This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Backtrace() called inside a signal handler traps while tracking an invalid function call.
- From: supriya kannery <supriyak at in dot ibm dot com>
- To: gcc at gcc dot gnu dot org, libc-alpha at sourceware dot org
- Cc: suzuki <suzuki at in dot ibm dot com>
- Date: Thu, 14 Jun 2007 02:24:19 +0530
- Subject: Backtrace() called inside a signal handler traps while tracking an invalid function call.
- Reply-to: supriyak at in dot ibm dot com
Hello,
Backtrace API is trapping when it is called inside a signal handler
to trace back an invalid function call.
Backtrace API is called from a signal handler. When the SEGFAULT signal
that is captured by the signal handler is due to the invokation of an
invalid function call, then backtrace is generating SEGFAULT. In i586
this segfault again gets captured by the signal handler, reaches
backtrace, backtrace again generates segfault and infinite loop results.
In x86_64 architecture, when backtrace generates segfault, the program
stops.
Following code is an excerpt from gcc-3.3.3/gcc/unwind-dw2.c:
In x86_64 arch, fde is returned null for the invalid singal handler
stack frame...
--------------------------------------------------------------------------------------------------------------------------
fde = _Unwind_Find_FDE (context->ra - 1, &context->bases);
if (fde == NULL)
{
/* Couldn't find frame unwind info for this function. Try a
target-specific fallback mechanism. This will necessarily
not provide a personality routine or LSDA. */
#ifdef MD_FALLBACK_FRAME_STATE_FOR
MD_FALLBACK_FRAME_STATE_FOR (context, fs, success);
return _URC_END_OF_STACK;
--------------------------------------------------------------------------------------------------------------------------
MD_FALLBACK_FRAME_STATE_FOR macro is called which inturn checks the pc
to see whether the backtrace is called from a signal hander
--------------------------------------------------------------------------------------------------------------------------
#ifdef __x86_64__
#define MD_FALLBACK_FRAME_STATE_FOR(CONTEXT, FS, SUCCESS) \
do { \
unsigned char *pc_ = (CONTEXT)->ra; \
struct sigcontext *sc_; \
long new_cfa_; \
\
/* movq __NR_rt_sigreturn, %rax ; syscall */ \
if (*(unsigned char *)(pc_+0) == 0x48 \
&& *(unsigned long *)(pc_+1) == 0x050f0000000fc0c7) \
{ \
struct ucontext *uc_ = (CONTEXT)->cfa; \
--------------------------------------------------------------------------------------------------------------------------
SEGFAULT is generated while accessing the content of pc, as pc value is
invalid (oxfffffe) for the invalid function call.
Is this scenario, of calling backtrace() on a stack containing invalid
function pointer, a supported one? If yes, is there a way we can avoid
accessing pc in this case and get onto unwind further stack frames ?
Btw, gdb is able to successfully unwind the full stack for this same
scenario.
Attaching source files for recreating the problem: main.c and foo.c
Thanks, Supriya
IBM Linux Technology Centre
#include <unistd.h>
#include <signal.h>
#include <stdio.h>
void foo( void ) ;
void catch_segv(int signum)
{
int i, cnt ;
void *syms[100] ;
char buf[80] ;
cnt = backtrace( syms, 100 ) ;
for ( i = 0 ; i < cnt ; i++ )
{
snprintf( buf, sizeof(buf), "%d\t%lx\n", i, (unsigned long)syms[i] ) ;
puts( buf ) ;
}
}
int main( void )
{
int rc ;
struct sigaction newact; /* Action */
struct sigaction oldact; /* Old action */
newact.sa_handler = catch_segv;
sigemptyset (&newact.sa_mask);
newact.sa_flags = 0;
rc = sigaction (SIGSEGV, &newact, &oldact);
rc = sigaction (SIGBUS, &newact, &oldact);
printf( "rc = %d, calling foo\n", rc ) ;
foo() ;
return 0 ;
}
#include <stdio.h>
void (*fp)(void) = (void *)0xffffff ;
void foo( void )
{
char buf[16] ;
int cnt;
buf[0] = '\n' ;
buf[1] = '\0' ;
printf( "Calling invalid function pointer.%s", buf ) ;
fp() ;
}