From: "Ulrich Weigand" <uweigand@de.ibm.com>
To: gdb-patches@sourceware.org
Subject: longjmp handling vs. glibc LD_POINTER_GUARD problems
Date: Wed, 14 May 2008 18:24:00 -0000 [thread overview]
Message-ID: <200805141800.m4EI0IHe006471@d12av02.megacenter.de.ibm.com> (raw)
Hello,
since the recent "stepping over longjmp" patches went in,
I'm seeing test suite failures in longjmp.exp on s390, spu,
and powerpc -- because none of those platforms actually
implement get_longjmp_target.
While I was trying to implement the missing routines, I ran
into a problem: on current glibcs, the return address as
stored in the jmp_buf is actually "mangled", i.e. XORed
with a magic "pointer guard" value. This is apparently
intended to provide some protection against buffer overflow
attacks ...
To implement implement get_longjmp_target I'd have to retrieve
that guard value and demangle the pointers. This is of course
possible in principle -- but this assumes that the details of
where to find the guard value (typically somewhere in the
thread control block header) remain fixed across glibc versions.
I'm not sure we can actually rely on that. I couldn't find any
exported glibc mechanism to retrieve this value in a supported
way either ...
I'm now wondering how we should handle this. Should be
implement an ad-hoc solution to retrieve the guard, which
may break in the future if glibc changes? Should we require
use of LD_POINTER_GUARD=0 (which switches off the pointer
guard mechanism) to enable debugging? Am I overlooking some
defined interface to get at the value?
Why are we using the get_longjmp_target mechanism instead of
just stepping through longjmp until we see where we come out?
I'd appreciate your thoughts on this ...
Thanks,
Ulrich
--
Dr. Ulrich Weigand
GNU Toolchain for Linux on System z and Cell BE
Ulrich.Weigand@de.ibm.com
next reply other threads:[~2008-05-14 18:01 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-14 18:24 Ulrich Weigand [this message]
2008-05-14 19:14 ` Daniel Jacobowitz
2008-05-14 22:01 ` Ulrich Weigand
2008-05-14 19:17 ` Pedro Alves
2008-05-17 14:00 ` Pedro Alves
2008-05-21 4:20 ` [patch] " Pedro Alves
2008-05-22 0:11 ` Ulrich Weigand
2008-05-22 0:14 ` Pedro Alves
2008-05-22 15:20 ` Pedro Alves
2008-05-22 15:34 ` Daniel Jacobowitz
2008-05-22 16:17 ` Pedro Alves
2008-05-22 16:38 ` Ulrich Weigand
2008-05-22 17:03 ` [patch] Re: longjmp handling vs. glibc LD_POINTER_GUARD ?problems Daniel Jacobowitz
2008-05-22 16:29 ` [patch] Re: longjmp handling vs. glibc LD_POINTER_GUARD problems Ulrich Weigand
2008-05-22 3:14 ` Daniel Jacobowitz
2008-05-14 23:03 ` David Miller
2008-05-15 0:39 ` Daniel Jacobowitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200805141800.m4EI0IHe006471@d12av02.megacenter.de.ibm.com \
--to=uweigand@de.ibm.com \
--cc=gdb-patches@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox