This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PING][PATCH] Segfault while unwinding an invalid function pointer
- From: Jakub Jelinek <jakub at redhat dot com>
- To: eberlein at us dot ibm dot com
- Cc: gcc-patches at gcc dot gnu dot org
- Date: Mon, 5 Nov 2007 19:01:39 -0500
- Subject: Re: [PING][PATCH] Segfault while unwinding an invalid function pointer
- References: <470D384A.5060302@linux.vnet.ibm.com> <472257C7.9050608@linux.vnet.ibm.com> <18211.7927.465759.15249@zebedee.pink> <47265B9E.1020106@linux.vnet.ibm.com> <4726675E.9020605@linux.vnet.ibm.com> <472FA96C.70600@linux.vnet.ibm.com>
- Reply-to: Jakub Jelinek <jakub at redhat dot com>
On Mon, Nov 05, 2007 at 03:38:20PM -0800, Pete Eberlein wrote:
> Daniel Jacobowitz <drow@false.org> wrote on 11/03/2007 10:58:51 AM:
> > Is there anything besides read/write we can take advantage of for the
> > same effect?
>
> I looked through system calls again, and mlock() caught my eye. Now I
> think this is the perfect candidate for checking for invalid memory,
> since it accepts a pointer and a size to lock. If the lock is
> successful, simply unlock and continue. If the lock is unsuccessful,
> make sure errno is ENOMEM to verify that the "address range specified by
> the addr and len arguments does not correspond to valid mapped pages in
> the address space of the process." [man mlock]
>
> Errno would need to be saved and restored. No problem.
>
> The only side effect I can see is that any call frame addresses
> processed by the x86_64_fallback_frame_state function will be unlocked.
> The munlock function will alawys unlock regardless of the number of
> times mlock was called for a memory range. So if the address was locked
> by user code, it would be unlocked after backtrace. Would this be a
> deal-breaker?
mlock is a bad syscall. It can be protected by SELinux or other security
layer, you could be out of limit for the amount of lockable memory if
non-root, and some programs really could have .text segments mlocked into
memory on purpose.
For Linux, what about
int dummy = 0;
syscall (SYS_futex, &dummy, FUTEX_WAIT, 1, address_to_check_if_readable)
?
This should always return -1, with errno having the important info.
The first thing kernel will do is copy struct timeval from
address_to_check_if_readable into the kernel, if that fails, errno
will have EFAULT. If it can be read, errno ought to be EWOULDBLOCK
(because dummy != 1).
For recent kernels to make this even faster you could use
int dummy = 0;
syscall (SYS_futex, &dummy, FUTEX_WAIT|FUTEX_PRIVATE_FLAG, 1, address_to_check_if_readable)
and if that sets errno to ENOSYS, then note in some static var that
FUTEX_PRIVATE_FLAG is not supported and retry without that flag (and
from that point on in that process only use FUTEX_WAIT rather than
FUTEX_WAIT|FUTEX_PRIVATE_FLAG.
Jakub