Re: [Bug hurd/24110] SS_DISABLE never set in stack_t value returned by sigaltstack

Mon, 28 Jan 2019 12:50:16 -0800 

On Mon, 2019-01-28 at 21:28 +0100, Samuel Thibault wrote:
> Svante Signell, le lun. 28 janv. 2019 20:22:42 +0100, a ecrit:
> > $24 = {ss_sp = 0x9501c, ss_size = 45028, ss_flags = 1}
> 
> Actually these values look odd. You could check with a breakpoint
> whether sigaltstack() is really used to set these values.
> 
> If that's not what sets it, there's possibly an overwrite from somewhere
> else. What you could then do is:
> 
> gdb> b sigaltstack.c:55
> gdb> c
> 
> to get after sigaltstack() has made its duty (after __spin_unlock), and
> at that breakpoint, check *argss for the values that were supposed to be
> put into s->sigaltstack.ss_sp, and put a hardware watchpoint:
> 
> gdb> p &s->sigaltstack.ss_sp
> $1 = (void **) 0x1030cd0
> gdb> watch * (void **) 0x1030cd0
> 
> watching the address instead of the expression is important for the
> watch to be hardware-assisted.
> 
> That way you'll get to see what modifies the ss_sp field.

Not much new here:
(gdb) b sigaltstack.c:55
Breakpoint 2 at 0x22d18da: file ../sysdeps/mach/hurd/sigaltstack.c, line 55.
(gdb) run
[New Thread 4553.18]

Thread 4 hit Breakpoint 2, __GI___sigaltstack (argss=0x0, oss=0x3005cb4) at
../sysdeps/mach/hu\
rd/sigaltstack.c:55
55      ../sysdeps/mach/hurd/sigaltstack.c: No such file or directory.
(gdb) c
Continuing.

Thread 4 hit Breakpoint 2, __GI___sigaltstack (argss=0x3005c84, oss=0x0) at
../sysdeps/mach/hurd/sigaltstack.c:55
55      in ../sysdeps/mach/hurd/sigaltstack.c
(gdb) p *argss
$9 = {ss_sp = 0x9501c, ss_size = 45028, ss_flags = 0}
(gdb) p->sigaltstack.ss_sp
$10 = (void **) 0x25139ac
(gdb) watch * (void **) 0x25139ac
Continuing.
[New Thread 4553.19]

Thread 4 received signal SIGTRAP, Trace/breakpoint trap.
0x022a8425 in __GI__hurd_intr_rpc_mach_msg (msg=<optimized out>,
option=<optimized out>, send_size=268509186,rcv_size=4, rcv_name=2353981702,
timeout=<optimized out>, notify=0) at intr-msg.c:118
118     intr-msg.c: No such file or directory.
(gdb) c
Continuing.

Thread 4 received signal SIGSEGV, Segmentation fault.
0x022a6530 in trampoline () from /lib/i386-gnu/libc.so.0.3

(gdb) bt
#0  0x022a6530 in trampoline () from /lib/i386-gnu/libc.so.0.3
#1  0x00000014 in ?? ()
#2  0x0009ffdc in ?? ()
#3  0x00000000 in ?? ()

Reply via email to