On Mon, Jan 11, 2021 at 10:15 AM Borislav Petkov <b...@alien8.de> wrote:
>
> Hi,
>
> so there's a breakage of a use case with gdbserver on fsgsbase machines,
> see
>
> https://sourceware.org/bugzilla/show_bug.cgi?id=26804
>
> Tom has an even simpler reproducer:
>
> $ cat test.c
> int
> main (void)
> {
> return 0;
> }
> $ gcc test.c -m32
> $ gdbserver localhost:12345 a.out
> ... other terminal ...
> $ gdb -batch -q -ex "target remote localhost:12345" -ex continue
> Program received signal SIGSEGV, Segmentation fault.
> 0xf7dd8bd2 in init_cacheinfo () at ../sysdeps/x86/cacheinfo.c:761
>
> The correct output is, of course:
>
> ...
> [Inferior 1 (process 1860) exited normally]
>
> I tried to bisect this but it led me to:
>
> b745cfba44c1 ("x86/cpu: Enable FSGSBASE on 64bit by default and add a
> chicken bit")
>
> which simply enables fsgsbase so I could've made a small mistake in the
> bisection.
>
> I say small because booting with "nofsgsbase" cures it so it must be
> something fsgsbase + ptrace especially since the symptom is a corrupted
> stack canary in %gs...
Hmm. Can you try booting with unsafe_fsgsbase and bisecting further?
And maybe send me your test binary? I tried to reproduce this, but it
worked fine, even if I compile the test program with
-fstack-protector-all.
Off the top of my head, I would have expected this to fix it:
commit 40c45904f818c1f6555294ca27afc5fda4f09e68
Author: Andy Lutomirski <l...@kernel.org>
Date: Fri Jun 26 10:24:29 2020 -0700
x86/ptrace: Fix 32-bit PTRACE_SETREGS vs fsbase and gsbase
