Debian Bug report logs - #994510
libunwind8 abuses setcontext() causing SIGSEGV on i386 with glibc >= 2.32

Reply or subscribe to this bug.

Display info messages

Message #5 received at [email protected] (full text, mbox, reply):

From: Aurelien Jarno <[email protected]>

To: Debian Bug Tracking System <[email protected]>

Subject: libunwind8 abuses setcontext() causing SIGSEGV on i386 with glibc >= 2.32

Date: Thu, 16 Sep 2021 22:12:56 +0200

Package: libunwind8
Version: 1.3.2-2
Severity: grave
Tags: upstream
X-Debbugs-Cc: [email protected]

Following the glibc 2.32 upload to unstable, the autopkgtest of the
rspamd package fails on i386, due to a segmentation fault when starting
the daemon [1].

After digging, it appears that the problem is due to libunwind and the
following upstream glibc change [2]:

| commit 15eab1e3e89129ab3ed03f5bdc3415b26e9caeb9 (master)
| Author: H.J. Lu <[email protected]>
| Date:   Sat Feb 1 05:44:55 2020 -0800
| 
|     i386: Don't unnecessarily save and restore EAX, ECX and EDX [BZ# 25262]
|     
|     On i386, since EAX, ECX and EDX are caller-saved, there are no need
|     to save and restore EAX, ECX and EDX in getcontext, setcontext and
|     swapcontext.  They just need to clear EAX on success.  The extra
|     scratch registers are needed to enable CET.
|     
|     Tested on i386.
|     
|     Reviewed-by: Adhemerval Zanella <[email protected]>


Basically EAX, ECX and EDX and are not saved anymore across a
getcontext() / setcontext() sequence, and more importantly they are not
restored in setcontext() which is used by libunwind to restore a context
after an exception. In that case, all the registers have to be restored,
including the caller-saved one.

It happens that libunwind shall not have used setcontext() there, but
rather defined its own implementation like its already done for
getcontext() as the behaviour of setcontext() is unspecified when passed
an ucp argument obtained from different sources than getcontext() or
makecontext(). Quoting the GNU libc manual:

| If the context was created by a call to a signal handler or from any
| other source then the behaviour of setcontext is unspecified.

Quoting POSIX.1-2004 (last version before it got removed):

| The effects of passing a ucp argument obtained from any other source
| are unspecified.

Note that upstream bug #69 might be relevant there [3].


[1] https://ci.debian.net/data/autopkgtest/testing/i386/r/rspamd/15290363/log.gz
[2] https://sourceware.org/git/?p=glibc.git;a=commit;h=15eab1e3e89129ab3ed03f5bdc3415b26e9caeb9
[3] https://github.com/libunwind/libunwind/issues/69

Message #18 received at [email protected] (full text, mbox, reply):

From: Kurt Roeckx <[email protected]>

To: [email protected]

Cc: [email protected]

Subject: libunwind8 abuses setcontext() causing SIGSEGV on i386 with glibc >= 2.32

Date: Sat, 26 Apr 2025 15:43:05 +0200

[Message part 1 (text/plain, inline)]

tags 994510 + patch
thanks

Hi,

I've attached a patch that does the same difference as the glibc change.

An alternative is that we also create a setcontext.

I can't reproduce the original issue, so I can't check if this fixed
anything.


Kurt

[x86-getcontext-linux.patch (text/x-diff, attachment)]

Message #25 received at [email protected] (full text, mbox, reply):

From: Kurt Roeckx <[email protected]>

To: [email protected]

Cc: Aurelien Jarno <[email protected]>, [email protected]

Subject: Re: libunwind8 abuses setcontext() causing SIGSEGV on i386 with glibc >= 2.32

Date: Sun, 27 Apr 2025 12:58:06 +0200

tags 994510 - sid trixie experimental
tags 994510 + bullseye
thanks

Thinking about this some more, I don't see why the patch would fix
anything. But it also shoudln't hurt. Without the patch we just
store things that aren't restored by setcontext anymore.

I also don't see a CI problem in rspamd in testing or unstable,
only in stable or unstable.


Kurt

Message #34 received at [email protected] (full text, mbox, reply):

From: Aurelien Jarno <[email protected]>

To: Kurt Roeckx <[email protected]>, [email protected]

Cc: [email protected]

Subject: Re: Bug#994510: libunwind8 abuses setcontext() causing SIGSEGV on i386 with glibc >= 2.32

Date: Sun, 27 Apr 2025 22:28:24 +0200

On 2025-04-26 15:43, Kurt Roeckx wrote:
> tags 994510 + patch
> thanks
> 
> Hi,
> 
> I've attached a patch that does the same difference as the glibc change.

I don't think it is correct. Contrary to the getcontext/setcontext 
functions, an exception can happen at any moment, and not always around 
a function call. Therefore it is not possible to rely on that to not 
restore caller-saved registers.

> An alternative is that we also create a setcontext.

Sounds indeed the way to go.

Regards
Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
[email protected]                     http://aurel32.net

Message #39 received at [email protected] (full text, mbox, reply):

From: Aurelien Jarno <[email protected]>

To: Kurt Roeckx <[email protected]>, [email protected]

Cc: [email protected]

Subject: Re: Bug#994510: libunwind8 abuses setcontext() causing SIGSEGV on i386 with glibc >= 2.32

Date: Mon, 28 Apr 2025 21:59:23 +0200

On 2025-04-26 15:43, Kurt Roeckx wrote:
> tags 994510 + patch
> thanks
> 
> Hi,
> 
> I've attached a patch that does the same difference as the glibc change.
> 
> An alternative is that we also create a setcontext.
> 
> I can't reproduce the original issue, so I can't check if this fixed
> anything.

I have just checked the status using a trixie system, and rebuilding 
glibc without i386/local-setcontext-revert-eax-ecx-edx.patch.

I am able to reproduce the issue with the rspamd version from bookworm 
(3.4-1), but not with the version from trixie (3.8.1-1.2) or sid 
(3.11.1-2).

Regards
Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
[email protected]                     http://aurel32.net

Send a report that this bug log contains spam.