From: Kirill Shcherbatov <kshcherbatov@tarantool.org> To: tarantool-patches@freelists.org, kyukhin@tarantool.org Cc: Kirill Shcherbatov <kshcherbatov@tarantool.org> Subject: [tarantool-patches] [PATCH v1 1/1] box: fix crash in ncurses on fedora 28 Date: Wed, 15 Aug 2018 21:15:38 +0300 [thread overview] Message-ID: <f2677cd964b23aa4ef09dbad660d42f206ce8ab3.1534356838.git.kshcherbatov@tarantool.org> (raw) In-Reply-To: <eb5323504261a57a84fa99e8072a89c8c919e1d7.1533736169.git.kshcherbatov@tarantool.org> Tarantool has been crashing when trying to go into an interactive loop in ncurses-libs/libtinfo library via lbox_console_readline. Ncurses on Fedora 28 is compiled with flag --fstack-clash-protection that use stack protection mechanism (strictly speaking configure option --enable-widec is also required, but it is not a part of problem we investigated): gcc inserting code to step the stack down one page at a time, running a logical-OR with zero at each point, which doesn't affect any value on the stack but forces a memory access: lea r11,[rsp-frameSize] label: sub rsp,pageSize or QWORD PTR [rsp],0x0 cmp rsp,r11 jne label where frameSize=32768 b and pageSize=4096 b (read also https://ldpreload.com/blog/stack-smashes-you) Tarantool main interactive loop is working in fiber with default stack size 65536 b BINARY IMAGE MEMORY MAP: _____________________________________________________ SECTION ADDRESSES COMMENT DATA 0x0 ^ HEAP | 0x0ec18 | # < --fstack-clash- | # protection check STACK: @ | # @ 0x16c18 | $# < ncurses/readline @ | $ internals, access @ | $ syscall in wrapper @ | $ @ | $ @ 0x1ffe0 | $ < frame0 -- LUA .... | 0xffff | +------+-----------------------------+-------------+ | SIGN | DESCRIPTION | TOTAL SIZE | +------+-----------------------------+-------------+ | @ | stack area region; (fiber) | 65536 b | +------+-----------------------------+-------------+ | $ | user-space application stack| 37832 b | | | memory usage | | +------+-----------------------------+-------------+ | # | a memory that checked stack | 32768 b | | | probing generated with | | | | --fstack-clash-protection | | +------+-----------------------------+-------------+ _____________________________________________________ In other words, $ + # = 70600 > 65536 = @ and we have segfault: SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=} SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} We have to increase interactive console main loop fiber stack. Closes #3418. --- Branch: https://github.com/tarantool/tarantool/tree/kshch/gh-3418-crash-on-fedora Issue: https://github.com/tarantool/tarantool/issues/3418 src/lua/init.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/lua/init.c b/src/lua/init.c index a0a7f63..217640f 100644 --- a/src/lua/init.c +++ b/src/lua/init.c @@ -610,8 +610,10 @@ tarantool_lua_run_script(char *path, bool interactive, * To work this problem around we must run init script in * a separate fiber. */ - - script_fiber = fiber_new(title, run_script_f); + struct fiber_attr fiber_attr = + {.stack_size = 0x8000 * 4, + .flags = FIBER_DEFAULT_FLAGS | FIBER_CUSTOM_STACK}; + script_fiber = fiber_new_ex(title, &fiber_attr, run_script_f); if (script_fiber == NULL) panic("%s", diag_last_error(diag_get())->errmsg); fiber_start(script_fiber, tarantool_L, path, interactive, -- 2.7.4
prev parent reply other threads:[~2018-08-15 18:15 UTC|newest] Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-08-08 13:52 Kirill Shcherbatov 2018-08-08 18:27 ` Vladimir Davydov 2018-08-15 18:15 ` Kirill Shcherbatov [this message]
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=f2677cd964b23aa4ef09dbad660d42f206ce8ab3.1534356838.git.kshcherbatov@tarantool.org \ --to=kshcherbatov@tarantool.org \ --cc=kyukhin@tarantool.org \ --cc=tarantool-patches@freelists.org \ --subject='Re: [tarantool-patches] [PATCH v1 1/1] box: fix crash in ncurses on fedora 28' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox