Detect guard pages and dump the real stack instead when encountering stack overflows on Linux #24
Comments
|
Is this the same issue as rust-minidump/rust-minidump#638 or is it happening for a different reason on macos? |
|
It could be the same reason. In fact given the logic should be the same it's highly likely and it intersects what @Swatinem noted about assuming the stack is a single memory region. Also I'm unsure if we're handling stack overflows on macOS properly so we might never have actually tested that particular code path. The last time I tried enabling Firefox' stack overflow tests on macOS it just didn't work so we might never have caught one for all we know. |
gabrielesvelto
added a commit
to gabrielesvelto/minidump-writer
that referenced
this issue
Apr 28, 2023
When encountering a stack overflow we often crash accessing the guard page. The logic assumed that wherever the stack pointer was so was the stack, but this lead the writer to dump the guard page in these cases. This patch changes the logic to inspect the properties of the mapping that appears to correspond to the stack and - if it looks like a guard page - look for the actual stack instead. This fixes rust-minidump#24
gabrielesvelto
added a commit
to gabrielesvelto/minidump-writer
that referenced
this issue
Apr 28, 2023
When encountering a stack overflow we often crash accessing the guard page. The logic assumed that wherever the stack pointer was so was the stack, but this lead the writer to dump the guard page in these cases. This patch changes the logic to inspect the properties of the mapping that appears to correspond to the stack and - if it looks like a guard page - look for the actual stack instead. This fixes rust-minidump#24
gabrielesvelto
added a commit
to gabrielesvelto/minidump-writer
that referenced
this issue
Apr 29, 2023
When encountering a stack overflow we often crash accessing the guard page. The logic assumed that wherever the stack pointer was so was the stack, but this lead the writer to dump the guard page in these cases. This patch changes the logic to inspect the properties of the mapping that appears to correspond to the stack and - if it looks like a guard page - look for the actual stack instead. This fixes rust-minidump#24
gabrielesvelto
added a commit
to gabrielesvelto/minidump-writer
that referenced
this issue
May 2, 2023
When encountering a stack overflow we often crash accessing the guard page. The logic assumed that wherever the stack pointer was so was the stack, but this lead the writer to dump the guard page in these cases. This patch changes the logic to inspect the properties of the mapping that appears to correspond to the stack and - if it looks like a guard page - look for the actual stack instead. This fixes rust-minidump#24
gabrielesvelto
added a commit
to gabrielesvelto/minidump-writer
that referenced
this issue
May 2, 2023
When encountering a stack overflow we often crash accessing the guard page. The logic assumed that wherever the stack pointer was so was the stack, but this lead the writer to dump the guard page in these cases. This patch changes the logic to inspect the properties of the mapping that appears to correspond to the stack and - if it looks like a guard page - look for the actual stack instead. This fixes rust-minidump#24
gabrielesvelto
added a commit
to gabrielesvelto/minidump-writer
that referenced
this issue
May 2, 2023
When encountering a stack overflow we often crash accessing the guard page. The logic assumed that wherever the stack pointer was so was the stack, but this lead the writer to dump the guard page in these cases. This patch changes the logic to inspect the properties of the mapping that appears to correspond to the stack and - if it looks like a guard page - look for the actual stack instead. This fixes rust-minidump#24
gabrielesvelto
added a commit
to gabrielesvelto/minidump-writer
that referenced
this issue
May 2, 2023
When encountering a stack overflow we often crash accessing the guard page. The logic assumed that wherever the stack pointer was so was the stack, but this lead the writer to dump the guard page in these cases. This patch changes the logic to inspect the properties of the mapping that appears to correspond to the stack and - if it looks like a guard page - look for the actual stack instead. This fixes rust-minidump#24
gabrielesvelto
added a commit
to gabrielesvelto/minidump-writer
that referenced
this issue
May 2, 2023
When encountering a stack overflow we often crash accessing the guard page. The logic assumed that wherever the stack pointer was so was the stack, but this lead the writer to dump the guard page in these cases. This patch changes the logic to inspect the properties of the mapping that appears to correspond to the stack and - if it looks like a guard page - look for the actual stack instead. This fixes rust-minidump#24
gabrielesvelto
added a commit
to gabrielesvelto/minidump-writer
that referenced
this issue
May 2, 2023
When encountering a stack overflow we often crash accessing the guard page. The logic assumed that wherever the stack pointer was so was the stack, but this lead the writer to dump the guard page in these cases. This patch changes the logic to inspect the properties of the mapping that appears to correspond to the stack and - if it looks like a guard page - look for the actual stack instead. This fixes rust-minidump#24
gabrielesvelto
added a commit
to gabrielesvelto/minidump-writer
that referenced
this issue
May 17, 2023
When encountering a stack overflow we often crash accessing the guard page. The logic assumed that wherever the stack pointer was so was the stack, but this lead the writer to dump the guard page in these cases. This patch changes the logic to inspect the properties of the mapping that appears to correspond to the stack and - if it looks like a guard page - look for the actual stack instead. This fixes rust-minidump#24
gabrielesvelto
added a commit
to gabrielesvelto/minidump-writer
that referenced
this issue
May 19, 2023
When encountering a stack overflow we often crash accessing the guard page. The logic assumed that wherever the stack pointer was so was the stack, but this lead the writer to dump the guard page in these cases. This patch changes the logic to inspect the properties of the mapping that appears to correspond to the stack and - if it looks like a guard page - look for the actual stack instead. This fixes rust-minidump#24
gabrielesvelto
added a commit
to gabrielesvelto/minidump-writer
that referenced
this issue
May 19, 2023
When encountering a stack overflow we often crash accessing the guard page. The logic assumed that wherever the stack pointer was so was the stack, but this lead the writer to dump the guard page in these cases. This patch changes the logic to inspect the properties of the mapping that appears to correspond to the stack and - if it looks like a guard page - look for the actual stack instead. This change also removes the double limitation we had when retrieving stacks on Linux: previously the logic would only grab the first 32 KiB of each stack before checking for user-specified limits. Now only the user-specified limits are enforced and - if not present - the full stack is stored in the minidump. This brings the behavior in line with minidumps generated on Windows by windbg.dll. This fixes rust-minidump#24
Jake-Shadle
pushed a commit
that referenced
this issue
May 26, 2023
When encountering a stack overflow we often crash accessing the guard page. The logic assumed that wherever the stack pointer was so was the stack, but this lead the writer to dump the guard page in these cases. This patch changes the logic to inspect the properties of the mapping that appears to correspond to the stack and - if it looks like a guard page - look for the actual stack instead. This change also removes the double limitation we had when retrieving stacks on Linux: previously the logic would only grab the first 32 KiB of each stack before checking for user-specified limits. Now only the user-specified limits are enforced and - if not present - the full stack is stored in the minidump. This brings the behavior in line with minidumps generated on Windows by windbg.dll. This fixes #24
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
After landing bug 1678152 in Firefox we noticed that several of the crash reports we got had an empty stack. The first frame was fine but the rest of the stack appeared to be an empty 4KiB chunk. As it turns out in those crashes the stack pointer had been bumped straight into the guard page below the stack causing this code code to mistake the guard page for the stack and dumping it. The new writer inherited this flaw from Breakpad. To fix this we should have
MappingInfostore the readable/writable flags in addition to the executable one and if the mapping we find here is non readable/writable then we should shift the stack pointer to the previous page and pick the previous mapping instead.The text was updated successfully, but these errors were encountered: