All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] clear the frame pointer in copy_thread
@ 2012-06-19  7:29 Su, Xuemin
  2012-06-19 13:57 ` H. Peter Anvin
  0 siblings, 1 reply; 3+ messages in thread
From: Su, Xuemin @ 2012-06-19  7:29 UTC (permalink / raw)
  To: akpm, mingo, a.p.zijlstra, rusty, william.douglas, a.p.zijlstra,
	tglx, mingo, hpa, x86, linux-kernel
  Cc: yanmin_zhang, xuemin.su

From: xueminsu <xuemin.su@intel.com>

When creating a userspace thread, kernel copies all parent
thread’s registers to the child thread, including bp register
which is used to create stack frame. At this point, the bp
register is pointing to the parent thread’s last stack frame.

So, after the child thread is created, its bp register points
to the parent thread’s stack area, and the value would be pushed
to its own stack to form its first stack frame when it calls its
first function.

This would not be a problem if the child thread and the parent
thread do not share the VM or if they share the VM and have the
same stack. But if they share the VM and have different stacks,
this would cause an issue: when we try to print the child thread’s
stack trace, we would eventually walk into the parent thread’s
stack area, and sometimes we will occasionally prints out the
parent thread’s stack trace.

Currently some version of libc clears the frame pointer just after
the thread is created, but this is not guaranteed.

Signed-off-by: xueminsu <xuemin.su@intel.com>
---
 arch/x86/kernel/process_32.c |    9 +++++++++
 arch/x86/kernel/process_64.c |    9 +++++++++
 2 files changed, 18 insertions(+), 0 deletions(-)

diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
index 516fa18..b1b6d42 100644
--- a/arch/x86/kernel/process_32.c
+++ b/arch/x86/kernel/process_32.c
@@ -139,6 +139,15 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
 	childregs->ax = 0;
 	childregs->sp = sp;
 
+	/*
+	 * If the child thread and the parent thread share the VM
+	 * but have different stack, the child thread's bp register
+	 * should be set to null, preventing it from pointing to
+	 * the parent thread's stack area.
+	 */
+	if ((sp != regs->sp) && (clone_flags & CLONE_VM))
+		childregs->bp = 0;
+
 	p->thread.sp = (unsigned long) childregs;
 	p->thread.sp0 = (unsigned long) (childregs+1);
 
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
index 61cdf7f..5acff83 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -163,6 +163,15 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
 	else
 		childregs->sp = (unsigned long)childregs;
 
+	/*
+	 * If the child thread and the parent thread share the VM
+	 * but have different stack, the child thread's bp register
+	 * should be set to null, preventing it from pointing to
+	 * the parent thread's stack area.
+	 */
+	if ((sp != regs->sp) && (clone_flags & CLONE_VM))
+		childregs->bp = 0;
+
 	p->thread.sp = (unsigned long) childregs;
 	p->thread.sp0 = (unsigned long) (childregs+1);
 	p->thread.usersp = me->thread.usersp;
-- 
1.7.6




^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] clear the frame pointer in copy_thread
  2012-06-19  7:29 [PATCH] clear the frame pointer in copy_thread Su, Xuemin
@ 2012-06-19 13:57 ` H. Peter Anvin
  2012-06-20  1:28   ` Yanmin Zhang
  0 siblings, 1 reply; 3+ messages in thread
From: H. Peter Anvin @ 2012-06-19 13:57 UTC (permalink / raw)
  To: Su, Xuemin, akpm, mingo, a.p.zijlstra, rusty, william.douglas,
	a.p.zijlstra, tglx, mingo, x86, linux-kernel
  Cc: yanmin_zhang

It isn't clear to me this is the right thing to do this in the kernel.  A frame pointer isn't obligatory and doing this in user space seems more appropriate.

"Su, Xuemin" <xuemin.su@intel.com> wrote:

>From: xueminsu <xuemin.su@intel.com>
>
>When creating a userspace thread, kernel copies all parent
>thread’s registers to the child thread, including bp register
>which is used to create stack frame. At this point, the bp
>register is pointing to the parent thread’s last stack frame.
>
>So, after the child thread is created, its bp register points
>to the parent thread’s stack area, and the value would be pushed
>to its own stack to form its first stack frame when it calls its
>first function.
>
>This would not be a problem if the child thread and the parent
>thread do not share the VM or if they share the VM and have the
>same stack. But if they share the VM and have different stacks,
>this would cause an issue: when we try to print the child thread’s
>stack trace, we would eventually walk into the parent thread’s
>stack area, and sometimes we will occasionally prints out the
>parent thread’s stack trace.
>
>Currently some version of libc clears the frame pointer just after
>the thread is created, but this is not guaranteed.
>
>Signed-off-by: xueminsu <xuemin.su@intel.com>
>---
> arch/x86/kernel/process_32.c |    9 +++++++++
> arch/x86/kernel/process_64.c |    9 +++++++++
> 2 files changed, 18 insertions(+), 0 deletions(-)
>
>diff --git a/arch/x86/kernel/process_32.c
>b/arch/x86/kernel/process_32.c
>index 516fa18..b1b6d42 100644
>--- a/arch/x86/kernel/process_32.c
>+++ b/arch/x86/kernel/process_32.c
>@@ -139,6 +139,15 @@ int copy_thread(unsigned long clone_flags,
>unsigned long sp,
> 	childregs->ax = 0;
> 	childregs->sp = sp;
> 
>+	/*
>+	 * If the child thread and the parent thread share the VM
>+	 * but have different stack, the child thread's bp register
>+	 * should be set to null, preventing it from pointing to
>+	 * the parent thread's stack area.
>+	 */
>+	if ((sp != regs->sp) && (clone_flags & CLONE_VM))
>+		childregs->bp = 0;
>+
> 	p->thread.sp = (unsigned long) childregs;
> 	p->thread.sp0 = (unsigned long) (childregs+1);
> 
>diff --git a/arch/x86/kernel/process_64.c
>b/arch/x86/kernel/process_64.c
>index 61cdf7f..5acff83 100644
>--- a/arch/x86/kernel/process_64.c
>+++ b/arch/x86/kernel/process_64.c
>@@ -163,6 +163,15 @@ int copy_thread(unsigned long clone_flags,
>unsigned long sp,
> 	else
> 		childregs->sp = (unsigned long)childregs;
> 
>+	/*
>+	 * If the child thread and the parent thread share the VM
>+	 * but have different stack, the child thread's bp register
>+	 * should be set to null, preventing it from pointing to
>+	 * the parent thread's stack area.
>+	 */
>+	if ((sp != regs->sp) && (clone_flags & CLONE_VM))
>+		childregs->bp = 0;
>+
> 	p->thread.sp = (unsigned long) childregs;
> 	p->thread.sp0 = (unsigned long) (childregs+1);
> 	p->thread.usersp = me->thread.usersp;
>-- 
>1.7.6

-- 
Sent from my mobile phone. Please excuse brevity and lack of formatting.

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] clear the frame pointer in copy_thread
  2012-06-19 13:57 ` H. Peter Anvin
@ 2012-06-20  1:28   ` Yanmin Zhang
  0 siblings, 0 replies; 3+ messages in thread
From: Yanmin Zhang @ 2012-06-20  1:28 UTC (permalink / raw)
  To: H. Peter Anvin
  Cc: Su, Xuemin, akpm, mingo, a.p.zijlstra, rusty, william.douglas,
	tglx, mingo, x86, linux-kernel

On Tue, 2012-06-19 at 06:57 -0700, H. Peter Anvin wrote:
> It isn't clear to me this is the right thing to do this in the kernel.  A frame pointer isn't obligatory and doing this in user space seems more appropriate.
Peter,

Thanks for the kind comments. You are right.

Yanmin

> 
> "Su, Xuemin" <xuemin.su@intel.com> wrote:
> 
> >From: xueminsu <xuemin.su@intel.com>
> >
> >When creating a userspace thread, kernel copies all parent
> >thread’s registers to the child thread, including bp register
> >which is used to create stack frame. At this point, the bp
> >register is pointing to the parent thread’s last stack frame.
> >
> >So, after the child thread is created, its bp register points
> >to the parent thread’s stack area, and the value would be pushed
> >to its own stack to form its first stack frame when it calls its
> >first function.
> >
> >This would not be a problem if the child thread and the parent
> >thread do not share the VM or if they share the VM and have the
> >same stack. But if they share the VM and have different stacks,
> >this would cause an issue: when we try to print the child thread’s
> >stack trace, we would eventually walk into the parent thread’s
> >stack area, and sometimes we will occasionally prints out the
> >parent thread’s stack trace.
> >
> >Currently some version of libc clears the frame pointer just after
> >the thread is created, but this is not guaranteed.
> >
> >Signed-off-by: xueminsu <xuemin.su@intel.com>
> >---
> > arch/x86/kernel/process_32.c |    9 +++++++++
> > arch/x86/kernel/process_64.c |    9 +++++++++
> > 2 files changed, 18 insertions(+), 0 deletions(-)
> >
> >diff --git a/arch/x86/kernel/process_32.c
> >b/arch/x86/kernel/process_32.c
> >index 516fa18..b1b6d42 100644
> >--- a/arch/x86/kernel/process_32.c
> >+++ b/arch/x86/kernel/process_32.c
> >@@ -139,6 +139,15 @@ int copy_thread(unsigned long clone_flags,
> >unsigned long sp,
> > 	childregs->ax = 0;
> > 	childregs->sp = sp;
> > 
> >+	/*
> >+	 * If the child thread and the parent thread share the VM
> >+	 * but have different stack, the child thread's bp register
> >+	 * should be set to null, preventing it from pointing to
> >+	 * the parent thread's stack area.
> >+	 */
> >+	if ((sp != regs->sp) && (clone_flags & CLONE_VM))
> >+		childregs->bp = 0;
> >+
> > 	p->thread.sp = (unsigned long) childregs;
> > 	p->thread.sp0 = (unsigned long) (childregs+1);
> > 
> >diff --git a/arch/x86/kernel/process_64.c
> >b/arch/x86/kernel/process_64.c
> >index 61cdf7f..5acff83 100644
> >--- a/arch/x86/kernel/process_64.c
> >+++ b/arch/x86/kernel/process_64.c
> >@@ -163,6 +163,15 @@ int copy_thread(unsigned long clone_flags,
> >unsigned long sp,
> > 	else
> > 		childregs->sp = (unsigned long)childregs;
> > 
> >+	/*
> >+	 * If the child thread and the parent thread share the VM
> >+	 * but have different stack, the child thread's bp register
> >+	 * should be set to null, preventing it from pointing to
> >+	 * the parent thread's stack area.
> >+	 */
> >+	if ((sp != regs->sp) && (clone_flags & CLONE_VM))
> >+		childregs->bp = 0;
> >+
> > 	p->thread.sp = (unsigned long) childregs;
> > 	p->thread.sp0 = (unsigned long) (childregs+1);
> > 	p->thread.usersp = me->thread.usersp;
> >-- 
> >1.7.6
> 



^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-06-20  1:26 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-06-19  7:29 [PATCH] clear the frame pointer in copy_thread Su, Xuemin
2012-06-19 13:57 ` H. Peter Anvin
2012-06-20  1:28   ` Yanmin Zhang

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.