From: Antoine Tremblay <antoine.tremblay@ericsson.com>
To: Antoine Tremblay <antoine.tremblay@ericsson.com>
Cc: Yao Qi <qiyaoltc@gmail.com>, Pedro Alves <palves@redhat.com>,
<gdb-patches@sourceware.org>
Subject: Re: [PATCH 0/9 V3] Use reinsert breakpoint for vCont;s
Date: Fri, 25 Nov 2016 13:35:00 -0000 [thread overview]
Message-ID: <wwokpoljy96u.fsf@ericsson.com> (raw)
In-Reply-To: <wwokr35zya7o.fsf@ericsson.com>
Antoine Tremblay writes:
> Antoine Tremblay writes:
>
>> Yao Qi writes:
>>
>>> On Mon, Nov 21, 2016 at 10:34:44AM -0500, Antoine Tremblay wrote:
>>>> > Thread 1 either sees the original instruction on address A or the
>>>> > breakpoint instruction. Unless ptrace read/write 32-bit is not
>>>> > atomic, IOW, partial ptrace write result is visible to other
>>>> > threads, I don't see why we get SIGILL here.
>>>>
>>>> I think this is the problem, ptrace read/write doesn't seem to be
>>>> atomic, and thread 1 sees some half written memory. (Given that we get
>>>> SIGILL/SIGSEGV issues)
>>>
>>> We need to check in linux-arm-kernel@.
>>>
>>>>
>>>> Did you have any reference suggesting it was atomic ?
>>>>
>>>
>>> No.
>>>
>>>> While testing it seems to be atomic for 32bit writes but in thumb mode
>>>> with a 16 byte write, it is not.
>>>
>>> I think you meant "16 bit write". Why is that?
>>>
>>
>> Yes 16 bit write sorry, because it can write a thumb breakpoint :
>> 0xde01.
>>
>>>>
>>>> Given the SIGILL/SIGSEG I get maybe that one is 2 writes of 1 byte ?
>>>> I'll have to dig in the ptrace code I guess.
>>>>
>>>
>>> It is good to get some a clear answer instead of ambiguous speculation.
>>> I think we need to ask in linux-arm-kernel@
>>
>> Did you see my follow up email ? :
>> https://sourceware.org/ml/gdb-patches/2016-11/msg00681.html
>>
>> Also, I think this will become a moot point in the patch I'm about to
>> post since:
>>
>> To install a single step breakpoint on a thread GDBServer needs to make sure
>> that there is not a breakpoint at the thread's current pc, since it
>> can't determine what is the next_pc of a breakpoint instruction.
>>
>> Usually for stepping over it's OK since it's stopped at pc X and it
>> will install a single-step breakpoint at pc X + next_pc_offset.
>>
>> So need_step_over returns true and GDBServer starts a step_over process,
>> which removes all breakpoints, installs a single-step breakpoint on the
>> nextpc and resumes.
>>
>> But in this case it is installing single-step breakpoints in threads at
>> different pcs then the one we're stopped, so the step-over process is
>> not triggered and it should not be.
>>
>> So GDBSever does not take care to remove all breakpoints like is the
>> case in the step-over process. Because of that it can try to install a
>> single-step breakpoint where there is already a breakpoint in memory and
>> thus break get_next_pc and install a breakpoint at an invalid location.
>>
>> Consider this case:
>>
>> in non-stop, thread 1-3 are stepping in a loop similar to
>> non-stop-fair-events test.
>>
>> - thread 1 hits its single-step breakpoint at pc A.
>> - delete its single-step breakpoint.
>> - a check for need_step_over is done, but there's no breakpoint at pc A
>> anymore, and nobody is stopped there anyway so it returns false.
>> - proceed_one_lwp is called on each thread.
>>
>> Now here is the problem:
>>
>> thread 1 is at pc A
>> thread 2 is at pc B
>>
>> B is a branch to A.
>>
>> thread 1 installs a single-step breakpoint at pc B since it's range stepping.
>> thread 2 does not have a single step breakpoint but needs one installed.
>>
>> - proceed_one_lwp finds that it needs to install a single-step
>> breakpoint on thread 2.
>>
>> - It calls install_single_step_breakpoints, which calls get_next_pc.
>>
>> - get_next_pc reads the current instruction in memory at pc B, but
>> since it's a breakpoint, it missinterprets the instruction, you can't
>> step over a breakpoint like that anyway, but this is what happens
>> now.
>>
>> A single-step breakpoint is now inserted at an invalid location.
>>
>> So my approch in my patch is to fix this by always removing all
>> breakpoints and fast_tracepoints_jumps, like we do in start_step_over
>> before calling install_software_single_step.
>>
>> This makes the breakpoint installation a multiple steps process and thus
>> can't be atomic.
>>
>> WDYT ?
>>
>> Thanks,
>> Antoine
>
> In fact thinking more about this we may need to remove all breakpoints
> at any pc since get_next_pc may read memory in other places then the
> current pc to deal with atomic sequences for example or for other
> instructions too.
>
> If it reads a breakpoint in memory there it may come-up with an invalid
> next pc.
>
> This is a problem with the current step-over logic too.
>
> So we would either need to be able to read past any
> breakpoint/fast_tracepoint_jump... anywhere
> or uninstall everything before calling get_next_pc.
>
> I'm not sure which one is best at the moment, opinions on this are
> welcome.
Sorry for what may seem like a monologue there, but we can't read past
breakpoitns etc all the time since we have know idea of the memory
aligment involved, we don't want to check around a single byte read to
see if it looks like a breakpoint.
So before any call to get_next_pc, we need to remove everthing, I'll
send a patch in that regard.
Thanks,
Antoine
next prev parent reply other threads:[~2016-11-25 13:35 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-30 14:09 Yao Qi
2016-06-30 14:09 ` [PATCH 6/9] Use enqueue_pending_signal in linux_resume_one_thread Yao Qi
2016-06-30 14:09 ` [PATCH 2/9] Create sub classes of 'struct breakpoint' Yao Qi
2016-06-30 14:09 ` [PATCH 4/9] Make reinsert_breakpoint thread specific Yao Qi
2016-06-30 14:09 ` [PATCH 8/9] Use reinsert_breakpoint for vCont;s Yao Qi
2016-07-01 15:07 ` Pedro Alves
2016-07-05 8:15 ` Yao Qi
2016-07-21 8:38 ` Yao Qi
2016-07-21 10:02 ` Pedro Alves
2016-06-30 14:09 ` [PATCH 7/9] Enqueue signal even when resuming threads Yao Qi
2016-07-01 15:06 ` Pedro Alves
2016-07-01 16:45 ` Yao Qi
2016-07-01 16:55 ` Pedro Alves
2016-07-01 17:01 ` Pedro Alves
2016-06-30 14:09 ` [PATCH 9/9] Support vCont s and S actions with software single step Yao Qi
2016-06-30 14:09 ` [PATCH 3/9] Refactor clone_all_breakpoints Yao Qi
2016-06-30 14:09 ` [PATCH 1/9] Pass breakpoint type in set_breakpoint_at Yao Qi
2016-06-30 14:09 ` [PATCH 5/9] Switch current_thread to lwp's thread in install_software_single_step_breakpoints Yao Qi
2016-07-21 11:18 ` [PATCH 0/9 V3] Use reinsert breakpoint for vCont;s Yao Qi
2016-11-14 19:14 ` Antoine Tremblay
2016-11-21 12:08 ` Yao Qi
[not found] ` <wwok37ikrgmq.fsf@ericsson.com>
2016-11-23 19:03 ` Antoine Tremblay
2016-11-24 21:55 ` Yao Qi
2016-11-25 12:22 ` Antoine Tremblay
2016-11-25 13:13 ` Antoine Tremblay
2016-11-25 13:35 ` Antoine Tremblay [this message]
2016-11-25 13:44 ` Pedro Alves
2016-11-25 13:57 ` Antoine Tremblay
2016-11-25 14:28 ` Antoine Tremblay
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=wwokpoljy96u.fsf@ericsson.com \
--to=antoine.tremblay@ericsson.com \
--cc=gdb-patches@sourceware.org \
--cc=palves@redhat.com \
--cc=qiyaoltc@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox