This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Segfault while unwinding an invalid function pointer

From: Andi Kleen <andi at firstfloor dot org>
To: Pete Eberlein <eberlein at linux dot vnet dot ibm dot com>
Cc: gcc-patches at gcc dot gnu dot org
Date: Thu, 31 Jan 2008 11:48:18 +0100
Subject: Re: [PATCH] Segfault while unwinding an invalid function pointer
References: <47A0F9FA.9000903@linux.vnet.ibm.com.suse.lists.egcs-patches>

Pete Eberlein <eberlein@linux.vnet.ibm.com> writes:

> Hello, I am resubmitting this patch for review.  To recap, when the
> Backtrace function is called from a signal handler as a result of
> invalid function pointer call, the unwinding code will itself raise
> segv.  This was first reported in
> http://gcc.gnu.org/ml/gcc/2007-06/msg00329.html
>
> This fix is for x86_64 and uses the mincore function determine if a
> memory range is "safe" before attempting to read it, so that the
> MD_FALLBACK_FRAME_STATE_FOR function will not segfault.  If the memory
> range is invalid, it is determined to be a invalid function pointer
> call and the cfa is adjusted accordingly.

mincore is racy because the page could be just munmaped by a different
thread in the window between the call and the access. The only way to make it 
safe would be to use mlock, but that might require root.

Better would be to install a signal handler and handle the exception.
Might be tricky to coordinate this with other signal handlers though.

-Andi

Follow-Ups:
- Re: [PATCH] Segfault while unwinding an invalid function pointer
  - From: Jakub Jelinek

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]