NetBSD Problem Report #56881

From www@netbsd.org  Sun Jun 12 23:37:56 2022
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 1F1FA1A921F
	for <gnats-bugs@gnats.NetBSD.org>; Sun, 12 Jun 2022 23:37:56 +0000 (UTC)
Message-Id: <20220612233754.B864A1A923C@mollari.NetBSD.org>
Date: Sun, 12 Jun 2022 23:37:54 +0000 (UTC)
From: tgl@sss.pgh.pa.us
Reply-To: tgl@sss.pgh.pa.us
To: gnats-bugs@NetBSD.org
Subject: hppa: backtrace_symbols() delivers bogus results for some dynloaded functions
X-Send-Pr-Version: www-1.0

>Number:         56881
>Category:       port-hppa
>Synopsis:       hppa: backtrace_symbols() delivers bogus results for some dynloaded functions
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-hppa-maintainer
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jun 12 23:40:00 +0000 2022
>Closed-Date:    Mon Aug 29 14:59:53 +0000 2022
>Last-Modified:  Mon Aug 29 14:59:53 +0000 2022
>Originator:     Tom Lane
>Release:        HEAD/202206101540Z
>Organization:
PostgreSQL Global Development Group
>Environment:
NetBSD sss2.sss.pgh.pa.us 9.99.97 NetBSD 9.99.97 (SD0) #1: Sat Jun 11 17:32:11 EDT 2022  tgl@nuc1.sss.pgh.pa.us:/home/tgl/netbsd-H-202206101540Z/obj.hppa/sys/arch/hppa/compile/SD0 hppa
>Description:
The lib/libexecinfo/t_backtrace test case fails for me, reporting that the output of backtrace_symbols_fmt() looks like

tc-so:backtrace is:
tc-so:#0: myfunc3
tc-so:#1: myfunc2
tc-so:#2: myfunc1
tc-so:#3: myfunc1
tc-so:#4: myfunc1
tc-so:#5: myfunc1
tc-so:#6: myfunc1
tc-so:#7: myfunc1
tc-so:#8: myfunc1
tc-so:#9: myfunc1
tc-so:#10: myfunc1
tc-so:#11: myfunc1
tc-so:#12: myfunc1
tc-so:#13: myfunc1
tc-so:#14: myfunc
tc-so:#15: atfu_backtrace_fmt_basic_body
tc-so:#16: _fini
tc-so:#17: _fini
tc-so:#18: _fini
tc-so:#19: main
tc-so:#20: ___start

That is, it's reporting "_fini" instead of symbols from libatf-c.so.  I poked into this and found out that backtrace_symbols depends on symtab_find(), which compares the results from dladdr() and a main-program symtab search to see which address is closer.  However, dladdr() is returning a PLABEL which AFAICT could be almost anywhere in memory.  In this case, the manufactured PLABEL is below the start of libatf-c.so, causing the "dd" delta computed by symtab_find to be negative, which wraps around to a large unsigned value making it look further away than the "_fini" address extracted from the main symbol table.  Depending on memory layout of shared libraries, it seems likely that some cases would accidentally work; but this one reliably fails for me.

>How-To-Repeat:
$ /usr/tests/lib/libexecinfo/t_backtrace backtrace_fmt_basic

>Fix:
This seems like a real mess.  The only somewhat-principled solution I can think of is for backtrace_symbols to use a variant of dladdr() that never calls _rtld_function_descriptor_alloc.  That would likely be an improvement anyway, since the current arrangement can wind up manufacturing a lot of completely useless PLABELs.

>Release-Note:

>Audit-Trail:
From: "Nick Hudson" <skrll@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/56881 CVS commit: src/lib/libexecinfo
Date: Sat, 25 Jun 2022 06:51:37 +0000

 Module Name:	src
 Committed By:	skrll
 Date:		Sat Jun 25 06:51:37 UTC 2022

 Modified Files:
 	src/lib/libexecinfo: Makefile backtrace.c symtab.c
 Added Files:
 	src/lib/libexecinfo: symbol.h symbol_hppa.c

 Log Message:
 Decode function descriptors (aka plabels) on hppa to fix backtrace.

 PR/56881: hppa: backtrace_symbols() delivers bogus results for some dynloaded functions


 To generate a diff of this commit:
 cvs rdiff -u -r1.9 -r1.10 src/lib/libexecinfo/Makefile
 cvs rdiff -u -r1.7 -r1.8 src/lib/libexecinfo/backtrace.c
 cvs rdiff -u -r0 -r1.1 src/lib/libexecinfo/symbol.h \
     src/lib/libexecinfo/symbol_hppa.c
 cvs rdiff -u -r1.8 -r1.9 src/lib/libexecinfo/symtab.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: Tom Lane <tgl@sss.pgh.pa.us>
To: "Nick Hudson" <skrll@netbsd.org>
Cc: port-hppa-maintainer@netbsd.org, gnats-bugs@netbsd.org
Subject: Re: PR/56881 CVS commit: src/lib/libexecinfo
Date: Tue, 28 Jun 2022 11:04:53 -0400

 I confirm that as of HEAD/202206271040Z, the lib/libexecinfo
 test cases all pass for me on HPPA.  (I see you fixed t_sig_backtrace
 too, which I'd not got round to investigating yet.)  Thanks!

 			regards, tom lane

State-Changed-From-To: open->closed
State-Changed-By: skrll@NetBSD.org
State-Changed-When: Mon, 29 Aug 2022 14:59:53 +0000
State-Changed-Why:
Problem confirmed fixed.


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.