From: "Schimpe, Christina via Gdb" <gdb@sourceware.org>
To: Florian Weimer <fweimer@redhat.com>
Cc: "Schimpe, Christina via Gdb" <gdb@sourceware.org>,
Thiago Jung Bauermann <thiago.bauermann@linaro.org>,
Tom Tromey <tom@tromey.com>
Subject: RE: Shadow stack backtrace command name
Date: Wed, 10 Jul 2024 09:07:35 +0000 [thread overview]
Message-ID: <SN7PR11MB7638EBBEA792F9364DB5BB5CF9A42@SN7PR11MB7638.namprd11.prod.outlook.com> (raw)
In-Reply-To: <87bk36zjda.fsf@oldenburg.str.redhat.com>
> >> * Christina via Gdb Schimpe:
> >>
> >> > However, based on the use cases that I am aware of, I am not sure
> >> > if the user wants to always see the shadow stack bt in the ordinary
> >> > bt output (if shadow stack is enabled).
> >>
> >> Based on my experiments, Linux currently does not push the
> >> instruction pointer onto the shadow stack if code is interrupted by a
> >> signal. It still works because the return mechanism is different.
> >> This would be a very visible difference between ordinary backtraces and
> shadow stack based backtraces.
> >> As far as I understand it, the kernel could change, and it may still
> >> be early enough to make this change.
> >
> > Could you explain a bit why and what you think the kernel will change ?
>
> I could imagine that an additional address is pushed onto the shadow stack
> when a signal is delivered, so that we can get a full backtrace across signal
> returns.
>
> > Just to be sure that I understand correctly:
>
> > Do you think that this different display for the ordinary and shadow
> > stack bt in case of signals is one argument more for displaying the
> > stacks together? How would this look like?
>
> Currently, it's not possible to use shadow stacks for backtraces because you
> won't be able to print the location after <signal handler called> line. At least
> that's what I encountered when I tried to use shadow stack for implementing
> the glibc backtrace function.
We are currently working on the implementation of the shadow stack backtrace.
This is how we would print a shadow stack backtrace for signals:
~~~
(gdb) bt shadow
#0 0x00007ffff7c54d90 in __restore_rt from /lib64/libc.so.6
#1 0x80007ffff79fffd8
#2 0x00007ffff7c54ce6 in __GI_raise at ../sysdeps/posix/raise.c:27
#3 0x000000000040115d in main at /tmp/amd64-shadow-stack-signal.c:32
[...]
~~~
The elements on the shadow stack are following the description of the linux
kernel for signals:
"When a signal happens, the old pre-signal state is pushed on the stack.
When shadow stack is enabled, the shadow stack specific state is pushed
onto the shadow stack. Today this is only the old SSP (shadow stack pointer),
pushed in a special format with bit 63 set."
(https://docs.kernel.org/arch/x86/shstk.html)
Frame 1 contains the old SSP with bit 63 set.
This would be the corresponding ordinary stack:
~~~
(gdb) bt
#0 handler (signo=10) at /tmp/amd64-shadow-stack-signal.c:25
#1 <signal handler called>
#2 __pthread_kill_implementation ([...]) at pthread_kill.c:44
#3 0x00007ffff7ca15f3 in __pthread_kill_internal (signo=10, threadid=<optimized out>) at pthread_kill.c:78
#4 0x00007ffff7c54ce6 in __GI_raise (sig=10) at ../sysdeps/posix/raise.c:26
#5 0x000000000040115d in main () at /tmp/amd64-shadow-stack-signal.c:31
~~~
Do you see much value in combining the outputs?
Christina
Intel Deutschland GmbH
Registered Address: Am Campeon 10, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de
Managing Directors: Sean Fennelly, Jeffrey Schneiderman, Tiffany Doon Silva
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928
next prev parent reply other threads:[~2024-07-10 9:08 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-20 9:42 Schimpe, Christina via Gdb
2023-12-20 10:59 ` Guinevere Larsen via Gdb
2023-12-20 15:11 ` Schimpe, Christina via Gdb
2023-12-20 11:38 ` Luis Machado via Gdb
2023-12-20 15:35 ` Schimpe, Christina via Gdb
2023-12-20 15:57 ` Luis Machado via Gdb
2023-12-21 4:35 ` Thiago Jung Bauermann via Gdb
2023-12-21 22:26 ` Shadow stack command to host related subcommands (was Re: Shadow stack backtrace command name) Thiago Jung Bauermann via Gdb
2024-01-09 8:34 ` Schimpe, Christina via Gdb
2023-12-23 18:22 ` Shadow stack backtrace command name Tom Tromey
2023-12-28 22:34 ` Thiago Jung Bauermann via Gdb
2024-01-09 10:21 ` Schimpe, Christina via Gdb
2024-07-05 18:16 ` Florian Weimer via Gdb
2024-07-09 14:50 ` Schimpe, Christina via Gdb
2024-07-09 15:16 ` Florian Weimer via Gdb
2024-07-10 9:07 ` Schimpe, Christina via Gdb [this message]
2024-07-10 10:05 ` Florian Weimer via Gdb
2024-07-10 11:35 ` Schimpe, Christina via Gdb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=SN7PR11MB7638EBBEA792F9364DB5BB5CF9A42@SN7PR11MB7638.namprd11.prod.outlook.com \
--to=gdb@sourceware.org \
--cc=christina.schimpe@intel.com \
--cc=fweimer@redhat.com \
--cc=thiago.bauermann@linaro.org \
--cc=tom@tromey.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox