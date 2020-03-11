GNU Debugger and Assembler
-
Debugging Gdb Using rr: Ptrace Emulation
Someone tried using rr to debug gdb and reported an rr issue because it didn't work. With some effort I was able to fix a couple of bugs and get it working for simple cases. Using improved debuggers to improve debuggers feels good!
The main problem when running gdb under rr is the need to emulate ptrace. We had the same problem when we wanted to debug rr replay under rr. In Linux a process can only have a single ptracer. rr needs to ptrace all the processes it's recording — in this case gdb and the process(es) it's debugging. Gdb needs to ptrace the process(es) it's debugging, but they can't be ptraced by both gdb and rr. rr circumvents the problem by emulating ptrace: gdb doesn't really ptrace its debuggees, as far as the kernel is concerned, but instead rr emulates gdb's ptrace calls. (I think in principle any ptrace user, e.g. gdb or strace, could support nested ptracing in this way, although it's a lot of work so I'm not surprised they don't.)
Most of the ptrace machinery that gdb needs already worked in rr, and we have quite a few ptrace tests to prove it. All I had to do to get gdb working for simple cases was to fix a couple of corner-case bugs. rr has to synthesize SIGCHLD signals sent to the emulated ptracer; these signals weren't interacting properly with sigsuspend. For some reason gdb spawns a ptraced process, then kills it with SIGKILL and waits for it to exit; that wait has to be emulated by rr because in Linux regular "wait" syscalls can only wait for a non-child process if the waiter is ptracing the target process, and under rr gdb is not really the ptracer, so the native wait doesn't work. We already had logic for that, but it wasn't working for process exits triggered by signals, so I had to rework that, which was actually pretty hard (see the rr issue for horrible details).
-
GNU Assembler Adds New Options For Mitigating Load Value Injection Attack
Yesterday the Load Value Injection (LVI) vulnerability was disclosed by Intel and researchers and affecting newer Intel CPUs with SGX and requiring mitigations outside of all the speculative execution mitigations the past two years. The GNU Assembler patches adding new options for mitigation have now been merged to Git master.
As outlined yesterday, the LVI mitigations noted by the researchers would be inserting LFENCE barriers before every vulnerable load instruction. That amounts to what has been merged today for the GNU Assembler (Gas), but it's not enabled by default and there is control over where the lfence barriers should be inserted.
-
