On 03/27/2018 12:43 AM, H.J. Lu wrote:
On Linux, when alternate signal stack is used with thread cancellation,
_Unwind_Resume fails when it tries to unwind shadow stack from signal
handler on alternate signal stack. The issue is that signal handler on
alternate signal stack uses a separate shadow stack and we must switch
to the original shadow stack to unwind it. But frame count will be wrong
in this case. For thread cancellation, there is no need to unwind shadow
stack since it will long jump back and exit.
One possibility is
1. Add _URC_NO_REASON_CANCEL.
2. unwind_stop in libpthread returns _URC_NO_REASON_CANCEL.
3. _Unwind_ForcedUnwind_Phase2 sets frames to 1 for
_URC_NO_REASON_CANCEL
I assume the sequence of events goes like this:
1. The program receives a signal with a SA_ONSTACK handler.
2. The program switches to the alternate signal stack (including an
alternate shadow stack) and runs the handler.
3. The handler reaches a cancellation point.
4. Cancellation is acted upon.
During unwinding, INCSSP is executed as needed. The switch from the
alternate signal stack is implicit in the SP register restore. But
there is no corresponding stack switch back to the original shadow
stack. This means that INCSSP faults once the alternate stack is empty.
Is this description accurate?
I think this has to be fixed entirely within the libgcc unwinder.
Otherwise, any application which throws from a (synchronous) signal
handler will have the same issue, and I think this is something we need
to support.
It may be possible to implement this without kernel changes: Patch the
interrupted context to continue unwinding, and then call sigreturn to
switch both stacks at the same time.
Thanks,
Florian
