- 
                Notifications
    You must be signed in to change notification settings 
- Fork 13.9k
Adjust frame IP in backtraces relative to image base for SGX target #117895
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
| (rustbot has picked a reviewer for you, use r? to override) | 
      
        
              This comment has been minimized.
        
        
      
    
  This comment has been minimized.
6763480    to
    6e7ea03      
    Compare
  
    
      
        
              This comment has been minimized.
        
        
      
    
  This comment has been minimized.
| I don't quite understand why this is a problem:  | 
| @mzohreva We try to keep platform-specific configuration code confined to the  | 
| @workingjubilee so does that mean that we'd need to introduce a new API in sys that is only doing something in SGX and a no-op for all others? If so, can you point me to some existing example please? | 
| 
 Yes, basically. This is part of why I asked questions like "is there ANY other way to do this?" during review. | 
| There is a file in tidy which contains a hardcoded list of exceptions, but it should generally never be added to, as doing so is... an unhappy last-resort, as any such exception applies to all ~450 lines of code in that file, and it means someone has to clean it up anyways in good time. Other PRs which did this "refactor code into the  | 
| #[cfg(all(target_vendor = "fortanix", target_env = "sgx"))] | ||
| pub fn set_image_base() { | ||
| let image_base = crate::os::fortanix_sgx::mem::image_base(); | ||
| backtrace_rs::set_image_base(crate::ptr::from_exposed_addr_mut(image_base as _)); | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this API implying that the backtrace generation is going to do more than math with the pointer value here? i.e., read/write from it? It seems odd to me to call from_exposed_addr here, vs. invalid_mut, which feels like it more appropriately describes the opaque nature of this pointer and theoretically hints that no one should read from it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, backtrace is only using this for adjusting frame IPs. Having read the docs in https://doc.rust-lang.org/nightly/std/ptr/index.html I was under the impression that doing pointer arithmetic also requires strict provenance.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would not expect arithmetic with non-unsafe functions to ever require provenance. It looks like that code is operating on usize even, so it's not even doing pointer arithmetic I think.
| @bors r+ | 
…ark-Simulacrum Adjust frame IP in backtraces relative to image base for SGX target This is followup to rust-lang/backtrace-rs#566. The backtraces printed by `panic!` or generated by `std::backtrace::Backtrace` in SGX target are not usable. The frame addresses need to be relative to image base address so they can be used for symbol resolution. Here's an example panic backtrace generated before this change: ``` $ cargo r --target x86_64-fortanix-unknown-sgx ... stack backtrace: 0: 0x7f8fe401d3a5 - <unknown> 1: 0x7f8fe4034780 - <unknown> 2: 0x7f8fe401c5a3 - <unknown> 3: 0x7f8fe401d1f5 - <unknown> 4: 0x7f8fe401e6f6 - <unknown> ``` Here's the same panic after this change: ``` $ cargo +stage1 r --target x86_64-fortanix-unknown-sgx stack backtrace: 0: 0x198bf - <unknown> 1: 0x3d181 - <unknown> 2: 0x26164 - <unknown> 3: 0x19705 - <unknown> 4: 0x1ef36 - <unknown> ``` cc `@jethrogb` and `@workingjubilee`
| ☀️ Test successful - checks-actions | 
| Finished benchmarking commit (d052f6f): comparison URL. Overall result: no relevant changes - no action needed@rustbot label: -perf-regression Instruction countThis benchmark run did not return any relevant results for this metric. Max RSS (memory usage)ResultsThis is a less reliable metric that may be of interest but was not used to determine the overall result at the top of this comment. 
 CyclesThis benchmark run did not return any relevant results for this metric. Binary sizeThis benchmark run did not return any relevant results for this metric. Bootstrap: 676.828s -> 675.196s (-0.24%) | 
This is followup to rust-lang/backtrace-rs#566.
The backtraces printed by
panic!or generated bystd::backtrace::Backtracein SGX target are not usable. The frame addresses need to be relative to image base address so they can be used for symbol resolution. Here's an example panic backtrace generated before this change:Here's the same panic after this change:
cc @jethrogb and @workingjubilee