Bug#544145: libc6-i686 - Segfaults on amd64/xen

To: Aurelien Jarno <aurelien@aurel32.net>
Cc: 544145@bugs.debian.org
Subject: Bug#544145: libc6-i686 - Segfaults on amd64/xen
From: Bastian Blank <waldi@debian.org>
Date: Sat, 29 Aug 2009 22:57:40 +0200
Message-id: <[🔎] 20090829205740.GA1485@wavehammer.waldi.eu.org>
Reply-to: Bastian Blank <waldi@debian.org>, 544145@bugs.debian.org
In-reply-to: <[🔎] 20090829093143.GA25306@wavehammer.waldi.eu.org>
References: <[🔎] 20090829071440.GA23356@wavehammer.waldi.eu.org> <[🔎] 20090829083324.GA30916@hall.aurel32.net> <[🔎] 20090829093143.GA25306@wavehammer.waldi.eu.org>

On Sat, Aug 29, 2009 at 11:31:43AM +0200, Bastian Blank wrote:
> Hmm, just below the dynlinker, we have the vdso.

vdso was the point. However I don't know what the real problem is. A
minimal failing program is:

| int main() {
|   unsigned int resultvar;
|   asm volatile (
|   "movl %1, %%eax\n\t"
|   "call *%%gs:0x10\n\t"
|   : "=a" (resultvar)
|   : "i" (0) : "memory", "cc");
| }

This just calls the syscall 0 through the vdso and on my system this
produces the following:

| (gdb) run
| Starting program: /test 
| 
| Program received signal SIGSEGV, Segmentation fault.
| 0xf7fdf42f in __kernel_vsyscall ()
| (gdb) bt
| #0  0xf7fdf42f in __kernel_vsyscall ()
| #1  0xf7fd6ff4 in ?? () from /lib/libc.so.6
| #2  0xf7eb07a5 in __libc_start_main (main=0x8048394 <main>, argc=1, ubp_av=0xffffd884, init=0x80483d0 <__libc_csu_init>, 
|     fini=0x80483c0 <__libc_csu_fini>, rtld_fini=0xf7fee6e0 <_dl_fini>, stack_end=0xffffd87c) at libc-start.c:222
| #3  0x08048301 in _start () at ../sysdeps/i386/elf/start.S:119
| (gdb) disassemble 
| Dump of assembler code for function __kernel_vsyscall:
| 0xf7fdf420 <__kernel_vsyscall+0>:       push   %ebp
| 0xf7fdf421 <__kernel_vsyscall+1>:       mov    %ecx,%ebp
| 0xf7fdf423 <__kernel_vsyscall+3>:       syscall 
| 0xf7fdf425 <__kernel_vsyscall+5>:       mov    $0x2b,%ecx
| 0xf7fdf42a <__kernel_vsyscall+10>:      mov    %ecx,%ss
| 0xf7fdf42c <__kernel_vsyscall+12>:      mov    %ebp,%ecx
| 0xf7fdf42e <__kernel_vsyscall+14>:      pop    %ebp
| 0xf7fdf42f <__kernel_vsyscall+15>:      ret    
| End of assembler dump.

>                                                  If I debug a binary
> without using the i686/cmov libs then I miss the symbols for the vdso
> so, it looks like they are never used.

This binaries don't use the vdso in the INLINE_SYSCALL macro.

A check in the Xen source show the following changeset, which is missing
in this hypervisor:

| user:        Keir Fraser <keir.fraser@citrix.com>
| date:        Fri Dec 05 15:21:59 2008 +0000
| files:       xen/arch/x86/x86_64/compat/entry.S
| description:
| x86/32on64: adjust address when converting syscall to fault
| 
| The faulting address is at the start of the syscall instruction rather
| than at the following one.

Looks like the problem is caught. Will check this tomorrow.

Bastian

-- 
Sometimes a feeling is all we humans have to go on.
		-- Kirk, "A Taste of Armageddon", stardate 3193.9

Reply to:

Follow-Ups:
- Bug#544145: libc6-i686 - Segfaults on amd64/xen
  - From: Bastian Blank <waldi@debian.org>

References:
- Bug#544145: libc6-i686 - Segfaults on amd64/xen
  - From: Bastian Blank <waldi@debian.org>
- Bug#544145: libc6-i686 - Segfaults on amd64/xen
  - From: Aurelien Jarno <aurelien@aurel32.net>
- Bug#544145: libc6-i686 - Segfaults on amd64/xen
  - From: Bastian Blank <waldi@debian.org>

Prev by Date: Processed: Re: Processed: eglibc: strftime %b option with 4 letters with hu_HU locales
Next by Date: Bug#544145: libc6-i686 - Segfaults on amd64/xen
Previous by thread: Bug#544145: libc6-i686 - Segfaults on amd64/xen
Next by thread: Bug#544145: libc6-i686 - Segfaults on amd64/xen
Index(es):
- Date
- Thread