From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 2D66B297D1 for ; Wed, 15 Aug 2018 14:15:44 -0400 (EDT) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5KB9kNJbAr9Z for ; Wed, 15 Aug 2018 14:15:44 -0400 (EDT) Received: from smtp47.i.mail.ru (smtp47.i.mail.ru [94.100.177.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTPS id 42B8A297FB for ; Wed, 15 Aug 2018 14:15:43 -0400 (EDT) From: Kirill Shcherbatov Subject: [tarantool-patches] [PATCH v1 1/1] box: fix crash in ncurses on fedora 28 Date: Wed, 15 Aug 2018 21:15:38 +0300 Message-Id: In-Reply-To: References: Sender: tarantool-patches-bounce@freelists.org Errors-to: tarantool-patches-bounce@freelists.org Reply-To: tarantool-patches@freelists.org List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: tarantool-patches List-subscribe: List-owner: List-post: List-archive: To: tarantool-patches@freelists.org, kyukhin@tarantool.org Cc: Kirill Shcherbatov Tarantool has been crashing when trying to go into an interactive loop in ncurses-libs/libtinfo library via lbox_console_readline. Ncurses on Fedora 28 is compiled with flag --fstack-clash-protection that use stack protection mechanism (strictly speaking configure option --enable-widec is also required, but it is not a part of problem we investigated): gcc inserting code to step the stack down one page at a time, running a logical-OR with zero at each point, which doesn't affect any value on the stack but forces a memory access: lea r11,[rsp-frameSize] label: sub rsp,pageSize or QWORD PTR [rsp],0x0 cmp rsp,r11 jne label where frameSize=32768 b and pageSize=4096 b (read also https://ldpreload.com/blog/stack-smashes-you) Tarantool main interactive loop is working in fiber with default stack size 65536 b BINARY IMAGE MEMORY MAP: _____________________________________________________ SECTION ADDRESSES COMMENT DATA 0x0 ^ HEAP | 0x0ec18 | # < --fstack-clash- | # protection check STACK: @ | # @ 0x16c18 | $# < ncurses/readline @ | $ internals, access @ | $ syscall in wrapper @ | $ @ | $ @ 0x1ffe0 | $ < frame0 -- LUA .... | 0xffff | +------+-----------------------------+-------------+ | SIGN | DESCRIPTION | TOTAL SIZE | +------+-----------------------------+-------------+ | @ | stack area region; (fiber) | 65536 b | +------+-----------------------------+-------------+ | $ | user-space application stack| 37832 b | | | memory usage | | +------+-----------------------------+-------------+ | # | a memory that checked stack | 32768 b | | | probing generated with | | | | --fstack-clash-protection | | +------+-----------------------------+-------------+ _____________________________________________________ In other words, $ + # = 70600 > 65536 = @ and we have segfault: SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=} SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} We have to increase interactive console main loop fiber stack. Closes #3418. --- Branch: https://github.com/tarantool/tarantool/tree/kshch/gh-3418-crash-on-fedora Issue: https://github.com/tarantool/tarantool/issues/3418 src/lua/init.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/lua/init.c b/src/lua/init.c index a0a7f63..217640f 100644 --- a/src/lua/init.c +++ b/src/lua/init.c @@ -610,8 +610,10 @@ tarantool_lua_run_script(char *path, bool interactive, * To work this problem around we must run init script in * a separate fiber. */ - - script_fiber = fiber_new(title, run_script_f); + struct fiber_attr fiber_attr = + {.stack_size = 0x8000 * 4, + .flags = FIBER_DEFAULT_FLAGS | FIBER_CUSTOM_STACK}; + script_fiber = fiber_new_ex(title, &fiber_attr, run_script_f); if (script_fiber == NULL) panic("%s", diag_last_error(diag_get())->errmsg); fiber_start(script_fiber, tarantool_L, path, interactive, -- 2.7.4