This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Stack unwinding requirements (was: Re: [PATCH 03/13] posix: Consolidate Linux nanosleep syscall)

From: Florian Weimer <fweimer at redhat dot com>
To: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>
Cc: libc-alpha at sourceware dot org
Date: Mon, 15 May 2017 11:43:04 +0200
Subject: Stack unwinding requirements (was: Re: [PATCH 03/13] posix: Consolidate Linux nanosleep syscall)
Authentication-results: sourceware.org; auth=none
Authentication-results: ext-mx09.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-results: ext-mx09.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=fweimer at redhat dot com
Dkim-filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 210BA4E4C8
Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 210BA4E4C8
References: <1494611894-9282-1-git-send-email-adhemerval.zanella@linaro.org> <1494611894-9282-3-git-send-email-adhemerval.zanella@linaro.org> <542c0cac-682d-5df9-19b6-ef57a8a4cf8f@redhat.com> <804d5ec5-84a8-7b70-369e-79e7e8356907@linaro.org>

On 05/12/2017 08:30 PM, Adhemerval Zanella wrote:



On 12/05/2017 15:21, Florian Weimer wrote:

On 05/12/2017 07:58 PM, Adhemerval Zanella wrote:

+++ b/nptl/Makefile

+CFLAGS-nanosleep.c = -fexceptions -fasynchronous-unwind-tables

+++ b/posix/Makefile

+CFLAGS-nanosleep.c = -fexceptions


Why the discrepancy?  I suppose both implementations could be called in a multi-threaded program.


I do not recall a reason why these are different, I will set both to
-fexceptions -fasynchronous-unwind-tables.  AFAIK -fexception is the
required flag for cancelable syscall to work correctly, while
-fasynchronous-unwind-tables is make it work also through signals
(not really sure though).  So I would say to be safe we should set
both.

glibc itself no longer uses the libgcc unwinder and the__gcc_personality_v0 personality routine. As far as I know, the C frontend never supported exceptions in this way, and we have since removedall assembly routines which used this functionality.

The replacement is a chain list of cleanup routines, rooted in athread-local variable. Cleanup code is specified by function pointerson the stack. From a security perspective, this is far worse thanunwinding based on tables stored in read-only memory. We can likelyobfuscate the function pointers (like we do for setjmp buffers), butthat's it.

Technically, __gcc_personality_v0 is part of the ABI, so there couldstill be user code out there that uses it. And of course, Ada and C++code which is called from glibc code (or which runs from a signalhandler that interrupts glibc code) could have stack frames with crucialunwinding information when thread cancellation happens.

In order to reach those stack frames, the cancellation code needs tounwind through glibc code. This could be any code in glibc which callsa function which is a cancellation point.

Based on that, I think we should compile all of glibc with unwindingsupport, and considering that asynchronous cancellation can happenthrough synchronous cancellation within signal handlers, we need both-fexceptions *and* -fasynchronous-unwind-tables.


Comments?

Thanks,
Florian

Follow-Ups:
- Re: Stack unwinding requirements (was: Re: [PATCH 03/13] posix: Consolidate Linux nanosleep syscall)
  - From: Joseph Myers

References:
- [PATCH 01/13] posix: Consolidate Linux pause syscall
  - From: Adhemerval Zanella
- [PATCH 03/13] posix: Consolidate Linux nanosleep syscall
  - From: Adhemerval Zanella
- Re: [PATCH 03/13] posix: Consolidate Linux nanosleep syscall
  - From: Florian Weimer
- Re: [PATCH 03/13] posix: Consolidate Linux nanosleep syscall
  - From: Adhemerval Zanella

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]