From: Florian Weimer <fweimer@redhat.com>
To: "H.J. Lu" <hjl.tools@gmail.com>
Cc: GNU C Library <libc-alpha@sourceware.org>
Subject: Re: [PATCH 1/2] Linux/x86: Update cancel_jmp_buf to match __jmp_buf_tag [BZ #22563]
Date: Mon, 18 Dec 2017 10:25:00 -0000 [thread overview]
Message-ID: <e7e3e22f-2bf7-eb69-e114-ae4352d816bb@redhat.com> (raw)
In-Reply-To: <CAMe9rOqkygr2gvrr6wjV-s0NEaw5juDyx9eju352C0wRb2_r2A@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2289 bytes --]
On 12/08/2017 03:25 AM, H.J. Lu wrote:
> Here is call stack during stack unwind:
>
> (gdb) bt
(snip)
> To unwind shadow stack, we need to save shadow stack pointer in
> __cancel_buf. This updated patch adds bits/types/__cancel_jmp_buf_tag.h
> to define struct __cancel_jmp_buf_tag so that Linux/x86 can add saved_mask
> to __cancel_jmp_buf. We will check if shadow stack is enabled before saving
> and restoring shadow stack pointer so that it works with the old smaller
> cancel_jmp_buf which doesn't have space for shadow stack pointer.
I still don't understand why you think you have to reset the shadow stack.
I used this test program:
#include <err.h>
#include <errno.h>
#include <pthread.h>
#include <stdbool.h>
#include <stdio.h>
#include <unistd.h>
__attribute__ ((noinline, noclone, weak))
void
handler1 (void *closure)
{
printf ("handler1 called\n");
}
__attribute__ ((noinline, noclone, weak))
void
handler2 (void *closure)
{
printf ("handler2 called\n");
}
__attribute__ ((noinline, noclone, weak))
void
pausefunc (void)
{
while (true)
pause ();
}
__attribute__ ((noinline, noclone, weak))
void
handlerfunc (void)
{
pthread_cleanup_push (handler2, NULL);
pausefunc ();
pthread_cleanup_pop (1);
}
__attribute__ ((noinline, noclone, weak))
void *
threadfunc (void *closure)
{
pthread_cleanup_push (handler1, NULL);
handlerfunc ();
pthread_cleanup_pop (0);
return NULL;
}
int
main (void)
{
pthread_t thr;
int ret = pthread_create (&thr, NULL, threadfunc, NULL);
if (ret != 0)
{
errno = ret;
err (1, "pthread_create");
}
ret = pthread_cancel (thr);
if (ret != 0)
{
errno = ret;
err (1, "pthread_cancel");
}
void *result;
ret = pthread_join (thr, &result);
if (ret != 0)
{
errno = ret;
err (1, "pthread_join");
}
if (result != PTHREAD_CANCELED)
errx (1, "pthread_join did not return PTHREAD_CANCEL, but %p", result);
return 0;
}
See the attached GDB log. As you can see, I set breakpoints on all
pre-existing RET instructions on the call stack (which would be
protected by the shadow stack with CET). None of the RET instructions
actually execute, ergo we do not have to restore the shadow stack.
Thanks,
Florian
[-- Attachment #2: gdblog.txt --]
[-- Type: text/plain, Size: 23098 bytes --]
gdb ./simple-cancel
GNU gdb (GDB) Fedora 8.0.1-33.fc26
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./simple-cancel...done.
(gdb) r
Starting program: /home/fweimer/tmp/simple-cancel
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7ffff77e1700 (LWP 12256)]
handler2 called
handler1 called
[Thread 0x7ffff77e1700 (LWP 12256) exited]
[Inferior 1 (process 12252) exited normally]
Missing separate debuginfos, use: dnf debuginfo-install libgcc-7.2.1-2.fc26.x86_64
(gdb) break sigcancel_handler
Breakpoint 1 at 0x7ffff7bbc960: file nptl-init.c, line 187.
(gdb) r
Starting program: /home/fweimer/tmp/simple-cancel
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7ffff77e1700 (LWP 12258)]
[Switching to Thread 0x7ffff77e1700 (LWP 12258)]
Thread 2 "simple-cancel" hit Breakpoint 1, sigcancel_handler (sig=32, si=0x7ffff77e09b0, ctx=0x7ffff77e0880)
at nptl-init.c:187
187 if (sig != SIGCANCEL
(gdb) bt
#0 sigcancel_handler (sig=32, si=0x7ffff77e09b0, ctx=0x7ffff77e0880) at nptl-init.c:187
#1 <signal handler called>
#2 0x00007ffff7bc89ed in pause () at ../sysdeps/unix/syscall-template.S:84
#3 0x000000000040098d in pausefunc () at simple-cancel.c:27
#4 0x00000000004009af in handlerfunc () at simple-cancel.c:35
#5 0x00000000004009ff in threadfunc (closure=<optimized out>) at simple-cancel.c:45
#6 0x00007ffff7bbe36d in start_thread (arg=0x7ffff77e1700) at pthread_create.c:456
#7 0x00007ffff78f2e1f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
(gdb) up
#1 <signal handler called>
(gdb) down
#0 sigcancel_handler (sig=32, si=0x7ffff77e09b0, ctx=0x7ffff77e0880) at nptl-init.c:187
187 if (sig != SIGCANCEL
(gdb) disas
Dump of assembler code for function sigcancel_handler:
=> 0x00007ffff7bbc960 <+0>: cmp $0x20,%edi
0x00007ffff7bbc963 <+3>: je 0x7ffff7bbc970 <sigcancel_handler+16>
0x00007ffff7bbc965 <+5>: repz retq
0x00007ffff7bbc967 <+7>: nopw 0x0(%rax,%rax,1)
0x00007ffff7bbc970 <+16>: push %rbp
0x00007ffff7bbc971 <+17>: push %rbx
0x00007ffff7bbc972 <+18>: mov %rsi,%rbx
0x00007ffff7bbc975 <+21>: sub $0x8,%rsp
0x00007ffff7bbc979 <+25>: mov 0x10(%rsi),%ebp
0x00007ffff7bbc97c <+28>: callq 0x7ffff7bbc670
0x00007ffff7bbc981 <+33>: cmp %eax,%ebp
0x00007ffff7bbc983 <+35>: je 0x7ffff7bbc990 <sigcancel_handler+48>
0x00007ffff7bbc985 <+37>: add $0x8,%rsp
0x00007ffff7bbc989 <+41>: pop %rbx
0x00007ffff7bbc98a <+42>: pop %rbp
0x00007ffff7bbc98b <+43>: retq
0x00007ffff7bbc98c <+44>: nopl 0x0(%rax)
0x00007ffff7bbc990 <+48>: cmpl $0xfffffffa,0x8(%rbx)
0x00007ffff7bbc994 <+52>: jne 0x7ffff7bbc985 <sigcancel_handler+37>
0x00007ffff7bbc996 <+54>: mov %fs:0x308,%edx
0x00007ffff7bbc99e <+62>: jmp 0x7ffff7bbc9b7 <sigcancel_handler+87>
0x00007ffff7bbc9a0 <+64>: test $0x10,%dl
0x00007ffff7bbc9a3 <+67>: jne 0x7ffff7bbc985 <sigcancel_handler+37>
0x00007ffff7bbc9a5 <+69>: mov %edx,%eax
0x00007ffff7bbc9a7 <+71>: lock cmpxchg %ecx,%fs:0x308
0x00007ffff7bbc9b1 <+81>: cmp %eax,%edx
0x00007ffff7bbc9b3 <+83>: je 0x7ffff7bbc9c8 <sigcancel_handler+104>
0x00007ffff7bbc9b5 <+85>: mov %eax,%edx
0x00007ffff7bbc9b7 <+87>: mov %edx,%ecx
0x00007ffff7bbc9b9 <+89>: or $0xc,%ecx
0x00007ffff7bbc9bc <+92>: cmp %ecx,%edx
0x00007ffff7bbc9be <+94>: jne 0x7ffff7bbc9a0 <sigcancel_handler+64>
0x00007ffff7bbc9c0 <+96>: jmp 0x7ffff7bbc985 <sigcancel_handler+37>
0x00007ffff7bbc9c2 <+98>: nopw 0x0(%rax,%rax,1)
0x00007ffff7bbc9c8 <+104>: movq $0xffffffffffffffff,%fs:0x630
0x00007ffff7bbc9d5 <+117>: and $0x2,%edx
0x00007ffff7bbc9d8 <+120>: je 0x7ffff7bbc985 <sigcancel_handler+37>
0x00007ffff7bbc9da <+122>: lock orl $0x10,%fs:0x308
0x00007ffff7bbc9e4 <+132>: mov %fs:0x300,%rdi
0x00007ffff7bbc9ed <+141>: callq 0x7ffff7bc7e60 <__GI___pthread_unwind>
End of assembler dump.
(gdb) break *0x00007ffff7bbc965
Breakpoint 2 at 0x7ffff7bbc965: file nptl-init.c, line 187.
(gdb) break *0x00007ffff7bbc98b
Breakpoint 3 at 0x7ffff7bbc98b: file nptl-init.c, line 223.
(gdb) up
#1 <signal handler called>
(gdb) disas
Dump of assembler code for function __restore_rt:
=> 0x00007ffff7bc93b0 <+0>: mov $0xf,%rax
0x00007ffff7bc93b7 <+7>: syscall
0x00007ffff7bc93b9 <+9>: nopl 0x0(%rax)
End of assembler dump.
(gdb) up
#2 0x00007ffff7bc89ed in pause () at ../sysdeps/unix/syscall-template.S:84
84 T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS)
(gdb) disas
Dump of assembler code for function pause:
0x00007ffff7bc89c0 <+0>: cmpl $0x0,0x20c7b9(%rip) # 0x7ffff7dd5180 <__pthread_multiple_threads>
0x00007ffff7bc89c7 <+7>: jne 0x7ffff7bc89d9 <pause+25>
0x00007ffff7bc89c9 <+0>: mov $0x22,%eax
0x00007ffff7bc89ce <+5>: syscall
0x00007ffff7bc89d0 <+7>: cmp $0xfffffffffffff001,%rax
0x00007ffff7bc89d6 <+13>: jae 0x7ffff7bc8a09 <pause+73>
0x00007ffff7bc89d8 <+15>: retq
0x00007ffff7bc89d9 <+25>: sub $0x8,%rsp
0x00007ffff7bc89dd <+29>: callq 0x7ffff7bc7f90 <__pthread_enable_asynccancel>
0x00007ffff7bc89e2 <+34>: mov %rax,(%rsp)
0x00007ffff7bc89e6 <+38>: mov $0x22,%eax
0x00007ffff7bc89eb <+43>: syscall
=> 0x00007ffff7bc89ed <+45>: mov (%rsp),%rdi
0x00007ffff7bc89f1 <+49>: mov %rax,%rdx
0x00007ffff7bc89f4 <+52>: callq 0x7ffff7bc7ff0 <__pthread_disable_asynccancel>
0x00007ffff7bc89f9 <+57>: mov %rdx,%rax
0x00007ffff7bc89fc <+60>: add $0x8,%rsp
0x00007ffff7bc8a00 <+64>: cmp $0xfffffffffffff001,%rax
0x00007ffff7bc8a06 <+70>: jae 0x7ffff7bc8a09 <pause+73>
0x00007ffff7bc8a08 <+72>: retq
0x00007ffff7bc8a09 <+73>: mov 0x208370(%rip),%rcx # 0x7ffff7dd0d80
0x00007ffff7bc8a10 <+80>: neg %eax
0x00007ffff7bc8a12 <+82>: mov %eax,%fs:(%rcx)
0x00007ffff7bc8a15 <+85>: or $0xffffffffffffffff,%rax
0x00007ffff7bc8a19 <+89>: retq
End of assembler dump.
(gdb) break *0x00007ffff7bc89d8
Breakpoint 4 at 0x7ffff7bc89d8: file ../sysdeps/unix/syscall-template.S, line 84.
(gdb) break *0x00007ffff7bc8a08
Breakpoint 5 at 0x7ffff7bc8a08: file ../sysdeps/unix/syscall-template.S, line 85.
(gdb) break *0x00007ffff7bc8a19
Breakpoint 6 at 0x7ffff7bc8a19: file ../sysdeps/unix/syscall-template.S, line 86.
(gdb) up
#3 0x000000000040098d in pausefunc () at simple-cancel.c:27
27 pause ();
(gdb) disas
Dump of assembler code for function pausefunc:
0x0000000000400980 <+0>: sub $0x8,%rsp
0x0000000000400984 <+4>: nopl 0x0(%rax)
0x0000000000400988 <+8>: callq 0x400780 <pause@plt>
=> 0x000000000040098d <+13>: jmp 0x400988 <pausefunc+8>
End of assembler dump.
(gdb) up
#4 0x00000000004009af in handlerfunc () at simple-cancel.c:35
35 pausefunc ();
(gdb) disas
Dump of assembler code for function handlerfunc:
0x0000000000400990 <+0>: sub $0x78,%rsp
0x0000000000400994 <+4>: xor %esi,%esi
0x0000000000400996 <+6>: mov %rsp,%rdi
0x0000000000400999 <+9>: callq 0x4007c0 <__sigsetjmp@plt>
0x000000000040099e <+14>: test %eax,%eax
0x00000000004009a0 <+16>: jne 0x4009c8 <handlerfunc+56>
0x00000000004009a2 <+18>: mov %rsp,%rdi
0x00000000004009a5 <+21>: callq 0x400750 <__pthread_register_cancel@plt>
0x00000000004009aa <+26>: callq 0x400980 <pausefunc>
=> 0x00000000004009af <+31>: mov %rsp,%rdi
0x00000000004009b2 <+34>: callq 0x400770 <__pthread_unregister_cancel@plt>
0x00000000004009b7 <+39>: xor %edi,%edi
0x00000000004009b9 <+41>: callq 0x400970 <handler2>
0x00000000004009be <+46>: add $0x78,%rsp
0x00000000004009c2 <+50>: retq
0x00000000004009c3 <+51>: nopl 0x0(%rax,%rax,1)
0x00000000004009c8 <+56>: xor %edi,%edi
0x00000000004009ca <+58>: callq 0x400970 <handler2>
0x00000000004009cf <+63>: mov %rsp,%rdi
0x00000000004009d2 <+66>: callq 0x4007b0 <__pthread_unwind_next@plt>
End of assembler dump.
(gdb) break *0x00000000004009c2
Breakpoint 7 at 0x4009c2: file simple-cancel.c, line 37.
(gdb) up
#5 0x00000000004009ff in threadfunc (closure=<optimized out>) at simple-cancel.c:45
45 handlerfunc ();
(gdb) disas
Dump of assembler code for function threadfunc:
0x00000000004009e0 <+0>: sub $0x78,%rsp
0x00000000004009e4 <+4>: xor %esi,%esi
0x00000000004009e6 <+6>: mov %rsp,%rdi
0x00000000004009e9 <+9>: callq 0x4007c0 <__sigsetjmp@plt>
0x00000000004009ee <+14>: test %eax,%eax
0x00000000004009f0 <+16>: jne 0x400a10 <threadfunc+48>
0x00000000004009f2 <+18>: mov %rsp,%rdi
0x00000000004009f5 <+21>: callq 0x400750 <__pthread_register_cancel@plt>
0x00000000004009fa <+26>: callq 0x400990 <handlerfunc>
=> 0x00000000004009ff <+31>: mov %rsp,%rdi
0x0000000000400a02 <+34>: callq 0x400770 <__pthread_unregister_cancel@plt>
0x0000000000400a07 <+39>: xor %eax,%eax
0x0000000000400a09 <+41>: add $0x78,%rsp
0x0000000000400a0d <+45>: retq
0x0000000000400a0e <+46>: xchg %ax,%ax
0x0000000000400a10 <+48>: xor %edi,%edi
0x0000000000400a12 <+50>: callq 0x400960 <handler1>
0x0000000000400a17 <+55>: mov %rsp,%rdi
0x0000000000400a1a <+58>: callq 0x4007b0 <__pthread_unwind_next@plt>
End of assembler dump.
(gdb) break *0x0000000000400a0d
Breakpoint 8 at 0x400a0d: file simple-cancel.c, line 48.
(gdb) up
#6 0x00007ffff7bbe36d in start_thread (arg=0x7ffff77e1700) at pthread_create.c:456
456 THREAD_SETMEM (pd, result, CALL_THREAD_FCT (pd));
(gdb) disas
Dump of assembler code for function start_thread:
0x00007ffff7bbe290 <+0>: push %rbx
0x00007ffff7bbe291 <+1>: mov %rdi,%rbx
0x00007ffff7bbe294 <+4>: sub $0xa0,%rsp
0x00007ffff7bbe29b <+11>: mov %rdi,0x8(%rsp)
0x00007ffff7bbe2a0 <+16>: mov %fs:0x28,%rax
0x00007ffff7bbe2a9 <+25>: mov %rax,0x98(%rsp)
0x00007ffff7bbe2b1 <+33>: xor %eax,%eax
0x00007ffff7bbe2b3 <+35>: rdtsc
0x00007ffff7bbe2b5 <+37>: shl $0x20,%rdx
0x00007ffff7bbe2b9 <+41>: mov %eax,%eax
0x00007ffff7bbe2bb <+43>: or %rax,%rdx
0x00007ffff7bbe2be <+46>: mov %rdx,%fs:0x620
0x00007ffff7bbe2c7 <+55>: mov 0x212ada(%rip),%rax # 0x7ffff7dd0da8
0x00007ffff7bbe2ce <+62>: lea 0x6b8(%rdi),%rdx
0x00007ffff7bbe2d5 <+69>: mov %rdx,%fs:(%rax)
0x00007ffff7bbe2d9 <+73>: callq 0x7ffff7bbc780
0x00007ffff7bbe2de <+78>: xor %eax,%eax
0x00007ffff7bbe2e0 <+80>: xchg %eax,0x61c(%rbx)
0x00007ffff7bbe2e6 <+86>: cmp $0xfffffffe,%eax
0x00007ffff7bbe2e9 <+89>: je 0x7ffff7bbe46b <start_thread+475>
0x00007ffff7bbe2ef <+95>: mov 0x8(%rsp),%rbx
0x00007ffff7bbe2f4 <+100>: mov $0x18,%esi
0x00007ffff7bbe2f9 <+105>: mov $0x111,%eax
0x00007ffff7bbe2fe <+110>: lea 0x2e0(%rbx),%rdi
0x00007ffff7bbe305 <+117>: syscall
0x00007ffff7bbe307 <+119>: testb $0x4,0x614(%rbx)
0x00007ffff7bbe30e <+126>: jne 0x7ffff7bbe432 <start_thread+418>
0x00007ffff7bbe314 <+132>: lea 0x10(%rsp),%rdi
0x00007ffff7bbe319 <+137>: movq $0x0,0x58(%rsp)
0x00007ffff7bbe322 <+146>: movq $0x0,0x60(%rsp)
0x00007ffff7bbe32b <+155>: callq 0x7ffff7bbc6e0
0x00007ffff7bbe330 <+160>: test %eax,%eax
0x00007ffff7bbe332 <+162>: mov %eax,%ebx
0x00007ffff7bbe334 <+164>: jne 0x7ffff7bbe376 <start_thread+230>
0x00007ffff7bbe336 <+166>: lea 0x10(%rsp),%rax
0x00007ffff7bbe33b <+171>: mov %rax,%fs:0x300
0x00007ffff7bbe344 <+180>: mov 0x8(%rsp),%rax
0x00007ffff7bbe349 <+185>: cmpb $0x0,0x613(%rax)
0x00007ffff7bbe350 <+192>: jne 0x7ffff7bbe4d4 <start_thread+580>
0x00007ffff7bbe356 <+198>: mov 0x8(%rsp),%rax
0x00007ffff7bbe35b <+203>: nop
0x00007ffff7bbe35c <+204>: mov %fs:0x648,%rdi
0x00007ffff7bbe365 <+213>: callq *%fs:0x640
=> 0x00007ffff7bbe36d <+221>: mov %rax,%fs:0x630
0x00007ffff7bbe376 <+230>: callq 0x7ffff7bbc6d0
0x00007ffff7bbe37b <+235>: xor %eax,%eax
0x00007ffff7bbe37d <+237>: mov %fs:0x610,%al
0x00007ffff7bbe385 <+245>: test %al,%al
0x00007ffff7bbe387 <+247>: jne 0x7ffff7bbe428 <start_thread+408>
0x00007ffff7bbe38d <+253>: callq 0x7ffff7bbc710
0x00007ffff7bbe392 <+258>: lock decl 0x212c87(%rip) # 0x7ffff7dd1020 <__nptl_nthreads>
0x00007ffff7bbe399 <+265>: sete %al
0x00007ffff7bbe39c <+268>: test %al,%al
0x00007ffff7bbe39e <+270>: jne 0x7ffff7bbe5cd <start_thread+829>
0x00007ffff7bbe3a4 <+276>: mov 0x8(%rsp),%rax
0x00007ffff7bbe3a9 <+281>: cmpb $0x0,0x611(%rax)
0x00007ffff7bbe3b0 <+288>: jne 0x7ffff7bbe59f <start_thread+783>
0x00007ffff7bbe3b6 <+294>: mov 0x8(%rsp),%rbx
0x00007ffff7bbe3bb <+299>: lock orl $0x10,0x308(%rbx)
0x00007ffff7bbe3c3 <+307>: callq 0x7ffff7bbc758
0x00007ffff7bbe3c8 <+312>: mov 0x690(%rbx),%rdi
0x00007ffff7bbe3cf <+319>: neg %eax
0x00007ffff7bbe3d1 <+321>: mov %rsp,%rdx
0x00007ffff7bbe3d4 <+324>: cltq
0x00007ffff7bbe3d6 <+326>: sub %rdi,%rdx
0x00007ffff7bbe3d9 <+329>: and %rdx,%rax
0x00007ffff7bbe3dc <+332>: cmp %rax,0x698(%rbx)
0x00007ffff7bbe3e3 <+339>: jbe 0x7ffff7bbe4b5 <start_thread+549>
0x00007ffff7bbe3e9 <+345>: cmp $0x4000,%rax
0x00007ffff7bbe3ef <+351>: ja 0x7ffff7bbe617 <start_thread+903>
0x00007ffff7bbe3f5 <+357>: mov 0x8(%rsp),%rax
0x00007ffff7bbe3fa <+362>: cmp %rax,0x628(%rax)
0x00007ffff7bbe401 <+369>: je 0x7ffff7bbe608 <start_thread+888>
0x00007ffff7bbe407 <+375>: mov 0x8(%rsp),%rax
0x00007ffff7bbe40c <+380>: testb $0x40,0x308(%rax)
0x00007ffff7bbe413 <+387>: jne 0x7ffff7bbe53a <start_thread+682>
0x00007ffff7bbe419 <+393>: mov $0x3c,%edx
0x00007ffff7bbe41e <+398>: xchg %ax,%ax
0x00007ffff7bbe420 <+400>: xor %edi,%edi
0x00007ffff7bbe422 <+402>: mov %edx,%eax
0x00007ffff7bbe424 <+404>: syscall
0x00007ffff7bbe426 <+406>: jmp 0x7ffff7bbe420 <start_thread+400>
0x00007ffff7bbe428 <+408>: callq 0x7ffff7bbd020 <__nptl_deallocate_tsd>
0x00007ffff7bbe42d <+413>: jmpq 0x7ffff7bbe38d <start_thread+253>
0x00007ffff7bbe432 <+418>: lea 0x18(%rsp),%rdx
0x00007ffff7bbe437 <+423>: xor %eax,%eax
0x00007ffff7bbe439 <+425>: mov $0x1e,%ecx
0x00007ffff7bbe43e <+430>: lea 0x10(%rsp),%rsi
0x00007ffff7bbe443 <+435>: mov $0x8,%r10d
0x00007ffff7bbe449 <+441>: mov %rdx,%rdi
0x00007ffff7bbe44c <+444>: xor %edx,%edx
0x00007ffff7bbe44e <+446>: rep stos %eax,%es:(%rdi)
0x00007ffff7bbe450 <+448>: mov $0x80000000,%eax
0x00007ffff7bbe455 <+453>: mov $0x1,%edi
0x00007ffff7bbe45a <+458>: mov %rax,0x10(%rsp)
0x00007ffff7bbe45f <+463>: mov $0xe,%eax
0x00007ffff7bbe464 <+468>: syscall
0x00007ffff7bbe466 <+470>: jmpq 0x7ffff7bbe314 <start_thread+132>
0x00007ffff7bbe46b <+475>: mov 0x8(%rsp),%rax
0x00007ffff7bbe470 <+480>: xor %r10d,%r10d
0x00007ffff7bbe473 <+483>: mov $0x1,%edx
0x00007ffff7bbe478 <+488>: mov $0x81,%esi
0x00007ffff7bbe47d <+493>: lea 0x61c(%rax),%rdi
0x00007ffff7bbe484 <+500>: mov $0xca,%eax
0x00007ffff7bbe489 <+505>: syscall
0x00007ffff7bbe48b <+507>: cmp $0xfffffffffffff000,%rax
0x00007ffff7bbe491 <+513>: jbe 0x7ffff7bbe2ef <start_thread+95>
0x00007ffff7bbe497 <+519>: cmp $0xffffffea,%eax
0x00007ffff7bbe49a <+522>: je 0x7ffff7bbe2ef <start_thread+95>
0x00007ffff7bbe4a0 <+528>: cmp $0xfffffff2,%eax
0x00007ffff7bbe4a3 <+531>: je 0x7ffff7bbe2ef <start_thread+95>
0x00007ffff7bbe4a9 <+537>: lea 0xc770(%rip),%rdi # 0x7ffff7bcac20
0x00007ffff7bbe4b0 <+544>: callq 0x7ffff7bbc638
0x00007ffff7bbe4b5 <+549>: lea 0xc914(%rip),%rcx # 0x7ffff7bcadd0 <__PRETTY_FUNCTION__.11908>
0x00007ffff7bbe4bc <+556>: lea 0xc962(%rip),%rsi # 0x7ffff7bcae25
0x00007ffff7bbe4c3 <+563>: lea 0xc8b6(%rip),%rdi # 0x7ffff7bcad80
0x00007ffff7bbe4ca <+570>: mov $0x22a,%edx
0x00007ffff7bbe4cf <+575>: callq 0x7ffff7bbc6a0
0x00007ffff7bbe4d4 <+580>: callq 0x7ffff7bc7f90 <__pthread_enable_asynccancel>
0x00007ffff7bbe4d9 <+585>: mov $0x1,%esi
0x00007ffff7bbe4de <+590>: mov %eax,%edx
0x00007ffff7bbe4e0 <+592>: mov %ebx,%eax
0x00007ffff7bbe4e2 <+594>: mov 0x8(%rsp),%rbx
0x00007ffff7bbe4e7 <+599>: lock cmpxchg %esi,0x618(%rbx)
0x00007ffff7bbe4ef <+607>: je 0x7ffff7bbe50b <start_thread+635>
0x00007ffff7bbe4f1 <+609>: lea 0x618(%rbx),%rdi
0x00007ffff7bbe4f8 <+616>: sub $0x80,%rsp
0x00007ffff7bbe4ff <+623>: callq 0x7ffff7bc8050 <__lll_lock_wait_private>
0x00007ffff7bbe504 <+628>: add $0x80,%rsp
0x00007ffff7bbe50b <+635>: lock decl 0x618(%rbx)
0x00007ffff7bbe512 <+642>: je 0x7ffff7bbe52e <start_thread+670>
0x00007ffff7bbe514 <+644>: lea 0x618(%rbx),%rdi
0x00007ffff7bbe51b <+651>: sub $0x80,%rsp
0x00007ffff7bbe522 <+658>: callq 0x7ffff7bc8100 <__lll_unlock_wake_private>
0x00007ffff7bbe527 <+663>: add $0x80,%rsp
0x00007ffff7bbe52e <+670>: mov %edx,%edi
0x00007ffff7bbe530 <+672>: callq 0x7ffff7bc7ff0 <__pthread_disable_asynccancel>
0x00007ffff7bbe535 <+677>: jmpq 0x7ffff7bbe356 <start_thread+198>
0x00007ffff7bbe53a <+682>: lea 0x61c(%rax),%rbx
0x00007ffff7bbe541 <+689>: mov $0xca,%r9d
0x00007ffff7bbe547 <+695>: mov $0x1,%r8d
0x00007ffff7bbe54d <+701>: jmp 0x7ffff7bbe561 <start_thread+721>
0x00007ffff7bbe54f <+703>: mov 0x8(%rsp),%rax
0x00007ffff7bbe554 <+708>: testb $0x40,0x308(%rax)
0x00007ffff7bbe55b <+715>: je 0x7ffff7bbe62d <start_thread+925>
0x00007ffff7bbe561 <+721>: xor %r10d,%r10d
0x00007ffff7bbe564 <+724>: xor %edx,%edx
0x00007ffff7bbe566 <+726>: mov $0x80,%esi
0x00007ffff7bbe56b <+731>: mov %rbx,%rdi
0x00007ffff7bbe56e <+734>: mov %r9d,%eax
0x00007ffff7bbe571 <+737>: syscall
0x00007ffff7bbe573 <+739>: cmp $0xfffffffffffff000,%rax
0x00007ffff7bbe579 <+745>: jbe 0x7ffff7bbe54f <start_thread+703>
0x00007ffff7bbe57b <+747>: add $0xb,%eax
0x00007ffff7bbe57e <+750>: cmp $0xb,%eax
0x00007ffff7bbe581 <+753>: ja 0x7ffff7bbe4a9 <start_thread+537>
0x00007ffff7bbe587 <+759>: mov %eax,%ecx
0x00007ffff7bbe589 <+761>: mov %r8,%rsi
0x00007ffff7bbe58c <+764>: shl %cl,%rsi
0x00007ffff7bbe58f <+767>: mov %rsi,%rax
0x00007ffff7bbe592 <+770>: test $0x881,%eax
0x00007ffff7bbe597 <+775>: je 0x7ffff7bbe4a9 <start_thread+537>
0x00007ffff7bbe59d <+781>: jmp 0x7ffff7bbe54f <start_thread+703>
0x00007ffff7bbe59f <+783>: mov 0x8(%rsp),%rcx
0x00007ffff7bbe5a4 <+788>: mov 0x216b36(%rip),%eax # 0x7ffff7dd50e0 <__nptl_threads_events>
0x00007ffff7bbe5aa <+794>: or 0x650(%rcx),%eax
0x00007ffff7bbe5b0 <+800>: test $0x1,%ah
0x00007ffff7bbe5b3 <+803>: je 0x7ffff7bbe3b6 <start_thread+294>
0x00007ffff7bbe5b9 <+809>: cmpq $0x0,0x668(%rcx)
0x00007ffff7bbe5c1 <+817>: je 0x7ffff7bbe5d4 <start_thread+836>
0x00007ffff7bbe5c3 <+819>: callq 0x7ffff7bbced0 <__nptl_death_event>
0x00007ffff7bbe5c8 <+824>: jmpq 0x7ffff7bbe3b6 <start_thread+294>
0x00007ffff7bbe5cd <+829>: xor %edi,%edi
0x00007ffff7bbe5cf <+831>: callq 0x7ffff7bbc810
0x00007ffff7bbe5d4 <+836>: mov %rcx,%rax
0x00007ffff7bbe5d7 <+839>: movl $0x9,0x658(%rcx)
0x00007ffff7bbe5e1 <+849>: mov %rcx,0x660(%rax)
0x00007ffff7bbe5e8 <+856>: mov 0x216ae9(%rip),%rax # 0x7ffff7dd50d8 <__nptl_last_event>
0x00007ffff7bbe5ef <+863>: mov 0x8(%rsp),%rsi
0x00007ffff7bbe5f4 <+868>: mov %rax,0x668(%rsi)
0x00007ffff7bbe5fb <+875>: lock cmpxchg %rsi,0x216ad4(%rip) # 0x7ffff7dd50d8 <__nptl_last_event>
0x00007ffff7bbe604 <+884>: je 0x7ffff7bbe5c3 <start_thread+819>
0x00007ffff7bbe606 <+886>: jmp 0x7ffff7bbe5e8 <start_thread+856>
0x00007ffff7bbe608 <+888>: mov 0x8(%rsp),%rdi
0x00007ffff7bbe60d <+893>: callq 0x7ffff7bbe0a0 <__free_tcb>
0x00007ffff7bbe612 <+898>: jmpq 0x7ffff7bbe419 <start_thread+393>
0x00007ffff7bbe617 <+903>: lea -0x4000(%rax),%rsi
0x00007ffff7bbe61e <+910>: mov $0x4,%edx
0x00007ffff7bbe623 <+915>: callq 0x7ffff7bbc7b8
0x00007ffff7bbe628 <+920>: jmpq 0x7ffff7bbe3f5 <start_thread+357>
0x00007ffff7bbe62d <+925>: movl $0x0,0x61c(%rax)
0x00007ffff7bbe637 <+935>: jmpq 0x7ffff7bbe419 <start_thread+393>
End of assembler dump.
(gdb) up
#7 0x00007ffff78f2e1f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
97 call *%rax
(gdb) disas
Dump of assembler code for function clone:
0x00007ffff78f2de0 <+0>: mov $0xffffffffffffffea,%rax
0x00007ffff78f2de7 <+7>: test %rdi,%rdi
0x00007ffff78f2dea <+10>: je 0x7ffff78f2e27 <clone+71>
0x00007ffff78f2dec <+12>: test %rsi,%rsi
0x00007ffff78f2def <+15>: je 0x7ffff78f2e27 <clone+71>
0x00007ffff78f2df1 <+17>: sub $0x10,%rsi
0x00007ffff78f2df5 <+21>: mov %rcx,0x8(%rsi)
0x00007ffff78f2df9 <+25>: mov %rdi,(%rsi)
0x00007ffff78f2dfc <+28>: mov %rdx,%rdi
0x00007ffff78f2dff <+31>: mov %r8,%rdx
0x00007ffff78f2e02 <+34>: mov %r9,%r8
0x00007ffff78f2e05 <+37>: mov 0x8(%rsp),%r10
0x00007ffff78f2e0a <+42>: mov $0x38,%eax
0x00007ffff78f2e0f <+47>: syscall
0x00007ffff78f2e11 <+49>: test %rax,%rax
0x00007ffff78f2e14 <+52>: jl 0x7ffff78f2e27 <clone+71>
0x00007ffff78f2e16 <+54>: je 0x7ffff78f2e19 <clone+57>
0x00007ffff78f2e18 <+56>: retq
0x00007ffff78f2e19 <+57>: xor %ebp,%ebp
0x00007ffff78f2e1b <+59>: pop %rax
0x00007ffff78f2e1c <+60>: pop %rdi
0x00007ffff78f2e1d <+61>: callq *%rax
=> 0x00007ffff78f2e1f <+63>: mov %rax,%rdi
0x00007ffff78f2e22 <+66>: callq 0x7ffff78b6fc0 <__GI__exit>
0x00007ffff78f2e27 <+71>: mov 0x2be03a(%rip),%rcx # 0x7ffff7bb0e68
0x00007ffff78f2e2e <+78>: neg %eax
0x00007ffff78f2e30 <+80>: mov %eax,%fs:(%rcx)
0x00007ffff78f2e33 <+83>: or $0xffffffffffffffff,%rax
0x00007ffff78f2e37 <+87>: retq
End of assembler dump.
(gdb) break *0x00007ffff78f2e37
Breakpoint 9 at 0x7ffff78f2e37: file ../sysdeps/unix/sysv/linux/x86_64/clone.S, line 104.
(gdb) up
Initial frame selected; you cannot go up.
(gdb) c
Continuing.
handler2 called
handler1 called
[Thread 0x7ffff77e1700 (LWP 12258) exited]
[Inferior 1 (process 12257) exited normally]
(gdb)
next prev parent reply other threads:[~2017-12-18 10:25 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-07 17:41 H.J. Lu
2017-12-07 17:58 ` Joseph Myers
2017-12-07 18:37 ` Florian Weimer
2017-12-07 18:59 ` H.J. Lu
2017-12-07 19:09 ` Florian Weimer
2017-12-07 19:12 ` H.J. Lu
2017-12-07 19:14 ` Florian Weimer
2017-12-07 19:19 ` H.J. Lu
2017-12-07 19:25 ` Florian Weimer
2017-12-07 19:35 ` H.J. Lu
2017-12-08 2:25 ` H.J. Lu
2017-12-14 13:06 ` H.J. Lu
2017-12-15 17:43 ` H.J. Lu
2017-12-18 10:25 ` Florian Weimer [this message]
2017-12-18 11:42 ` H.J. Lu
2017-12-18 11:49 ` Florian Weimer
2017-12-18 12:25 ` H.J. Lu
2017-12-18 12:52 ` Florian Weimer
2017-12-18 13:19 ` H.J. Lu
2017-12-18 14:13 ` H.J. Lu
2017-12-18 14:45 ` Andreas Schwab
2017-12-18 14:48 ` H.J. Lu
2017-12-18 16:29 ` H.J. Lu
2018-01-09 10:47 ` Florian Weimer
2018-01-09 12:17 ` H.J. Lu
2018-01-09 16:20 ` Senkevich, Andrew
2018-01-21 16:16 ` Aurelien Jarno
2018-01-21 16:27 ` H.J. Lu
2018-01-21 16:50 ` Carlos O'Donell
2018-01-22 14:44 ` Senkevich, Andrew
2018-01-23 19:35 ` Carlos O'Donell
2018-01-23 21:13 ` Senkevich, Andrew
2018-01-24 18:08 ` H.J. Lu
2018-01-24 18:23 ` Florian Weimer
2018-01-25 0:32 ` Carlos O'Donell
2018-01-25 0:56 ` Joseph Myers
2018-01-25 1:09 ` H.J. Lu
2018-01-25 1:44 ` Carlos O'Donell
2018-01-25 1:48 ` Dmitry V. Levin
2018-01-25 4:53 ` [PATCH] Revert Intel CET changes to __jmp_buf_tag (Bug 22743) Carlos O'Donell
2018-01-25 5:33 ` H.J. Lu
2018-01-25 9:47 ` Florian Weimer
2018-01-25 12:38 ` H.J. Lu
2018-01-25 12:50 ` Florian Weimer
2018-01-25 13:00 ` H.J. Lu
2018-01-25 14:56 ` Zack Weinberg
2018-01-25 15:33 ` H.J. Lu
2018-01-25 16:22 ` Zack Weinberg
2018-01-25 16:28 ` H.J. Lu
2018-01-25 16:36 ` Carlos O'Donell
2018-01-25 16:40 ` H.J. Lu
2018-01-25 16:46 ` Carlos O'Donell
2018-01-25 17:01 ` H.J. Lu
2018-01-26 7:46 ` Carlos O'Donell
2018-01-28 18:40 ` H.J. Lu
2018-01-25 16:47 ` Florian Weimer
2018-01-25 16:55 ` H.J. Lu
2018-01-25 18:26 ` Joseph Myers
2018-01-25 19:21 ` H.J. Lu
2018-01-25 16:37 ` Carlos O'Donell
2018-01-25 16:38 ` Florian Weimer
2017-12-18 17:37 ` [PATCH 1/2] Linux/x86: Update cancel_jmp_buf to match __jmp_buf_tag [BZ #22563] Joseph Myers
2017-12-18 21:19 ` H.J. Lu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e7e3e22f-2bf7-eb69-e114-ae4352d816bb@redhat.com \
--to=fweimer@redhat.com \
--cc=hjl.tools@gmail.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).