Using TCP sockets is insecure against local attackers, and possibly against remote attackers too (some vulnerabilities may allow tricking a browser to make a request to localhost). Use socketpair (which is immune to such attacks) on all Unix platforms.
Details
Diff Detail
- Repository
- rL LLVM
Event Timeline
Looks fine to me, lets make sure Pavel is OK with this. On MacOS socketpair is also much faster. Please run the following command while stopped at a breakpoint with and without your change:
(lldb) process plugin packet speed-test
It will send and receive packets using a variety of sizes and report the number of packets per second.
Have you tried that this actually works? (It doesn't work for me)
As far as I can tell, you will have to teach lldb-server to understand the --fd argument before you can flip this switch.
Any news on any speed changes? Please post the output of:
(lldb) process plugin packet speed-test
Both without and with this change. Nice to track any perf improvements
This is completely wrong. The --pipe argument is used to write the port that lldb-server listens on. Making --fd an alias to that will not help.
Please make sure you test your change before submitting it for review. You should at least make sure you are able to debug a hello world program with your modifications.
I suggest you write an email to cfe-dev http://lists.llvm.org/mailman/listinfo/cfe-dev and ask for help (or just google around). It's kinda hard to develop a feature without even being able to build the code :)
I am not sure how you expect to submit any patches then. Patches must be tested prior to submission.
Please init fd
tools/lldb-server/lldb-gdbserver.cpp | ||
---|---|---|
388 ↗ | (On Diff #107806) | This must be initialized to -1 since only the 'F' case will store to this. Pretty much all of the time random memory would be used for this and incorrectly try to use a random integer as a file descriptor. |
Initalize connection_fd
Otherwise undefined behavior ensues whenever --fd is not passed to
lldb-server -g.
So where did the other changes go where we use "--fd" for non Apple builds? Did those changes get lost? They will be needed.
Are you able to run the test suite now?
I did. Not all tests passed, but none of the failures appeared to be related to this change, and the compiled lldb can debug /usr/bin/cat.
I am not able to test this right now. Eugene, can you take a look?
tools/lldb-server/lldb-gdbserver.cpp | ||
---|---|---|
241 ↗ | (On Diff #108214) | you should set the O_CLOEXEC flag on the file descriptor, to avoid leakage. |
LGTM. Test run on Linux is clear. I also see a bit of perf bump.
Before checking in please remove outdated comment from ProcessGDBRemote::LaunchAndConnectToDebugserver.
// Use a socketpair on Apple for now until other platforms can verify it // works and is fast enough
Pavel & Eugene haven't marked it accepted yet, but from the comments is looks like they are both okay with the change. So it looks to me like everything is done but checking the code in.
If you have checkin privileges, then just check it in and as Greg says keep an eye on the bots. If you don't then speak up and one of us will check it in for you.