| Message ID | 20230531160406.3932028-1-lancelot.six@amd.com |
|---|---|
| Headers |
Return-Path: <gdb-patches-bounces+patchwork=sourceware.org@sourceware.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id ADD053856965 for <patchwork@sourceware.org>; Wed, 31 May 2023 16:06:22 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org ADD053856965 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1685549182; bh=IoDkVonfoTVyQ0JY4mUjGSUzaKilkVI80/d0eNyDQbQ=; h=To:CC:Subject:Date:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:From:Reply-To:From; b=twWOl0tjWBRbipor+I7nWq1SZqSx1ngEgZ4IJxVxblI2LL/EbpQ6HXK+bpxRqQyIY dv+gKePFWpIPKVL+39TgCfg4BkZ6Ed+DYNKp+A1WIvJFxga/oJXK2W0e0M6on3QO+P UAlOAy8PWOlMk/lnPhsl2aXJ2OJSA8SGn4DnDJNM= X-Original-To: gdb-patches@sourceware.org Delivered-To: gdb-patches@sourceware.org Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2081.outbound.protection.outlook.com [40.107.94.81]) by sourceware.org (Postfix) with ESMTPS id 857473858C60 for <gdb-patches@sourceware.org>; Wed, 31 May 2023 16:05:41 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 857473858C60 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=awvcSrfuPA3PsWDbH/ZfnZfOHaUKFCrA+m/MD3HFzPHtZ9JKFaogtl8nT1Dx5NzsSSArU9h+Gh73zxk5pMlbPOHtJpwaWzaMOLZI4RNZyZIr0V2luF6c5t43d7q/mAN3YgySNSODKYY7sE9Svo9X1l4HZvkPQ/MlxPMhaiW3uUYtGZO5ZF5cEETBM2fihv3VlsXvSLcH34ohv12VMu4QfNK1Bk6FVGSqVCp7QhbNCRuoBiZPRf1zT7tK+uiFjkF0FTIkBETjZ3iWLqGNvillBgnn4xoCPSuUdzfY1r5Ki+LCtxRIgP1sCWU7Xn22F17vOmT3FSRApI9PQw17qndj1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IoDkVonfoTVyQ0JY4mUjGSUzaKilkVI80/d0eNyDQbQ=; b=OqtZNW6OBYmn7w1EYgkU4rQHrG1h0/um3snM4q1ZXw0LBw7UP/6CTJIkJYRBBytZSxzaQkWez89YtF8znt5Mr6lJlfSAc+wiXCR2zbITyGe9RM/FsZXqcfumFW21Z3X8bBd+s1XLfy9bBr/gcK+ZepvNOSNiC2gBQh+cvkJv3TsdYBlwt/xTlpZ32bJgfAzvLw8o10EPiMmt4bgH04rH7ygNEkPWWWpGCrVT61kQWjD5bpvtjPhfOpuhjYi9Hl3KTmlVdbh52V8uv8wwVj3Z8ReZiyEzDj6Pwmgqxx8DEAZWRzEC8Enf3QHzwvSy2hAW9VpyRH96/Jk2nKl+erHXhA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=sourceware.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none Received: from MN2PR05CA0062.namprd05.prod.outlook.com (2603:10b6:208:236::31) by BN9PR12MB5116.namprd12.prod.outlook.com (2603:10b6:408:119::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6455.22; Wed, 31 May 2023 16:05:35 +0000 Received: from BL02EPF000145B8.namprd05.prod.outlook.com (2603:10b6:208:236:cafe::3f) by MN2PR05CA0062.outlook.office365.com (2603:10b6:208:236::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6455.22 via Frontend Transport; Wed, 31 May 2023 16:05:35 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL02EPF000145B8.mail.protection.outlook.com (10.167.241.208) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6455.18 via Frontend Transport; Wed, 31 May 2023 16:05:35 +0000 Received: from khazad-dum.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Wed, 31 May 2023 11:05:33 -0500 To: <gdb-patches@sourceware.org> CC: <lsix@lancelotsix.com>, Lancelot SIX <lancelot.six@amd.com> Subject: [PATCH 0/3] Fix use-after-free in gdb/corelow.c + cleanups Date: Wed, 31 May 2023 17:04:03 +0100 Message-ID: <20230531160406.3932028-1-lancelot.six@amd.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL02EPF000145B8:EE_|BN9PR12MB5116:EE_ X-MS-Office365-Filtering-Correlation-Id: 792f0bce-80fe-4e7b-0086-08db61f0de6a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: hSirNLt0ZCdb2QBjPqzsa75aEBWSncINvmXGWNNowCG3S6vSnVKs7whfAVJdePvbpxC1Wr3W8ihXhQvN8LJnC0oA41ljGyq1Ue8Pf02M5J8Ba7rDOyVzTPfV8tNViNxYYELvBTpD9DYA9ZwBt3gS/fBQHzrUu8hT9VHvuoecmTyKOcR/5N80Hq6A7UzahR+aEk+bYVtkJ4syUQdT17gy/HexIXgHEDIphXa3SHeaiJEVPZXbXkFV4P3JFtPEEkGCbjzYfs3LFLW4f6ryyNn4N1HgMW9wXMEylipJpmjlJd+qjEi4uPwmv+T1GsYR+f7CS/mqbqQzplBVaYYFVB2d62L0EpPMYcYOD4uWmwGCAZY/7bi9wryQFlvSsd9p15gtOz9OLn/0mNRTz7L9QHgW6JOyDedgGwyl+p7iDc3nNuA/aEmgCxGXKK5NBGsULmAIpMCGdHEsDOX/DZvmN5QSgnS2e954moRF2s3qGp/PY9kVg3jF75BR/adaSU9++M39Q3BwnJTVwXSwAU+MF98YGAUjKajt77qCjmTEh1+bqMs6xkLnpo0oUvYOxrZlg+8BiKSaF4FjCA0uMNjlazJfGnyhkPM/ieYxABf0W6xAyz0/RUnQDYay4QXk9AAnFAXu+rqlhmKcvmj3ErYLofskpxTTweh4rJzJhT/BcJUGZT7YaP6K4TD2mSyTow2ZJ8AhISWoCEO6nAPCoNyBYTo8ic28clSeS0yl7JH9/g0BgzPZN+pYiay/v/t4l2VZRW/6ewxk1jAPOqaQv8jJ8Hsl7g== X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230028)(4636009)(376002)(136003)(39860400002)(396003)(346002)(451199021)(40470700004)(36840700001)(46966006)(70586007)(70206006)(6916009)(316002)(4326008)(41300700001)(54906003)(8936002)(5660300002)(2906002)(8676002)(36860700001)(40460700003)(7696005)(6666004)(478600001)(356005)(40480700001)(1076003)(82740400003)(26005)(186003)(36756003)(83380400001)(426003)(336012)(16526019)(47076005)(81166007)(2616005)(86362001)(82310400005)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 May 2023 16:05:35.4122 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 792f0bce-80fe-4e7b-0086-08db61f0de6a X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL02EPF000145B8.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN9PR12MB5116 X-Spam-Status: No, score=-5.5 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb-patches mailing list <gdb-patches.sourceware.org> List-Unsubscribe: <https://sourceware.org/mailman/options/gdb-patches>, <mailto:gdb-patches-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/gdb-patches/> List-Post: <mailto:gdb-patches@sourceware.org> List-Help: <mailto:gdb-patches-request@sourceware.org?subject=help> List-Subscribe: <https://sourceware.org/mailman/listinfo/gdb-patches>, <mailto:gdb-patches-request@sourceware.org?subject=subscribe> From: Lancelot SIX via Gdb-patches <gdb-patches@sourceware.org> Reply-To: Lancelot SIX <lancelot.six@amd.com> Errors-To: gdb-patches-bounces+patchwork=sourceware.org@sourceware.org Sender: "Gdb-patches" <gdb-patches-bounces+patchwork=sourceware.org@sourceware.org> |
| Series |
Fix use-after-free in gdb/corelow.c + cleanups
|
|
Message
Lancelot Six
May 31, 2023, 4:04 p.m. UTC
Hi, Since a recent change if BFD (014a602b86f "Don't optimise bfd_seek to same position"), I started to see ASAN report a use-after-free error when opening some coredumps. If the original process had some file mapped in its address space that GDB can open, but calling bfd_check_format on this file fails, GDB would close the BFD but keep a pointer to it for later use, leading to use-after-free. Such scenario can be seen when the original process had some IO pages mapped from a DRI render node (/dev/dri/renderD$NUM) as it is the case when offloading compute tasks to AMDGPU devices. The first patch in this series fixes the use-after-free error. Once this issue fixed, GDB does show a warning message once for each region in the process address space where the special file was mapped. This is un-necessarily noisy, and does not match what is done when GDB does not find the file to open (exec_find_file returns null). The second patch of the series ensures that the warning message can only be printed once per file. Finally, the third patch in this series ensures that GDB does not try to open a file if it has already failed to open it. Since I am not sure how I can write a simple test to exercise for this failure, I have not included one. I have tested this series on a system using an AMDGPU device, where I originally encountered the problem. Lancelot SIX (3): gdb/corelow.c: fix use-after-free in build_file_mappings gdb/corelow.c: avoid repeated warnings in build_file_mappings gdb/corelow.c: do not try to reopen a file if open failed once gdb/corelow.c | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) base-commit: a15891aaea006d06066573449efbda353dd2863e
Comments
On 5/31/23 9:04 AM, Lancelot SIX via Gdb-patches wrote: > Hi, > > Since a recent change if BFD (014a602b86f "Don't optimise bfd_seek to > same position"), I started to see ASAN report a use-after-free error > when opening some coredumps. > > If the original process had some file mapped in its address space that > GDB can open, but calling bfd_check_format on this file fails, GDB would > close the BFD but keep a pointer to it for later use, leading to > use-after-free. > > Such scenario can be seen when the original process had some IO pages > mapped from a DRI render node (/dev/dri/renderD$NUM) as it is the case > when offloading compute tasks to AMDGPU devices. > > The first patch in this series fixes the use-after-free error. > > Once this issue fixed, GDB does show a warning message once for each > region in the process address space where the special file was mapped. > This is un-necessarily noisy, and does not match what is done when GDB > does not find the file to open (exec_find_file returns null). The > second patch of the series ensures that the warning message can only be > printed once per file. > > Finally, the third patch in this series ensures that GDB does not try to > open a file if it has already failed to open it. > > Since I am not sure how I can write a simple test to exercise for this > failure, I have not included one. I have tested this series on a system > using an AMDGPU device, where I originally encountered the problem. > > Lancelot SIX (3): > gdb/corelow.c: fix use-after-free in build_file_mappings > gdb/corelow.c: avoid repeated warnings in build_file_mappings > gdb/corelow.c: do not try to reopen a file if open failed once > > gdb/corelow.c | 35 ++++++++++++++++++++--------------- > 1 file changed, 20 insertions(+), 15 deletions(-) > > > base-commit: a15891aaea006d06066573449efbda353dd2863e Patches 2 and 3 look good to me.