From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-bounces~public-inbox=simark.ca@sourceware.org>
Received: from simark.ca
	by simark.ca with LMTP
	id boTsJS+Wgmf/wwoAWB0awg
	(envelope-from <gdb-patches-bounces~public-inbox=simark.ca@sourceware.org>)
	for <public-inbox@simark.ca>; Sat, 11 Jan 2025 11:02:55 -0500
Authentication-Results: simark.ca;
	dkim=pass (1024-bit key; unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=VyAvb6HC;
	dkim=pass header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=8aswyzvE;
	dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=VyAvb6HC;
	dkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=8aswyzvE;
	dkim-atps=neutral
Received: by simark.ca (Postfix, from userid 112)
	id 900B31E0C0; Sat, 11 Jan 2025 11:02:55 -0500 (EST)
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on simark.ca
X-Spam-Level: 
X-Spam-Status: No, score=-5.4 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_MED autolearn=unavailable autolearn_force=no
	version=4.0.0
Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256)
	(No client certificate requested)
	by simark.ca (Postfix) with ESMTPS id EA5071E05C
	for <public-inbox@simark.ca>; Sat, 11 Jan 2025 11:02:54 -0500 (EST)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 748193858431
	for <public-inbox@simark.ca>; Sat, 11 Jan 2025 16:02:54 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 748193858431
Authentication-Results: sourceware.org;
	dkim=pass (1024-bit key, unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=VyAvb6HC;
	dkim=pass header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=8aswyzvE;
	dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=VyAvb6HC;
	dkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=8aswyzvE
Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130])
 by sourceware.org (Postfix) with ESMTPS id B2C153858280
 for <gdb-patches@sourceware.org>; Sat, 11 Jan 2025 16:01:47 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org B2C153858280
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=suse.de
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=suse.de
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org B2C153858280
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=195.135.223.130
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1736611307; cv=none;
 b=Ul7qTQ2xSFXVxfxYl6bmmHiMe9jmiS3pecH3Gvg+DebGdfe9TJeRRbT0C1GA13HWz3+I9DH9EiZjejVCITk4Rv1AqLIMuAHsWOVZxN0uQDyq1EmTMq7Bw33I7PM+tAC56PtaSuGVTzFbvHux8OO4YwnGfnfVpSN3kbcWOjodW/8=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1736611307; c=relaxed/simple;
 bh=p1IJyqHwrnb0HAvXECg/+ziqwPpovi7WcXCx+esoqEk=;
 h=DKIM-Signature:DKIM-Signature:DKIM-Signature:DKIM-Signature:
 Message-ID:Date:MIME-Version:Subject:To:From;
 b=N2sXd+Ave/qDFob3zbCeCd11kepKXHjoVQGkTL/lhNZTZh7lJDJ6hIMhO2yQ5/Rfpz3tigijRcAy3sTtNeXNXsXMHfdTD9XI4doHiXZ11oSTjIq79ZGFm4Vw0Rvb+jxwmP1HLdj0p2G6WUGvb2BuJf2x8yAKtKz2Zq2wzWa5/j4=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B2C153858280
Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (No client certificate requested)
 by smtp-out1.suse.de (Postfix) with ESMTPS id 412F221165;
 Sat, 11 Jan 2025 16:01:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
 t=1736611306; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
 mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=oxFC1f0qsLiNsq2m8mp5YHRWl4diulGTLNZbydO07PM=;
 b=VyAvb6HCE+JpJuLR0nmnsw8JYpezfJ6CZYKsX25XFMklVPusTuDAwiocjgc3rR0ggrYXMl
 57dfPCJCmcupJvIbFftCV9/IFFwSI3ojTR0/W6/1rQtbN5lu2As9h7AyunIufO5PtTX40W
 WmF75VRgOeZueLlG+95pJBn7lXjDjI8=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
 s=susede2_ed25519; t=1736611306;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
 mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=oxFC1f0qsLiNsq2m8mp5YHRWl4diulGTLNZbydO07PM=;
 b=8aswyzvEgFy6WnN7cCsJ16W/BQFsQ03nFIQE9PZbiXYUc/YvRh2x6fAOJAgRreRjsN14SY
 BBMTMKSBxZlXHWAQ==
Authentication-Results: smtp-out1.suse.de;
	none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
 t=1736611306; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
 mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=oxFC1f0qsLiNsq2m8mp5YHRWl4diulGTLNZbydO07PM=;
 b=VyAvb6HCE+JpJuLR0nmnsw8JYpezfJ6CZYKsX25XFMklVPusTuDAwiocjgc3rR0ggrYXMl
 57dfPCJCmcupJvIbFftCV9/IFFwSI3ojTR0/W6/1rQtbN5lu2As9h7AyunIufO5PtTX40W
 WmF75VRgOeZueLlG+95pJBn7lXjDjI8=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
 s=susede2_ed25519; t=1736611306;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
 mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=oxFC1f0qsLiNsq2m8mp5YHRWl4diulGTLNZbydO07PM=;
 b=8aswyzvEgFy6WnN7cCsJ16W/BQFsQ03nFIQE9PZbiXYUc/YvRh2x6fAOJAgRreRjsN14SY
 BBMTMKSBxZlXHWAQ==
Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (No client certificate requested)
 by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 0F3C5139AB;
 Sat, 11 Jan 2025 16:01:46 +0000 (UTC)
Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])
 by imap1.dmz-prg2.suse.org with ESMTPSA id QCz6AeqVgmdkdwAAD6G6ig
 (envelope-from <tdevries@suse.de>); Sat, 11 Jan 2025 16:01:46 +0000
Message-ID: <28934663-54a6-47cf-8d30-dace9cde8d20@suse.de>
Date: Sat, 11 Jan 2025 17:01:37 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH 2/2] GDB: Use gdb::array_view for buffers used in register
 reading and unwinding
To: Thiago Jung Bauermann <thiago.bauermann@linaro.org>
Cc: Simon Marchi <simark@simark.ca>, gdb-patches@sourceware.org,
 "Aktemur, Tankut Baris" <tankut.baris.aktemur@intel.com>,
 "Maciej W. Rozycki" <macro@orcam.me.uk>
References: <20250110164430.3376697-1-thiago.bauermann@linaro.org>
 <20250110164430.3376697-3-thiago.bauermann@linaro.org>
 <321e71e0-43de-4604-bb7e-34f6f64b83bf@simark.ca> <871pxa9udr.fsf@linaro.org>
 <347ca2f6-aa4a-4f08-8675-a8f0bce65e93@suse.de> <87ikql8ibi.fsf@linaro.org>
Content-Language: en-US
From: Tom de Vries <tdevries@suse.de>
In-Reply-To: <87ikql8ibi.fsf@linaro.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spamd-Result: default: False [-4.30 / 50.00]; BAYES_HAM(-3.00)[100.00%];
 NEURAL_HAM_LONG(-1.00)[-1.000];
 NEURAL_HAM_SHORT(-0.20)[-0.995]; MIME_GOOD(-0.10)[text/plain];
 MID_RHS_MATCH_FROM(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[];
 MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; TO_DN_SOME(0.00)[];
 RCVD_TLS_ALL(0.00)[];
 DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519];
 FUZZY_BLOCKED(0.00)[rspamd.com]; FROM_HAS_DN(0.00)[];
 RCPT_COUNT_FIVE(0.00)[5]; FROM_EQ_ENVFROM(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2];
 DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:email,suse.de:mid]
X-BeenThere: gdb-patches@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Gdb-patches mailing list <gdb-patches.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/gdb-patches>,
 <mailto:gdb-patches-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/gdb-patches>,
 <mailto:gdb-patches-request@sourceware.org?subject=subscribe>
Errors-To: gdb-patches-bounces~public-inbox=simark.ca@sourceware.org

On 1/11/25 16:46, Thiago Jung Bauermann wrote:
> 
> Hello Tom,
> 
> Tom de Vries <tdevries@suse.de> writes:
> 
>> On 1/10/25 23:28, Thiago Jung Bauermann wrote:
>>> +      gdb_assert (buffer.size () >= value->type ()->length ());
>>> +
>>
>> This causes a regression on s390x-linux for test-case gdb.base/return.exp:
>> ...
>> (gdb) PASS: gdb.base/return.exp: continue to return of -5
>> return 5^M
>> Make func2 return now? (y or n) y^M
>> /home/vries/gdb/src/gdb/frame.c:1207: internal-error: frame_register_unwind: Assertion
>> `buffer.size () >= value->type ()->length ()' failed.^M
>> A problem internal to GDB has been detected,^M
>> further debugging may prove unreliable.^M
>> ----- Backtrace -----^M
>> FAIL: gdb.base/return.exp: return value 5 (GDB internal error)
>> ...
>>
>> Before the commit, the test-case produces a fail, but doesn't assert:
>> ...
>> (gdb) PASS: gdb.base/return.exp: continue to return of -5
>> return 5^M
>> Make func2 return now? (y or n) y^M
>> value has been optimized out^M
>> (gdb) FAIL: gdb.base/return.exp: return value 5
>> ...
>>
>> Concretely, we're trying to read machine register r11, which according to the CFI is saved
>> in dwarf register 16:
>> ...
>>    DW_CFA_register: r11 in r16 (f0)
>> ...
>>
>> Dwarf register 16 corresponds to f0 / v0 according to the ABI, and since v0 is available,
>> v0 is picked by s390_dwarf_reg_to_regnum.
>>
>> The assert then fails because the buffer that should hold the value of 8 byte register
>> r11:
>> ...
>> (gdb) p buffer.size ()
>> $1 = 8
>> ...
>> is smaller than the size of register v0:
>> ...
>> (gdb) p value->type ()->length ()
>> $2 = 16
>> ...
>>
>> Removing the assert reverts back to previous behaviour.
> 
> Thank you for debugging the issue! So memcpy was overflowing the
> buffer. Nice to see the assert in action. :)
> 

Hi Thiago,

thanks for the quick review.

Not the memcpy, but the memset, because the optimized out branch was 
activated, but buffer overflow indeed.

>> Properly fixing this requires us to only look at the part that is relevant, copying the
>> value from there, and checking for optimized out and unavailable only there.
>>
>> This worked for s390x-linux:
>> ...
>> diff --git a/gdb/frame.c b/gdb/frame.c
>> index 10a32dcd896..02583857019 100644
>> --- a/gdb/frame.c
>> +++ b/gdb/frame.c
>> @@ -1193,8 +1193,14 @@ frame_register_unwind (const frame_info_ptr &next_frame, int
>> regnum,
>>
>>     gdb_assert (value != NULL);
>>
>> -  *optimizedp = value->optimized_out ();
>> -  *unavailablep = !value->entirely_available ();
>> +  if (value->lazy ())
>> +    value->fetch_lazy ();
>> +
>> +  *optimizedp
>> +    = value->bits_any_optimized_out (value->offset () * 8,
>> +				     buffer.size () * 8);
>> +  *unavailablep
>> +    = !value->bytes_available (value->offset (), buffer.size ());
>>     *lvalp = value->lval ();
>>     *addrp = value->address ();
>>     if (*lvalp == lval_register)
>> @@ -1204,13 +1210,17 @@ frame_register_unwind (const frame_info_ptr &next_frame, int
>> regnum,
>>
>>     if (!buffer.empty ())
>>       {
>> -      gdb_assert (buffer.size () >= value->type ()->length ());
>> +      gdb_assert (buffer.size ()
>> +		  <= value->type ()->length () - value->offset ());
> 
> It should be '>=' above.
> 

That doesn't work unfortunately:
- buffer.size () is 8
- value->type ()->length () is 16
- value->offset () == 0

So we'd have gdb_assert (8 >= 16).

FWIW, I've tried out a less intrusive fix which also works:
...
diff --git a/gdb/frame.c b/gdb/frame.c
index 10a32dcd896..96e0752888f 100644
--- a/gdb/frame.c
+++ b/gdb/frame.c
@@ -1191,6 +1191,19 @@ frame_register_unwind (const frame_info_ptr 
&next_frame, int regnum,

    value = frame_unwind_register_value (next_frame, regnum);

+  frame_info_ptr this_frame = get_prev_frame (next_frame);
+  struct gdbarch *gdbarch = frame_unwind_arch (this_frame);
+  size_t reg_size = register_size (gdbarch, regnum);
+
+  if (value->type ()->length () > reg_size)
+    {
+      struct value *part_val
+	= value::allocate_register (this_frame, regnum);
+      value->contents_copy (part_val, 0, value->offset (), reg_size);
+      release_value (value);
+      value = part_val;
+    }
+
    gdb_assert (value != NULL);

    *optimizedp = value->optimized_out ();
...
but I have doubts whether reg_size is correct in case gdbarch changes 
between frames and register sizes are different.

Thanks,
- Tom

>>         if (!*optimizedp && !*unavailablep)
>> -	memcpy (buffer.data (), value->contents_all ().data (),
>> -		value->type ()->length ());
>> +	{
>> +	  auto value_part
>> +	    = value->contents_all ().slice (value->offset (), buffer.size ());
>> +	  memcpy (buffer.data (), value_part.data (), buffer.size ());
>> +	}
>>         else
>> -	memset (buffer.data (), 0, value->type ()->length ());
>> +	memset (buffer.data (), 0, buffer.size ());
>>       }
>>
>>     /* Dispose of the new value.  This prevents watchpoints from
>> ...
> 
> Thank you for the patch! With the fix in the assert comparison:
> 
> Reviewed-by: Thiago Jung Bauermann <thiago.bauermann@linaro.org>
> 
> --
> Thiago