Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release/7.0] Prevent unwinding through stack bottom #81804

Merged
merged 2 commits into from
Feb 13, 2023

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Feb 8, 2023

Backport of #81770 to release/7.0

When processing unhandled exception on the most recent Alpine 3.17, the libunwind doesn't stop at the bottom
frame of the main thread (the caller of main) and tries to unwind further. The reason is that the method is missing dwarf unwind information, so the libunwind falls back to using RBP chain, but the RBP points to a garbage and so it ends up crashing with SIGSEGV.

While the missing DWARF unwind info seems to be a bug in the Alpine 3.17 (older ones work fine), we can prevent issues like this by stopping at the hosting API boundary and not trying to unwind past that

/cc @janvorli

Customer Impact

Without this fix, unhandled exception on the latest Alpine 3.17 results in an access violation crash without any message generated. It impacts our public Alpine docker containers for .NET 7 and 6.

Testing

Targeted testing of the fix, coreclr tests, libraries tests.

Risk

Low, the change only stops unwinding stack when it reaches the hosting API frame. No exception can be handled past that.

@dotnet-issue-labeler
Copy link

I couldn't figure out the best area label to add to this PR. If you have write-permissions please help me learn by adding exactly one area label.

@janvorli janvorli requested a review from jkotas February 8, 2023 01:11
@janvorli janvorli self-assigned this Feb 8, 2023
@janvorli janvorli added area-ExceptionHandling-coreclr Servicing-consider Issue for next servicing release review labels Feb 8, 2023
@janvorli janvorli added this to the 7.0.x milestone Feb 8, 2023
@runfoapp runfoapp bot mentioned this pull request Feb 8, 2023
Copy link
Member

@jeffschwMSFT jeffschwMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approved. we will take for consideration in 7.0.x

@janvorli janvorli added the NO-MERGE The PR is not ready for merge yet (see discussion for detailed reasons) label Feb 10, 2023
@janvorli
Copy link
Member

I've found a bug in the change, looking into it.

@janvorli janvorli removed the NO-MERGE The PR is not ready for merge yet (see discussion for detailed reasons) label Feb 10, 2023
@janvorli
Copy link
Member

Bug fixed in main, merged in, cherry picked the commit to this PR.

When processing unhandled exception on the most recent Alpine 3.17,
the libunwind doesn't stop at the bottom
frame of the main thread (the caller of `main`) and tries to unwind
further. The reason is that the method is missing dwarf unwind
information, so the libunwind falls back to using RBP chain, but the RBP
points to a garbage and so it ends up crashing with SIGSEGV.

While the missing DWARF unwind info seems to be a bug in the Alpine 3.17
(older ones work fine), we can prevent issues like this by stopping at
the hosting API boundary and not trying to unwind past that. This is
what this PR does.
The irecent fix to prevent unwinding through stack bottom was
incorrect for secondary threads, as it just compared the SP
being above the frame of the hosting API. However, other threads
can have their stacks anywhere in the memory, thus this
sometimes broke exception handling on secondary threads.

I have also found that there was one more case where the
unwind through the hosting API need to be checked - the
Thread::VirtualUnwindToFirstManagedCallFrame.

I have decided to use the return address of the hosting
API for the checks instead of the frame address. That
makes the check work properly.
@carlossanlop carlossanlop force-pushed the backport/pr-81770-to-release/7.0 branch from f7be1b9 to f60800e Compare February 10, 2023 22:27
@carlossanlop carlossanlop added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels Feb 13, 2023
@carlossanlop carlossanlop modified the milestones: 7.0.x, 7.0.5, 7.0.4 Feb 13, 2023
@carlossanlop
Copy link
Member

Approved by Tactics via email for 7.0.4.
Signed-off by area owners.
No OOB changes needed.
CI is green.
Ready to merge. :shipit:

@carlossanlop carlossanlop merged commit d05bbe4 into release/7.0 Feb 13, 2023
@carlossanlop carlossanlop deleted the backport/pr-81770-to-release/7.0 branch February 13, 2023 18:00
@ghost ghost locked as resolved and limited conversation to collaborators Mar 15, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants