This is the mail archive of the gdb-prs@sources.redhat.com mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

breakpoints/1639: Stepi over sigreturn syscall exits program

From: ac131313 at redhat dot com
To: gdb-gnats at sources dot redhat dot com
Date: 9 May 2004 17:20:29 -0000
Subject: breakpoints/1639: Stepi over sigreturn syscall exits program
Reply-to: ac131313 at redhat dot com

>Number:         1639
>Category:       breakpoints
>Synopsis:       Stepi over sigreturn syscall exits program
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun May 09 17:28:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Andrew Cagney
>Release:        2004-05-09
>Organization:
>Environment:
most?
>Description:
Background:

Most architectures (within the kernel) implement single-step by setting a bit in the PS register and then doing a "continue".

When delivering a signal the inferior's register state is pushed onto the stack and then the inferior is resumed at the signal trampoline (or signal handler).  That register state includes the PS register (and its single-step bit).

When returning from a signal (by the trampoline executing a sigreturn syscall) the registers (including PS and that single-step bit are restored).

Bug:

Many kernels, when "stepping" or "continuing" across the sigreturn syscall, don't propogate the single-step bit to the restored state.  They instead just pick up single-step bit found in the PS register pushed onto the stack.

This leads to breakage such as:

(gdb) stepi
<signal handler called>
1: x/i $pc  0x7fffefe4: sc
(gdb) stepi
Program exited normally.
(gdb) KFAIL: gdb.base/sigstep.exp: stepi out of signal trampoline (program exited)

where the set single-step gets lost (overridden by the cleared bit restored from the on-stack PS register).

The reverse, where a signal return spontaneously triggers a SIGTRAP, can also occure.

Comments:

In addition to fixing the kernel, GDB could do things like patch the saved PS register's single-step bit, or insert a breakpoint at the signal-trampoline's return address.

This trust of the user-space PS register also points to potential security problems (I know historically there have been problems).
>How-To-Repeat:

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]