From c4a75d8393047a170dfa53cc46f13f959afa4f15 Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Mon, 1 Oct 2018 18:00:33 +0200 Subject: [PATCH 1/4] bpo-32962: Fix test_gdb failure in debug build with -mcet -fcf-protection -O0 When Python is built with the intel control-flow protection flags, -mcet -fcf-protection, gdb is not able to read the stack without actually jumping inside the function. This means an extra 'next' command is required to make the $pc (program counter) enter the function and make the stack of the function exposed to gdb. Co-Authored-By: Marcel Plch (cherry picked from commit 9b7c74ca32d1bec7128d550a9ab1b2ddc7046287) --- Lib/test/test_gdb.py | 26 ++++++++++++++++++- .../2018-05-10-16-59-15.bpo-32962.S-rcIN.rst | 1 + 2 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 Misc/NEWS.d/next/Tests/2018-05-10-16-59-15.bpo-32962.S-rcIN.rst diff --git a/Lib/test/test_gdb.py b/Lib/test/test_gdb.py index 93a2c7dd57587e..2c6bd86699c80a 100644 --- a/Lib/test/test_gdb.py +++ b/Lib/test/test_gdb.py @@ -54,6 +54,16 @@ def get_gdb_version(): PYTHONHASHSEED = '123' + +def cet_cf_protection(): + cflags = sysconfig.get_config_var('CFLAGS') + flags = cflags.split() + return (('-mcet' in flags) + and any(flag.startswith('-fcf-protection') for flag in flags)) + +CET_CF_PROTECTION = cet_cf_protection() + + def run_gdb(*args, **env_vars): """Runs gdb in --batch mode with the additional arguments given by *args. @@ -162,6 +172,12 @@ def get_stack_trace(self, source=None, script=None, commands += ['set print entry-values no'] if cmds_after_breakpoint: + if CET_CF_PROTECTION: + # bpo-32962: When Python is compiled with -mcet + # -fcf-protection, function arguments are unusable before + # running the first instruction of the function entry point. + # The 'next' command makes the required first step. + commands += ['next'] commands += cmds_after_breakpoint else: commands += ['backtrace'] @@ -869,9 +885,17 @@ def __init__(self): id("first break point") l = MyList() ''') + cmds_after_breakpoint = ['break wrapper_call', 'continue'] + if CET_CF_PROTECTION: + # bpo-32962: same case as in get_stack_trace(): + # we need an additional 'next' command in order to read + # arguments of the innermost function of the call stack. + cmds_after_breakpoint.append('next') + cmds_after_breakpoint.append('py-bt') + # Verify with "py-bt": gdb_output = self.get_stack_trace(cmd, - cmds_after_breakpoint=['break wrapper_call', 'continue', 'py-bt']) + cmds_after_breakpoint=cmds_after_breakpoint) self.assertRegex(gdb_output, r" Date: Mon, 1 Oct 2018 18:18:09 +0200 Subject: [PATCH 2/4] Fix test_gdb if sysconfig.get_config_var() returns None --- Lib/test/test_gdb.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Lib/test/test_gdb.py b/Lib/test/test_gdb.py index 2c6bd86699c80a..6bab56e1eaaed9 100644 --- a/Lib/test/test_gdb.py +++ b/Lib/test/test_gdb.py @@ -57,6 +57,8 @@ def get_gdb_version(): def cet_cf_protection(): cflags = sysconfig.get_config_var('CFLAGS') + if not cflags: + return False flags = cflags.split() return (('-mcet' in flags) and any(flag.startswith('-fcf-protection') for flag in flags)) From 7128b930185010eb6b5014e8146ba1a2d420a70b Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Thu, 4 Oct 2018 16:48:57 +0200 Subject: [PATCH 3/4] Rename CET_CF_PROTECTION to CET_PROTECTION --- Lib/test/test_gdb.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Lib/test/test_gdb.py b/Lib/test/test_gdb.py index 6bab56e1eaaed9..05c9e479f66e58 100644 --- a/Lib/test/test_gdb.py +++ b/Lib/test/test_gdb.py @@ -55,7 +55,7 @@ def get_gdb_version(): PYTHONHASHSEED = '123' -def cet_cf_protection(): +def cet_protection(): cflags = sysconfig.get_config_var('CFLAGS') if not cflags: return False @@ -63,7 +63,8 @@ def cet_cf_protection(): return (('-mcet' in flags) and any(flag.startswith('-fcf-protection') for flag in flags)) -CET_CF_PROTECTION = cet_cf_protection() +# Control-flow enforcement technology +CET_PROTECTION = cet_protection() def run_gdb(*args, **env_vars): @@ -174,7 +175,7 @@ def get_stack_trace(self, source=None, script=None, commands += ['set print entry-values no'] if cmds_after_breakpoint: - if CET_CF_PROTECTION: + if CET_PROTECTION: # bpo-32962: When Python is compiled with -mcet # -fcf-protection, function arguments are unusable before # running the first instruction of the function entry point. @@ -888,7 +889,7 @@ def __init__(self): l = MyList() ''') cmds_after_breakpoint = ['break wrapper_call', 'continue'] - if CET_CF_PROTECTION: + if CET_PROTECTION: # bpo-32962: same case as in get_stack_trace(): # we need an additional 'next' command in order to read # arguments of the innermost function of the call stack. From 24ecea69961bfbb2be18fc7e491f5dc724dcae79 Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Tue, 9 Oct 2018 15:22:33 +0200 Subject: [PATCH 4/4] Handle -fcf-protection=none and -fcf-protection=return test_gdb doesn't need "next" with -fcf-protection=none nor -fcf-protection=return. --- Lib/test/test_gdb.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Lib/test/test_gdb.py b/Lib/test/test_gdb.py index 05c9e479f66e58..0f950b23253391 100644 --- a/Lib/test/test_gdb.py +++ b/Lib/test/test_gdb.py @@ -60,8 +60,12 @@ def cet_protection(): if not cflags: return False flags = cflags.split() + # True if "-mcet -fcf-protection" options are found, but false + # if "-fcf-protection=none" or "-fcf-protection=return" is found. return (('-mcet' in flags) - and any(flag.startswith('-fcf-protection') for flag in flags)) + and any((flag.startswith('-fcf-protection') + and not flag.endswith(("=none", "=return"))) + for flag in flags)) # Control-flow enforcement technology CET_PROTECTION = cet_protection()