From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id 8URUK5dqfGnzMx0AWB0awg (envelope-from ) for ; Fri, 30 Jan 2026 03:23:51 -0500 Authentication-Results: simark.ca; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=VPnR3OFn; dkim-atps=neutral Received: by simark.ca (Postfix, from userid 112) id A26211E0DD; Fri, 30 Jan 2026 03:23:51 -0500 (EST) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on simark.ca X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_VALIDITY_CERTIFIED_BLOCKED, RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED autolearn=ham autolearn_force=no version=4.0.1 Received: from vm01.sourceware.org (vm01.sourceware.org [38.145.34.32]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id C5EC91E089 for ; Fri, 30 Jan 2026 03:23:50 -0500 (EST) Received: from vm01.sourceware.org (localhost [127.0.0.1]) by sourceware.org (Postfix) with ESMTP id 23DAC4BA23F0 for ; Fri, 30 Jan 2026 08:23:44 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 23DAC4BA23F0 Authentication-Results: sourceware.org; dkim=pass (1024-bit key, unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=VPnR3OFn Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTP id 68E0A4BA2E2B for ; Fri, 30 Jan 2026 08:23:17 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 68E0A4BA2E2B Authentication-Results: sourceware.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 68E0A4BA2E2B Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1769761397; cv=none; b=SUAeTXht4If64Oav04F8ozOUh3zLtJ3m18tcaSgbKMPF7YWC6w+VXff6fPfCBVMpivxGRxA2ovudcqEQawV+z0U/XmQ7vneNkei3X1yO0Rotx82Uwi5VKbHSUvqO0PmW3+dVX51gvlflk1oq8P9PxR5+PIn9/D4tpb0F+0TZWzQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1769761397; c=relaxed/simple; bh=7ZU8ZEuFGDt1BaozucONUkRAyG/t2uoFTORSiKXZom4=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=htha2HPuRNSqtR75u6AtH5n3QX8XlDSoElJvqL5n+exaMi1g7Plg1V1d5yvu32os2YX13DvlJiL8WALMAZ8zuasOAN0Jtr2SZCCBvhhsOq7bu8/pCHyeUEXDXRUJRvQhjviZBFES8BgwiVCqB24f8Gpkmj45qOL49MXJ1eeydtk= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 68E0A4BA2E2B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1769761397; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2KmCiooXSh7ypVPjW5OoX4wHRtbc2wm4TjPYvNO7t9c=; b=VPnR3OFnLjZ8RF5E8r2nib9yafPY8pDIlzQTjaLEJ1FnDNfoLGT8WEyQK+iXkql799xzqz IlMC1xjULsDS2BG+2Dh+VAWszQWG7GsBvFRubRLpdgVpPsMfi8Akp9fX7zdqVYdC+dT/OJ JGf2yad0+LKrg6bIlrtZU7L11Xkhx04= Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-363-WPNxbeSQNoOsGxpMYi1v8Q-1; Fri, 30 Jan 2026 03:23:15 -0500 X-MC-Unique: WPNxbeSQNoOsGxpMYi1v8Q-1 X-Mimecast-MFC-AGG-ID: WPNxbeSQNoOsGxpMYi1v8Q_1769761394 Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id A979A1956046 for ; Fri, 30 Jan 2026 08:23:14 +0000 (UTC) Received: from f43-1.lan (unknown [10.22.64.64]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id E552A19560A2; Fri, 30 Jan 2026 08:23:13 +0000 (UTC) From: Kevin Buettner To: gdb-patches@sourceware.org Cc: Kevin Buettner Subject: [PATCH] gcore: Handle unreadable pages within readable memory regions Date: Fri, 30 Jan 2026 01:22:13 -0700 Message-ID: <20260130082212.2002944-2-kevinb@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: nYeB3gXckW2xBjPUmDuAg1gnm12OzXWASqRVop8119k_1769761394 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit content-type: text/plain; charset="US-ASCII"; x-default=true X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gdb-patches-bounces~public-inbox=simark.ca@sourceware.org GLIBC 2.42 changed how thread stack guard pages are implemented [2]. In GLIBC 2.41 and earlier, guard pages were set up using mprotect() to mark guard regions with no permissions. Once configured, guard pages were visible as separate entries in /proc/PID/maps with no permissions (i.e. they're inaccessible). In GLIBC 2.42, guard pages are installed using the kernel's MADV_GUARD_INSTALL mechanism [1], which marks them at the page table entry (PTE) level within the existing mapping. As a consequence, guard pages do not appear as separate entries in /proc/PID/maps, but remain as part of the containing mapping. Moreover, thread stacks from multiple mmap() calls may be merged into a single virtual memory area (VMA) with read and write permissions since there's no guard page VMA to separate them. These guard pages cannot be distinguished by examining VMA listings but do return EIO when read from /proc/PID/mem. GDB's gcore code reads /proc/PID/smaps to discover memory regions and creates one BFD section per mapping. (On linux, this is performed in linux_find_memory_regions_full in linux-tdep.c.) With the old layout, memory areas with guard pages appeared separately with no permissions, which were filtered out. Each thread stack became its own section containing only readable data. With the new layout, using MADV_GUARD_INSTALL instead of the older mechanism, it's often the case that thread stacks created with multiple calls to mmap() are exposed as a single mapping appearing in /proc/PID/smaps with read and write permissions. Should that happen, GDB's code creates a single section covering all thread stacks and their guard pages. (Even if each thread stack appears in its own mapping, the fact remains that there will be an inaccessible portion of the mapping. When one or more thread stacks are coalesced into a single mapping, there will be several inaccessible "holes" representing the guard pages.) When gcore_copy_callback copies section contents, it reads memory in 1MB (MAX_COPY_BYTES) chunks. If any page in the chunk is a guard page, the call to target_read_memory() fails. The old code responded by breaking out of the copy loop, abandoning the entire section. This prevents correct copying of thread stack data, resulting in core files with zero-filled thread stacks, resulting in nearly empty backtraces. Fix this by falling back to page-by-page reading when a 1MB chunk read fails. Individual pages that cannot be read are filled with zeros, allowing the remaining readable memory to be captured. I also considered a simpler change using SPARSE_BLOCK_SIZE (4096) as the read size instead of MAX_COPY_BYTES (1MB). This would avoid the fallback logic but would cause up to 256x more syscalls. The proposed approach also allows meaningful warnings: we warn only if an entire region is unreadable (indicating a real problem), whereas per-page reads would make it harder to distinguish guard page failures from actual errors. Since guard pages are at offset 0 for downward-growing stacks, a large target_read_memory() fails early at the first unreadable byte anyway. With this fix, I see 16 failures resolved in the following test cases: gdb.ada/task_switch_in_core.exp gdb.arch/i386-tls-regs.exp gdb.threads/threadcrash.exp gdb.threads/tls-core.exp Looking at just one of these, from gdb.log without the fix, I see: thread apply 5 backtrace Thread 5 (LWP 3414829): #0 0x00007ffff7d1d982 in __syscall_cancel_arch () from /lib64/libc.so.6 #1 0x0000000000000000 in ?? () (gdb) FAIL: gdb.threads/threadcrash.exp: test_gcore: thread apply 5 backtrace And this is what it looks like with the fix in place (some paths have been shortened): thread apply 5 backtrace Thread 5 (Thread 0x7fffeffff6c0 (LWP 1282651) "threadcrash"): #0 0x00007ffff7d1d982 in __syscall_cancel_arch () from /lib64/libc.so.6 #1 0x00007ffff7d11c3c in __internal_syscall_cancel () from /lib64/libc.so.6 #2 0x00007ffff7d61b62 in clock_nanosleep@GLIBC_2.2.5 () from /lib64/libc.so.6 #3 0x00007ffff7d6db37 in nanosleep () from /lib64/libc.so.6 #4 0x00007ffff7d8008e in sleep () from /lib64/libc.so.6 #5 0x00000000004006a8 in do_syscall_task (location=NORMAL) at threadcrash.c:158 #6 0x0000000000400885 in thread_function (arg=0x404340) at threadcrash.c:277 #7 0x00007ffff7d15464 in start_thread () from /lib64/libc.so.6 #8 0x00007ffff7d985ac in __clone3 () from /lib64/libc.so.6 (gdb) PASS: gdb.threads/threadcrash.exp: test_live_inferior: thread apply 5 backtrace Regression testing on Fedora 42 (glibc 2.41) shows no new failures. References: [1] Linux commit 662df3e5c376 ("mm: madvise: implement lightweight guard page mechanism") https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=662df3e5c37666d6ed75c88098699e070a4b35b5 [2] glibc commit a6fbe36b7f31 ("nptl: Add support for setup guard pages with MADV_GUARD_INSTALL") https://sourceware.org/git/?p=glibc.git;a=commit;h=a6fbe36b7f31292981422692236465ab56670ea9 Claude Opus 4.5 and GLM 4.7 assisted with the development of this commit. Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=33855 --- gdb/gcore.c | 46 ++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 38 insertions(+), 8 deletions(-) diff --git a/gdb/gcore.c b/gdb/gcore.c index 5a3ad145d4c..6b36e6064ac 100644 --- a/gdb/gcore.c +++ b/gdb/gcore.c @@ -765,15 +765,45 @@ gcore_copy_callback (bfd *obfd, asection *osec) if (size > total_size) size = total_size; - if (target_read_memory (bfd_section_vma (osec) + offset, - memhunk.data (), size) != 0) + CORE_ADDR vma = bfd_section_vma (osec) + offset; + + if (target_read_memory (vma, memhunk.data (), size) != 0) { - warning (_("Memory read failed for corefile " - "section, %s bytes at %s."), - plongest (size), - paddress (current_inferior ()->arch (), - bfd_section_vma (osec))); - break; + /* Large read failed. This can happen when the memory region + contains unreadable pages (such as guard pages embedded within + a larger mapping). Fall back to reading page by page, filling + unreadable pages with zeros. */ + gdb_byte *p = memhunk.data (); + bfd_size_type remaining = size; + CORE_ADDR addr = vma; + bool at_least_one_page_read = false; + + while (remaining > 0) + { + bfd_size_type chunk_size + = std::min (remaining, (bfd_size_type) SPARSE_BLOCK_SIZE); + + if (target_read_memory (addr, p, chunk_size) != 0) + { + /* Failed to read this page. Fill with zeros. This + handles guard pages and other unreadable regions + that may exist within a larger readable mapping. */ + memset (p, 0, chunk_size); + } + else + at_least_one_page_read = true; + + p += chunk_size; + addr += chunk_size; + remaining -= chunk_size; + } + /* Warn only if the entire region was unreadable - this + indicates a real problem, not just embedded guard pages. */ + if (!at_least_one_page_read) + warning (_("Memory read failed for corefile " + "section, %s bytes at %s."), + plongest (size), + paddress (current_inferior ()->arch (), vma)); } if (!sparse_bfd_set_section_contents (obfd, osec, memhunk.data (), -- 2.52.0