[libcxx-commits] [PATCH] D123428: [libunwind] Add configuration to disable sigreturn frame check

Shoaib Meenai via Phabricator via libcxx-commits libcxx-commits at lists.llvm.org
Mon Apr 11 16:26:08 PDT 2022

smeenai added a comment.

In D123428#3444134 <https://reviews.llvm.org/D123428#3444134>, @rprichard wrote:

>> ... that's still subject to time-of-check-to-time-of-use issues
> Using /proc/self/maps would be subject to TOCTOU, but I think most methods wouldn't, e.g.:
> - Open /proc/self/mem and pread() the address. This seems strictly better than /proc/self/maps?
> - Create a pipe using pipe(), write() the bytes into the pipe buffer and read() them back out. I believe a Linux pipe buffer is guaranteed to be big enough (>= 8 bytes).
> - process_vm_readv
> I wonder if security configurations are a problem. Maybe I should experiment on an Android build.

With all those methods, there's still the chance (however unlikely) that the address is readable at the time of the check but somehow becomes unreadable by the time we perform the actual read, right? I doubt it matters much in practice though.

For the pipe, since we'll be checking for validity multiple times, I imagine we'll need to empty out the buffer at some point. libunwind seems to use `mincore` if available and the pipe as a fallback, but I'm not really understanding how `mincore` would work here, since a page could be readable even though it's not currently resident.

  rG LLVM Github Monorepo



More information about the libcxx-commits mailing list