Received: by 2002:a05:6a10:2785:0:0:0:0 with SMTP id ia5csp2512263pxb; Mon, 11 Jan 2021 11:31:43 -0800 (PST) X-Google-Smtp-Source: ABdhPJw2j3jag5EKw1BoPA5Zp6+Kepzd1iVsPotYREx7FUtjIHvSER+V27fRvFTHzshOjT3L+vp0 X-Received: by 2002:a17:906:9388:: with SMTP id l8mr705672ejx.22.1610393503384; Mon, 11 Jan 2021 11:31:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1610393503; cv=none; d=google.com; s=arc-20160816; b=AK7gp+Nj31P0bU79nmwXoUKyWHUzOc4qGPuuxlGM4AukqlSSDTZA4QdC9BdMDyfm8+ wFlptwwrozIYhuU8xcCF2P6d/cMBP/6OX2P1ucJslXtJN02FhUwkqogD/QWZWP9NjSzQ pmCqAO6YziJmy9aRq57kC3vkbq2ay0XdDVkhyLkhVdd0WOYPCNDGyQ+FKssU/hHetCKN Dh8/Ardzp925ZUuNEMohAqZ277UnWH9U2m+43pbAsnc8cwn84Fu+7lxprNVjTOnQWLN8 WrJq5Ll+I/zDnpDbGSnKsD7aj3pCtfKoKW1gjPV5k8DYyMK62+TNwHyH/AoT13piZ7Zc c1Eg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=cJnM9jKTMZJlQTYep8yT5EtpFSnF5j9qCbqVqbAE8tU=; b=hFzXrKZiu5IfYUJfzbhBCvq3EkPZrUAnH37G/T47sINK3ZPDo8evB3cOlOYjLppTJ3 tMcJLDNBFAZEvshyt5Snk8aifY7PwVjY1SqK8KiM9sCZIVAlsU7Vzr0CauPBzPIm2Iei buUYRC/54PmholBc5OfLDvcpitqqsEp9NRQitu4MOqjGJFhQu9NYBupQuAgSYWo2Ph2N RB8u7gIwenPJXtUhMjCJTr9lygcAL2f/2X4I9AM7X0oO1xPbPVTA6Ae9FHfd7u/6IqbL 6ajKKDyGR5YYJ9iOLSBYRQI03xU9fnBudzTf7nuR4r+bv6JrjXFh91UItEo2LoP5x1gf Wapg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=a66UvBCK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y17si279771edi.83.2021.01.11.11.31.19; Mon, 11 Jan 2021 11:31:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=a66UvBCK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391248AbhAKT2f (ORCPT + 99 others); Mon, 11 Jan 2021 14:28:35 -0500 Received: from mail.kernel.org ([198.145.29.99]:51034 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388087AbhAKT2f (ORCPT ); Mon, 11 Jan 2021 14:28:35 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 7C83822CAE for ; Mon, 11 Jan 2021 19:27:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1610393274; bh=tqYtvUHaYqDpyPKuhUK5/MI/gbHARz8MLesQiWj0ADw=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=a66UvBCKfxqIkHPPkARTreV55brvMT3whwaUMKxvrd4GAmCzlnHS7FLsZKwM7cMDl PnJkxHjzrS6n+C9NVpJvDhRqhebEImS6nwTRed9DGZwL3cDHdFqE7y2439T4BY9FNx EvOEmGMy1KwcjwV3Jt4mJbTniZEw5BYDgAE5xKJvtE1xU1K2V56Tm12s5SqtUE4GVz tXJhTbpOAwGTErzLW2FmlERwRaaV1TO7ss7fS8xwWaSYrOEnZSUpbI/qTB5YX43SED vfY5ZJCXgLztHfeGO/R3o/hbqVniDtxDnyWHg9wb9aM2SToMVwYcKyO60DwUnmFVAj s3En/M5ogjPPw== Received: by mail-ej1-f41.google.com with SMTP id b9so43712ejy.0 for ; Mon, 11 Jan 2021 11:27:54 -0800 (PST) X-Gm-Message-State: AOAM531PmIgPE9jiSiW0iL5HsL+08c9o0IqKVfznd0zjI8WKUqGsFaTa wWUugTr9lcaj+sIJ9fuu1g0W2qf5ZTkgHeg2ebFs+w== X-Received: by 2002:a17:906:52c1:: with SMTP id w1mr709722ejn.214.1610393272934; Mon, 11 Jan 2021 11:27:52 -0800 (PST) MIME-Version: 1.0 References: <20210111181520.GE25645@zn.tnic> In-Reply-To: <20210111181520.GE25645@zn.tnic> From: Andy Lutomirski Date: Mon, 11 Jan 2021 11:27:38 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: gdbserver + fsgsbase kaputt To: Borislav Petkov Cc: "Chang S. Bae" , Andy Lutomirski , tdevries@suse.com, x86-ml , lkml Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 11, 2021 at 10:15 AM Borislav Petkov wrote: > > Hi, > > so there's a breakage of a use case with gdbserver on fsgsbase machines, > see > > https://sourceware.org/bugzilla/show_bug.cgi?id=26804 > > Tom has an even simpler reproducer: > > $ cat test.c > int > main (void) > { > return 0; > } > $ gcc test.c -m32 > $ gdbserver localhost:12345 a.out > ... other terminal ... > $ gdb -batch -q -ex "target remote localhost:12345" -ex continue > Program received signal SIGSEGV, Segmentation fault. > 0xf7dd8bd2 in init_cacheinfo () at ../sysdeps/x86/cacheinfo.c:761 > > The correct output is, of course: > > ... > [Inferior 1 (process 1860) exited normally] > > I tried to bisect this but it led me to: > > b745cfba44c1 ("x86/cpu: Enable FSGSBASE on 64bit by default and add a chicken bit") > > which simply enables fsgsbase so I could've made a small mistake in the > bisection. > > I say small because booting with "nofsgsbase" cures it so it must be > something fsgsbase + ptrace especially since the symptom is a corrupted > stack canary in %gs... Hmm. Can you try booting with unsafe_fsgsbase and bisecting further? And maybe send me your test binary? I tried to reproduce this, but it worked fine, even if I compile the test program with -fstack-protector-all. Off the top of my head, I would have expected this to fix it: commit 40c45904f818c1f6555294ca27afc5fda4f09e68 Author: Andy Lutomirski Date: Fri Jun 26 10:24:29 2020 -0700 x86/ptrace: Fix 32-bit PTRACE_SETREGS vs fsbase and gsbase