Changeset 21662 for trunk/src/kernel32/exceptions.cpp

Timestamp:

Jul 5, 2011, 7:52:42 PM (14 years ago)

Author:

dmik

Message:

kernel32: SEH: Disabled unwinding Win32 exception handlers in response to the OS/2 unwind procedure to prevent endless recursive crashes inside OS2RtlUnwind() happening due to stack corruption under SMP kernel when too many threads are being unwound at once. Closes #37.

File:

• trunk/src/kernel32/exceptions.cpp (modified) (9 diffs)

trunk/src/kernel32/exceptions.cpp

@@ -462 +462 @@
 {
   PWINEXCEPTION_FRAME frame, prevFrame, dispatch;
-  WINEXCEPTION_RECORD record, newrec;
+  WINEXCEPTION_RECORD record; //, newrec;
   WINCONTEXT          context;
   DWORD               rc;
@@ -471 +471 @@
   if (!winteb)
   {
-      /* We're being called from __seh_handler called upon unwinding the OS/2
-       * exception chain after the Win32 TIB structure is destroyed. This for
-       * example happens when we terminate the thread or the process from within
-       * the __try block. Just ignore this call retur (note that the Win32
-       * exception chain should be already unwound by this moment). */
-      dprintf(("KERNEL32: RtlUnwind returning due to zero Win32 TEB.\n"));
+      dprintf(("KERNEL32: RtlUnwind TEB is NULL\n"));
+      DebugInt3();
       return 0;
   }
@@ -526 +522 @@
         if (pEndFrame && (frame > pEndFrame))
         {
+#if 0
+            // TODO
             newrec.ExceptionCode    = STATUS_INVALID_UNWIND_TARGET;
             newrec.ExceptionFlags   = EH_NONCONTINUABLE;
             newrec.ExceptionRecord  = pRecord;
             newrec.NumberParameters = 0;
+            RtlRaiseException(&newrec, NULL);
+#else
             dprintf(("KERNEL32: RtlUnwind terminating thread (invalid target).\n"));
             DosExit(EXIT_THREAD, 0);
+#endif
         }
         if (((void*)frame < winteb->stack_low) ||
@@ -537 +538 @@
             (int)frame & 3)
         {
+#if 0
+            // TODO
             newrec.ExceptionCode    = STATUS_BAD_STACK;
             newrec.ExceptionFlags   = EH_NONCONTINUABLE;
             newrec.ExceptionRecord  = pRecord;
             newrec.NumberParameters = 0;
+#else
             dprintf(("KERNEL32: RtlUnwind terminating thread (bad stack).\n"));
             DosExit(EXIT_THREAD, 0);
+#endif
         }
 
@@ -548 +553 @@
         dprintf(("KERNEL32: RtlUnwind - calling exception handler %08X", frame->Handler));
         if(frame->Handler) {
+            // ensure the Win32 FS (may be accessed directly in the handler)
+            DWORD oldsel = SetReturnFS(winteb->teb_sel);
             rc = EXC_CallHandler(pRecord, frame, &context, &dispatch, frame->Handler, EXC_UnwindHandler );
+            // restore FS
+            SetFS(oldsel);
         }
         else {
@@ -563 +572 @@
             break;
         default:
+#if 0
+            // TODO
             newrec.ExceptionCode    = STATUS_INVALID_DISPOSITION;
             newrec.ExceptionFlags   = EH_NONCONTINUABLE;
             newrec.ExceptionRecord  = pRecord;
             newrec.NumberParameters = 0;
-            dprintf(("KERNEL32: RtlUnwind terminating thread.\n"));
+#else
+            dprintf(("KERNEL32: RtlUnwind terminating thread (invalid disposition).\n"));
             DosExit(EXIT_THREAD, 0);
+#endif
             break;
         }
         dprintf(("KERNEL32: RtlUnwind (before)- frame=%08X, frame->Prev=%08X", frame, prevFrame));
-        SetExceptionChain((DWORD)prevFrame);
+        winteb->except = (void*)prevFrame;
         frame = prevFrame;
         dprintf(("KERNEL32: RtlUnwind (after) - frame=%08X, frame->Prev=%08X", frame,
@@ -1209 +1222 @@
 #endif
 
+// borrowed from ntddk.h
+extern "C"
+void WIN32API RtlUnwind(
+        LPVOID,
+        LPVOID,
+        LPVOID,DWORD);
+
 // Assembly wrapper for clearing the direction flag before calling our real
 // exception handler
@@ -1234 +1254 @@
 //        sprintfException(pERepRec, pERegRec, pCtxRec, p, szTrapDump);
 //    }
+
+    // We have to disable unwinding of the Win32 exception handlers because
+    // experiments have shown that when running under SMP kernel the stack
+    // becomes corrupt at the time when unwinding takes place: attempts to
+    // to follow the exception chain crash when accessing one of the the
+    // previous frame. Although it may seem that performing unwinding here
+    // (when we are definitely above any Win32 exception frames installed by
+    // the application so that the OS could theoretically already discard lower
+    // stack areas) is wrong, it's not the case of the crash. First, doing the
+    // very same thing from the SEH handler (see comments in sehutil.s), i.e.
+    // when the given Win32 stack frame (and all previous ones) is definitely
+    // alive, crahes due to the same stack corruption too. Second, when running
+    // under UNI kernel, BOTH approaches don't crash (i.e. the stack is fine).
+    // This looks like the SMP kernel doesn't manage the stack right during
+    // exception handling :( See also http://svn.netlabs.org/odin32/ticket/37.
+    //
+    // Note that disabling unwinding also breaks support for performing
+    // setjmp()/lonjmp() that crosses the bounds of the __try {} block.
+#if 0
+    if (pERepRec->fHandlerFlags & EH_UNWINDING)
+    {
+        // unwind the appropriate portion of the Win32 exception chain
+        if (pERepRec->fHandlerFlags & EH_EXIT_UNWIND)
+        {
+            dprintf(("KERNEL32: OS2ExceptionHandler: EH_EXIT_UNWIND, "
+                     "unwinding all the Win32 exception chain"));
+            RtlUnwind(NULL, 0, 0, 0);
+        }
+        else
+        {
+            dprintf(("KERNEL32: OS2ExceptionHandler: EH_UNWINDING, "
+                     "unwinding the Win32 exception chain up to 0x%p", pERegRec));
+
+            // find a Win32 exception frame closest to the OS/2 one (pERegRec)
+            // and unwind up to the previous one (to unwind the closest frame
+            // itself too as we are definitely jumping out of it)
+            TEB *winteb = GetThreadTEB();
+            PWINEXCEPTION_FRAME frame = (PWINEXCEPTION_FRAME)winteb->except;
+            while (frame != NULL && ((ULONG)frame)!= 0xFFFFFFFF &&
+                   ((ULONG)frame) <= ((ULONG)pERegRec))
+                frame = __seh_get_prev_frame(frame);
+            if (((ULONG)frame) == 0xFFFFFFFF)
+                frame = NULL;
+
+            RtlUnwind(frame, 0, 0, 0);
+        }
+        goto continuesearch;
+    }
+#endif
 
     /* Access violation at a known location */
@@ -1517 +1586 @@
             if(OSLibDispatchException(pERepRec, pERegRec, pCtxRec, p) == TRUE)
             {
+                dprintf(("KERNEL32: OS2ExceptionHandler: fix and continue\n"));
                 goto continueexecution;
             }
             else
             {
+                dprintf(("KERNEL32: OS2ExceptionHandler: continue search\n"));
                 goto continuesearch;
             }