code review 83270049: runtime: test malformed address fault and fix on OS X

runtime: test malformed address fault and fix on OS X

The garbage collector poison pointers
(0x6969696969696969 and 0x6868686868686868)
are malformed addresses on amd64.
That is, they are not 48-bit addresses sign extended
to 64 bits. This causes a different kind of hardware fault
than the usual 'unmapped page' when accessing such
an address, and OS X 10.9.2 sends the resulting SIGSEGV
incorrectly, making it look like it was user-generated
rather than kernel-generated and does not include the
faulting address. This means that in GODEBUG=gcdead=1
mode, if there is a bug and something tries to dereference
a poisoned pointer, the runtime delivers the SIGSEGV to
os/signal and returns to the faulting code, which faults
again, causing the process to hang instead of crashing.

Fix by rewriting "user-generated" SIGSEGV on OS X to
look like a kernel-generated SIGSEGV with fault address
0xb01dfacedebac1e.

I chose that address because (1) when printed in hex
during a crash, it is obviously spelling out English text,
(2) there are no current Google hits for that pointer,
which will make its origin easy to find once this CL
is indexed, and (3) it is not an altogether inaccurate
description of the situation.

Add a test. Maybe other systems will break too.

[rsc, 2014-04-03 01:11:03]

Hello golang-codereviews@googlegroups.com (cc: iant, ken2, khr),

I'd like you to review this change to
https://code.google.com/p/go/

[khr, 2014-04-03 20:51:15]

LGTM

https://codereview.appspot.com/83270049/diff/20001/src/pkg/runtime/signal_amd...
File src/pkg/runtime/signal_amd64x.c (right):

https://codereview.appspot.com/83270049/diff/20001/src/pkg/runtime/signal_amd...
src/pkg/runtime/signal_amd64x.c:71: SIG_CODE0(info, ctxt) = SI_USER+1;
What is SI_USER+1?

[rsc, 2014-04-03 22:59:53]

https://codereview.appspot.com/83270049/diff/20001/src/pkg/runtime/signal_amd...
File src/pkg/runtime/signal_amd64x.c (right):

https://codereview.appspot.com/83270049/diff/20001/src/pkg/runtime/signal_amd...
src/pkg/runtime/signal_amd64x.c:71: SIG_CODE0(info, ctxt) = SI_USER+1;
On 2014/04/03 20:51:15, khr wrote:
> What is SI_USER+1?

It's something != SI_USER so that we end up on line 78 below after the test on
line 77.

[rsc, 2014-04-03 23:07:40]

*** Submitted as https://code.google.com/p/go/source/detail?r=30b0d31f548f ***

runtime: test malformed address fault and fix on OS X

The garbage collector poison pointers
(0x6969696969696969 and 0x6868686868686868)
are malformed addresses on amd64.
That is, they are not 48-bit addresses sign extended
to 64 bits. This causes a different kind of hardware fault
than the usual 'unmapped page' when accessing such
an address, and OS X 10.9.2 sends the resulting SIGSEGV
incorrectly, making it look like it was user-generated
rather than kernel-generated and does not include the
faulting address. This means that in GODEBUG=gcdead=1
mode, if there is a bug and something tries to dereference
a poisoned pointer, the runtime delivers the SIGSEGV to
os/signal and returns to the faulting code, which faults
again, causing the process to hang instead of crashing.

Fix by rewriting "user-generated" SIGSEGV on OS X to
look like a kernel-generated SIGSEGV with fault address
0xb01dfacedebac1e.

I chose that address because (1) when printed in hex
during a crash, it is obviously spelling out English text,
(2) there are no current Google hits for that pointer,
which will make its origin easy to find once this CL
is indexed, and (3) it is not an altogether inaccurate
description of the situation.

Add a test. Maybe other systems will break too.

LGTM=khr
R=golang-codereviews, khr
CC=golang-codereviews, iant, ken
https://codereview.appspot.com/83270049