Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Z1N3RK-qju55yRo5@voyager>
Date: Fri, 6 Dec 2024 23:14:28 +0100
From: Markus Wichmann <nullplan@....net>
To: musl@...ts.openwall.com
Subject: Re: [PATCH] clone: clear the frame pointer in the child
 process on relevant ports

Am Fri, Dec 06, 2024 at 09:42:00PM +0100 schrieb Thorsten Glaser:
> On Fri, 6 Dec 2024, Alex Rønne Petersen wrote:
>
> >Clearing the frame pointer helps protect FP-based unwinders which have no way of
> >knowing that the FP register should be considered undefined in the child process
> >portion of clone().
>
> Huh, why?
>
> I thought they would both still be useful and needed (so one can trace
> the new process / thread back to from where it was cloned and beyond).
>
> bye,
> //mirabilos

The "parent" thread can return from the method that called clone(). Then
the illusory back link in the child points to dead memory that may be
overwritten concurrently. It also points to a different stack that may
be freed concurrently. In either case, a back tracer must be stopped
from continuing to trace at the clone() level.

Ciao,
Markus

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.