From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 112424 invoked by alias); 8 Feb 2017 12:27:55 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 112402 invoked by uid 89); 8 Feb 2017 12:27:54 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=H*MI:sk:217a8c1, H*f:sk:217a8c1, H*i:sk:217a8c1 X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 08 Feb 2017 12:27:53 +0000 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2C3E93B713; Wed, 8 Feb 2017 12:27:53 +0000 (UTC) Received: from [127.0.0.1] (ovpn04.gateway.prod.ext.ams2.redhat.com [10.39.146.4]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v18CRp1n005725; Wed, 8 Feb 2017 07:27:52 -0500 Subject: Re: [PATCH V7] amd64-mpx: initialize bnd register before performing inferior calls. To: "Tedeschi, Walfred" , qiyaoltc@gmail.com, brobecker@adacore.com References: <1485875613-31975-1-git-send-email-walfred.tedeschi@intel.com> <53d42bb6-3b83-6213-4087-6d30e7d837de@redhat.com> <217a8c13-b7d0-7fe6-56b5-85ff53ce097a@intel.com> Cc: gdb-patches@sourceware.org From: Pedro Alves Message-ID: <88c7180f-8843-a148-425a-2adf56c6d0bf@redhat.com> Date: Wed, 08 Feb 2017 12:27:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <217a8c13-b7d0-7fe6-56b5-85ff53ce097a@intel.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-SW-Source: 2017-02/txt/msg00183.txt.bz2 On 02/07/2017 08:56 AM, Tedeschi, Walfred wrote: > On 01/31/2017 03:13 PM, Walfred Tedeschi wrote: >>> This patch initializes the bnd registers before executing the inferior >>> call. BND registers can be in arbitrary values at the moment of the >>> inferior call. In case the function being called uses as part of the >>> parameters bnd register, e.g. when passing a pointer as parameter, the >>> current value of the register will be used. This can cause boundary >>> violations that are not due to a real bug or even desired by the user. >>> In this sense the best to be done is set the bnd registers to allow >>> access to the whole memory, i.e. initialized state, before pushing the >>> inferior call. >> This explains the reason for clearing better ... > Yes, it was my intention. Do you see value to have the patch in then? I think I do. For passing local pointers to some function, it might be that GDB could be able to figure out which bound registers contains the bound for a given variable, or if spilled, where to find then, and set up the call to use the right bounds, but I have no idea of how to retrieve that information. I suspect that it's not a mapping we could retrieve from the dwarf? And then there's also the case of passing pointers to global variables, and pointers to memory that gdb malloc's into the inferior, like for array/string coercion: (gdb) p strlen ("hello") this will alloc a block of memory in the inferior for "hello", by calling malloc in the inferior. If strlen is compiled to do BND checks, would we need to setup the BND registers to the range of the pointer returned by malloc ? I've not used BND myself, so I don't have any experience with it. But my impression is that disabling BND for infcalls makes infcalls work again on BND-enabled systems, and that we could perhaps try to do something smart to re-enable it in some infcall cases, if there's sufficient benefit. Now, a question is: could this auto-clearing of BND registers get in the way of some use cases? E.g., could a user want to poke at the BND registers manually before calling a function in the inferior, in order to debug BND-related code. If so, that may call for a new option users could tweak if necessary. Thanks, Pedro Alves