From: Andy Lutomirski <luto@kernel.org>
To: Borislav Petkov <bp@alien8.de>
Cc: "Chang S. Bae" <chang.seok.bae@intel.com>,
Andy Lutomirski <luto@kernel.org>,
tdevries@suse.com, x86-ml <x86@kernel.org>,
lkml <linux-kernel@vger.kernel.org>
Subject: Re: gdbserver + fsgsbase kaputt
Date: Mon, 11 Jan 2021 11:27:38 -0800 [thread overview]
Message-ID: <CALCETrV98776mNd20v8r+JXt0uOUKemd_YnDYDoLXN_LDfQnog@mail.gmail.com> (raw)
In-Reply-To: <20210111181520.GE25645@zn.tnic>
On Mon, Jan 11, 2021 at 10:15 AM Borislav Petkov <bp@alien8.de> wrote:
>
> Hi,
>
> so there's a breakage of a use case with gdbserver on fsgsbase machines,
> see
>
> https://sourceware.org/bugzilla/show_bug.cgi?id=26804
>
> Tom has an even simpler reproducer:
>
> $ cat test.c
> int
> main (void)
> {
> return 0;
> }
> $ gcc test.c -m32
> $ gdbserver localhost:12345 a.out
> ... other terminal ...
> $ gdb -batch -q -ex "target remote localhost:12345" -ex continue
> Program received signal SIGSEGV, Segmentation fault.
> 0xf7dd8bd2 in init_cacheinfo () at ../sysdeps/x86/cacheinfo.c:761
>
> The correct output is, of course:
>
> ...
> [Inferior 1 (process 1860) exited normally]
>
> I tried to bisect this but it led me to:
>
> b745cfba44c1 ("x86/cpu: Enable FSGSBASE on 64bit by default and add a chicken bit")
>
> which simply enables fsgsbase so I could've made a small mistake in the
> bisection.
>
> I say small because booting with "nofsgsbase" cures it so it must be
> something fsgsbase + ptrace especially since the symptom is a corrupted
> stack canary in %gs...
Hmm. Can you try booting with unsafe_fsgsbase and bisecting further?
And maybe send me your test binary? I tried to reproduce this, but it
worked fine, even if I compile the test program with
-fstack-protector-all.
Off the top of my head, I would have expected this to fix it:
commit 40c45904f818c1f6555294ca27afc5fda4f09e68
Author: Andy Lutomirski <luto@kernel.org>
Date: Fri Jun 26 10:24:29 2020 -0700
x86/ptrace: Fix 32-bit PTRACE_SETREGS vs fsbase and gsbase
next prev parent reply other threads:[~2021-01-11 19:28 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-11 18:15 gdbserver + fsgsbase kaputt Borislav Petkov
2021-01-11 19:27 ` Andy Lutomirski [this message]
2021-01-11 20:00 ` Borislav Petkov
2021-01-11 21:06 ` Andy Lutomirski
2021-01-11 23:40 ` Andy Lutomirski
2021-01-11 23:52 ` Tom de Vries
2021-01-12 3:31 ` Andy Lutomirski
2021-01-12 8:45 ` Tom de Vries
2021-01-12 6:15 ` Bae, Chang Seok
2021-01-12 11:39 ` Metzger, Markus T
2021-01-12 16:53 ` Andy Lutomirski
2021-01-12 17:02 ` Metzger, Markus T
2021-01-12 17:13 ` Andy Lutomirski
2021-01-20 15:42 ` Metzger, Markus T
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CALCETrV98776mNd20v8r+JXt0uOUKemd_YnDYDoLXN_LDfQnog@mail.gmail.com \
--to=luto@kernel.org \
--cc=bp@alien8.de \
--cc=chang.seok.bae@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=tdevries@suse.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).