The handler reaches a cancellation point.
4. Cancellation is acted upon.
During unwinding, INCSSP is executed as needed. The switch from the
alternate signal stack is implicit in the SP register restore. But
there is no corresponding stack switch back to the original shadow
stack. This means that INCSSP faults once the alternate stack is empty.
Is this description accurate?
I think this has to be fixed entirely within the libgcc unwinder.
Otherwise, any application which throws from a (synchronous) signal
handler will have the same issue, and I think this is something we need
to support.
It may be possible to implement this without kernel changes: Patch the
interrupted context to continue unwinding, and then call sigreturn to
switch both stacks at the same time.
Thanks,
Florian
next prev parent reply other threads:[~2018-03-27 6:31 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-26 22:43 H.J. Lu
2018-03-27 6:31 ` Florian Weimer [this message]
2018-03-27 11:26 ` H.J. Lu
2018-03-27 15:43 ` Florian Weimer
2018-03-27 15:55 ` H.J. Lu
2018-03-28 13:04 ` H.J. Lu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d90b8489-87e9-794c-e8b1-81ee1058bba2@redhat.com \
--to=fweimer@redhat.com \
--cc=carlos@redhat.com \
--cc=gcc@gcc.gnu.org \
--cc=hjl.tools@gmail.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).