[tarantool-patches] [PATCH v1 1/1] box: fix crash in ncurses on fedora 28
Kirill Shcherbatov
kshcherbatov at tarantool.org
Wed Aug 15 21:15:38 MSK 2018
Tarantool has been crashing when trying to go into an
interactive loop in ncurses-libs/libtinfo library via
lbox_console_readline.
Ncurses on Fedora 28 is compiled with flag
--fstack-clash-protection that use stack protection
mechanism (strictly speaking configure option --enable-widec
is also required, but it is not a part of problem we
investigated): gcc inserting code to step the stack down
one page at a time, running a logical-OR with zero
at each point, which doesn't affect any value on the stack
but forces a memory access:
lea r11,[rsp-frameSize]
label:
sub rsp,pageSize
or QWORD PTR [rsp],0x0
cmp rsp,r11
jne label
where frameSize=32768 b and pageSize=4096 b
(read also https://ldpreload.com/blog/stack-smashes-you)
Tarantool main interactive loop is working in fiber with
default stack size 65536 b
BINARY IMAGE MEMORY MAP:
_____________________________________________________
SECTION ADDRESSES COMMENT
DATA 0x0 ^
HEAP |
0x0ec18 | # < --fstack-clash-
| # protection check
STACK: @ | #
@ 0x16c18 | $# < ncurses/readline
@ | $ internals, access
@ | $ syscall in wrapper
@ | $
@ | $
@ 0x1ffe0 | $ < frame0 -- LUA
.... |
0xffff |
+------+-----------------------------+-------------+
| SIGN | DESCRIPTION | TOTAL SIZE |
+------+-----------------------------+-------------+
| @ | stack area region; (fiber) | 65536 b |
+------+-----------------------------+-------------+
| $ | user-space application stack| 37832 b |
| | memory usage | |
+------+-----------------------------+-------------+
| # | a memory that checked stack | 32768 b |
| | probing generated with | |
| | --fstack-clash-protection | |
+------+-----------------------------+-------------+
_____________________________________________________
In other words, $ + # = 70600 > 65536 = @
and we have segfault:
SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=}
SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL}
We have to increase interactive console main loop
fiber stack.
Closes #3418.
---
Branch: https://github.com/tarantool/tarantool/tree/kshch/gh-3418-crash-on-fedora
Issue: https://github.com/tarantool/tarantool/issues/3418
src/lua/init.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/lua/init.c b/src/lua/init.c
index a0a7f63..217640f 100644
--- a/src/lua/init.c
+++ b/src/lua/init.c
@@ -610,8 +610,10 @@ tarantool_lua_run_script(char *path, bool interactive,
* To work this problem around we must run init script in
* a separate fiber.
*/
-
- script_fiber = fiber_new(title, run_script_f);
+ struct fiber_attr fiber_attr =
+ {.stack_size = 0x8000 * 4,
+ .flags = FIBER_DEFAULT_FLAGS | FIBER_CUSTOM_STACK};
+ script_fiber = fiber_new_ex(title, &fiber_attr, run_script_f);
if (script_fiber == NULL)
panic("%s", diag_last_error(diag_get())->errmsg);
fiber_start(script_fiber, tarantool_L, path, interactive,
--
2.7.4
More information about the Tarantool-patches
mailing list