| |
@@ -0,0 +1,87 @@
|
| |
+ commit 0ce31d340b264a550a3c574e1d6913f4affd4669
|
| |
+ Author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
|
| |
+ Date: Tue Oct 9 08:21:17 2018 -0700
|
| |
+
|
| |
+ bpo-32962: Fix test_gdb failure in debug build with -mcet -fcf-protection -O0 (GH-9656)
|
| |
+
|
| |
+
|
| |
+ When Python is built with the intel control-flow protection flags,
|
| |
+ -mcet -fcf-protection, gdb is not able to read the stack without
|
| |
+ actually jumping inside the function. This means an extra
|
| |
+ 'next' command is required to make the $pc (program counter)
|
| |
+ enter the function and make the stack of the function exposed to gdb.
|
| |
+
|
| |
+ Co-Authored-By: Marcel Plch <gmarcel.plch@gmail.com>
|
| |
+
|
| |
+ (cherry picked from commit 9b7c74ca32d1bec7128d550a9ab1b2ddc7046287)
|
| |
+ (cherry picked from commit 79d21331e605fdc941f947621846b8563485aab6)
|
| |
+
|
| |
+ Co-authored-by: Victor Stinner <vstinner@redhat.com>
|
| |
+
|
| |
+ diff --git a/Lib/test/test_gdb.py b/Lib/test/test_gdb.py
|
| |
+ index 93a2c7dd57..0f950b2325 100644
|
| |
+ --- a/Lib/test/test_gdb.py
|
| |
+ +++ b/Lib/test/test_gdb.py
|
| |
+ @@ -54,6 +54,23 @@ checkout_hook_path = os.path.join(os.path.dirname(sys.executable),
|
| |
+
|
| |
+ PYTHONHASHSEED = '123'
|
| |
+
|
| |
+ +
|
| |
+ +def cet_protection():
|
| |
+ + cflags = sysconfig.get_config_var('CFLAGS')
|
| |
+ + if not cflags:
|
| |
+ + return False
|
| |
+ + flags = cflags.split()
|
| |
+ + # True if "-mcet -fcf-protection" options are found, but false
|
| |
+ + # if "-fcf-protection=none" or "-fcf-protection=return" is found.
|
| |
+ + return (('-mcet' in flags)
|
| |
+ + and any((flag.startswith('-fcf-protection')
|
| |
+ + and not flag.endswith(("=none", "=return")))
|
| |
+ + for flag in flags))
|
| |
+ +
|
| |
+ +# Control-flow enforcement technology
|
| |
+ +CET_PROTECTION = cet_protection()
|
| |
+ +
|
| |
+ +
|
| |
+ def run_gdb(*args, **env_vars):
|
| |
+ """Runs gdb in --batch mode with the additional arguments given by *args.
|
| |
+
|
| |
+ @@ -162,6 +179,12 @@ class DebuggerTests(unittest.TestCase):
|
| |
+ commands += ['set print entry-values no']
|
| |
+
|
| |
+ if cmds_after_breakpoint:
|
| |
+ + if CET_PROTECTION:
|
| |
+ + # bpo-32962: When Python is compiled with -mcet
|
| |
+ + # -fcf-protection, function arguments are unusable before
|
| |
+ + # running the first instruction of the function entry point.
|
| |
+ + # The 'next' command makes the required first step.
|
| |
+ + commands += ['next']
|
| |
+ commands += cmds_after_breakpoint
|
| |
+ else:
|
| |
+ commands += ['backtrace']
|
| |
+ @@ -869,9 +892,17 @@ id(42)
|
| |
+ id("first break point")
|
| |
+ l = MyList()
|
| |
+ ''')
|
| |
+ + cmds_after_breakpoint = ['break wrapper_call', 'continue']
|
| |
+ + if CET_PROTECTION:
|
| |
+ + # bpo-32962: same case as in get_stack_trace():
|
| |
+ + # we need an additional 'next' command in order to read
|
| |
+ + # arguments of the innermost function of the call stack.
|
| |
+ + cmds_after_breakpoint.append('next')
|
| |
+ + cmds_after_breakpoint.append('py-bt')
|
| |
+ +
|
| |
+ # Verify with "py-bt":
|
| |
+ gdb_output = self.get_stack_trace(cmd,
|
| |
+ - cmds_after_breakpoint=['break wrapper_call', 'continue', 'py-bt'])
|
| |
+ + cmds_after_breakpoint=cmds_after_breakpoint)
|
| |
+ self.assertRegex(gdb_output,
|
| |
+ r"<method-wrapper u?'__init__' of MyList object at ")
|
| |
+
|
| |
+ diff --git a/Misc/NEWS.d/next/Tests/2018-05-10-16-59-15.bpo-32962.S-rcIN.rst b/Misc/NEWS.d/next/Tests/2018-05-10-16-59-15.bpo-32962.S-rcIN.rst
|
| |
+ new file mode 100644
|
| |
+ index 0000000000..97328ebafe
|
| |
+ --- /dev/null
|
| |
+ +++ b/Misc/NEWS.d/next/Tests/2018-05-10-16-59-15.bpo-32962.S-rcIN.rst
|
| |
+ @@ -0,0 +1 @@
|
| |
+ +Fixed test_gdb when Python is compiled with flags -mcet -fcf-protection -O0.
|
| |
Patch 309 is for CVE-2018-1000802. See https://fedoraproject.org/wiki/SIGs/Python/PythonPatches