Closed Bug 920222 Opened 12 years ago Closed 7 years ago

Setting breakpoints at not-yet-decompressed locations results in crashes

Categories

(Firefox for Android Graveyard :: JimDB, defect)

Product:
Firefox for Android Graveyard
Component:
JimDB
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: jchen, Assigned: jchen)

Details

Attachments

(1 file)

WIP patch
2.54 KB, patch
Details | Diff | Splinter Review
No description provided.
Attached patch WIP patchSplinter Review
So when GDB sets a breakpoint, it writes a break instruction to the breakpoint location through ptrace. But because the memory page is read-only, Linux does a copy-on-write before writing the new value. That means the page is now mapped to different memory than our buffer, and when we later decompress data into our buffer, the decompressed data does not appear at the mapped location. We end up executing invalid code. I have a WIP patch that compares the buffer and the mapped page, and re-mmap the page when they are different. The patch also raises a signal to stop GDB (so that GDB can rewrite the breakpoint that was overwritten). However, this doesn't seem like the best approach... Do you have any thoughts, glandium?
Flags: needinfo?(mh+mozilla)
Comment on attachment 811235 [details] [diff] [review] WIP patch Review of attachment 811235 [details] [diff] [review]: ----------------------------------------------------------------- That looks fishy. I'd prefer this to be done entirely on gdb's end if that's possible, as we discussed at the summit: - check the address of a segfault when gdb sees one - if that address is in a page where there is a breakpoint, make the handler run and when it finishes, delete and recreate the breakpoint.
Your fix should also make sure it works even if DEBUG isn't defined.
Flags: needinfo?(mh+mozilla)
If this is complicated to do right, can we just patch jimdb to send MOZ_LINKER_ONDEMAND=0 by default?
(In reply to Gian-Carlo Pascutto (:gcp) from comment #4) > If this is complicated to do right, can we just patch jimdb to send > MOZ_LINKER_ONDEMAND=0 by default? Defaulting it would require a restart of Fennec every time, which is not desirable in many cases (when running tests, debugging a hang, etc.) But you can always set it in your gdbinit.local file.
(In reply to Mike Hommey [:glandium] from comment #2) > Comment on attachment 811235 [details] [diff] [review] > WIP patch > > Review of attachment 811235 [details] [diff] [review]: > ----------------------------------------------------------------- > > That looks fishy. I'd prefer this to be done entirely on gdb's end if that's > possible, as we discussed at the summit: > - check the address of a segfault when gdb sees one > - if that address is in a page where there is a breakpoint, make the handler > run and when it finishes, delete and recreate the breakpoint. The problem is the page is no longer mapped to our buffer because of copy-on-write. As a result, even after we decompress to our buffer, the page is still all zeros. To make it work, GDB would have to remap that page.
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: