[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SIGBUS in elfutils



Short version: likely looks like a bug in the *.c code, should use memcpy() instead of type-punning when the alignment is unknown.

Long version:
The 'ldd' instruction is load double word, i.e. load 64-bit value. 0xf7d182fc is 4-byte aligned, but not 8-byte aligned, so 'ldd' faults and raises SIGBUS. The part where the value is stored in "*dst" isn't even reached (it is the 'std' after it), so whether "dst" is aligned or not is not in question here.

It's suspicious to cast from some type to `GElf_auxv_t*` (64-bit type) and then dereference it:

 *dst = ((GElf_auxv_t *) data_scn->d.d_buf)[ndx];

If d.d_buf[] is not 8-byte aligned (which it may not be unless is an address returned from malloc() or a points to a naturally 8-byte aligned type allocated on stack -- i.e. char[] is NOT sufficient), then this should be done with memcpy() instead.




On Sat, Aug 24, 2013 at 5:44 PM, Kurt Roeckx <kurt@roeckx.be> wrote:
Hi,

I'm seeing a SIGBUS in elfutils, and I'm not sure why I'm getting
this.
LD_LIBRARY_PATH=libdw:libelf:backends/ gdb ./src/readelf
[...]
(gdb) set args -n tests/testfile67
(gdb) run
Starting program: /home/kroeckx/elfutils-0.156/src/readelf -n tests/testfile67

Note segment of 1044 bytes at offset 0xe8:
  Owner          Data size  Type
  CORE                 336  PRSTATUS
    info.si_signo: 4, info.si_code: 0, info.si_errno: 0, cursig: 4
    sigpend: <>
    sighold: <>
    pid: 805, ppid: 804, pgrp: 804, sid: 699
    utime: 0.000042, stime: 0.000103, cutime: 0.000000, cstime: 0.000000
    orig_r2: 2571552016, fpvalid: 1
    pswm:   0x0705c00180000000  pswa:   0x00000000800000d6
    r0:         4393751543808  r1:         4398002544388
    r2:                    11  r3:            2571578208
    r4:            2571702016  r5:         4398003235624
    r6:            2571580768  r7:            2571702016
    r8:            2571578208  r9:            2571552016
    r10:           2571552016  r11:                    0
    r12:        4398003499008  r13:           2148274656
    r14:                    0  r15:        4398040761216
    a0:   0x000003ff  a1:   0xfd54a6f0  a2:   0x00000000  a3:   0x00000000
    a4:   0x00000000  a5:   0x00000000  a6:   0x00000000  a7:   0x00000000
    a8:   0x00000000  a9:   0x00000000  a10:  0x00000000  a11:  0x00000000
    a12:  0x00000000  a13:  0x00000000  a14:  0x00000000  a15:  0x00000000
  CORE                 136  PRPSINFO
    state: 0, sname: R, zomb: 0, nice: 0, flag: 0x0000000000400400
    uid: 0, gid: 0, pid: 805, ppid: 804, pgrp: 804, sid: 699
    fname: 1, psargs: ./1
  CORE                 304  AUXV

Program received signal SIGBUS, Bus error.
0xf7f673f4 in gelf_getauxv (data="" ndx=ndx@entry=0, dst=dst@entry=0xffffd070) at gelf_getauxv.c:100
100           *dst = ((GElf_auxv_t *) data_scn->d.d_buf)[ndx];
(gdb) p ((GElf_auxv_t *) data_scn->d.d_buf)
$1 = (GElf_auxv_t *) 0xf7d182fc
(gdb) disass
Dump of assembler code for function gelf_getauxv:
   0xf7f673a0 <+0>:     save  %sp, -96, %sp
   0xf7f673a4 <+4>:     mov  %i0, %g1
   0xf7f673a8 <+8>:     cmp  %g1, 0
   0xf7f673ac <+12>:    be,pn   %icc, 0xf7f6744c <gelf_getauxv+172>
   0xf7f673b0 <+16>:    clr  %i0
   0xf7f673b4 <+20>:    ld  [ %g1 + 4 ], %g2
   0xf7f673b8 <+24>:    cmp  %g2, 0x18
   0xf7f673bc <+28>:    bne,pn   %icc, 0xf7f67444 <gelf_getauxv+164>
   0xf7f673c0 <+32>:    inc  %i1
   0xf7f673c4 <+36>:    ld  [ %g1 + 0x20 ], %g2
   0xf7f673c8 <+40>:    ld  [ %g2 + 0x6c ], %g2
   0xf7f673cc <+44>:    ld  [ %g2 + 0x14 ], %g2
   0xf7f673d0 <+48>:    cmp  %g2, 1
   0xf7f673d4 <+52>:    be,pn   %icc, 0xf7f6740c <gelf_getauxv+108>
   0xf7f673d8 <+56>:    ld  [ %g1 + 0xc ], %g2
   0xf7f673dc <+60>:    sll  %i1, 4, %i1
   0xf7f673e0 <+64>:    cmp  %i1, %g2
   0xf7f673e4 <+68>:    bgu,pn   %icc, 0xf7f67458 <gelf_getauxv+184>
   0xf7f673e8 <+72>:    mov  0x15, %o0
   0xf7f673ec <+76>:    ld  [ %g1 ], %g1
   0xf7f673f0 <+80>:    add  %g1, %i1, %i1
=> 0xf7f673f4 <+84>:    ldd  [ %i1 + -16 ], %g2
   0xf7f673f8 <+88>:    std  %g2, [ %i2 ]
   0xf7f673fc <+92>:    ldd  [ %i1 + -8 ], %g2
   0xf7f67400 <+96>:    std  %g2, [ %i2 + 8 ]
   0xf7f67404 <+100>:   rett  %i7 + 8
   0xf7f67408 <+104>:   mov  %o2, %o0
   0xf7f6740c <+108>:   sll  %i1, 3, %i1
   0xf7f67410 <+112>:   cmp  %i1, %g2
   0xf7f67414 <+116>:   bgu,pn   %icc, 0xf7f67454 <gelf_getauxv+180>
   0xf7f67418 <+120>:   add  %i1, -8, %i1
   0xf7f6741c <+124>:   ld  [ %g1 ], %g1
   0xf7f67420 <+128>:   ld  [ %g1 + %i1 ], %g2
   0xf7f67424 <+132>:   add  %g1, %i1, %i1
   0xf7f67428 <+136>:   clr  [ %i2 ]
   0xf7f6742c <+140>:   st  %g2, [ %i2 + 4 ]
   0xf7f67430 <+144>:   ld  [ %i1 + 4 ], %g1
   0xf7f67434 <+148>:   clr  [ %i2 + 8 ]
   0xf7f67438 <+152>:   st  %g1, [ %i2 + 0xc ]
   0xf7f6743c <+156>:   rett  %i7 + 8
   0xf7f67440 <+160>:   mov  %o2, %o0
   0xf7f67444 <+164>:   call  0xf7f56940 <__libelf_seterrno>
   0xf7f67448 <+168>:   mov  4, %o0
   0xf7f6744c <+172>:   rett  %i7 + 8
   0xf7f67450 <+176>:   nop
   0xf7f67454 <+180>:   mov  0x15, %o0  ! 0x15
   0xf7f67458 <+184>:   call  0xf7f56940 <__libelf_seterrno>
   0xf7f6745c <+188>:   clr  %i0
   0xf7f67460 <+192>:   rett  %i7 + 8
   0xf7f67464 <+196>:   nop
End of assembler dump.
(gdb) info reg
g0             0x0      0
g1             0xf7d182fc       -137264388
g2             0x130    304
g3             0x3dfd9c 4062620
g4             0xf871cd58       -126759592
g5             0x8      8
g6             0x5554494c       1431587148
g7             0xf7ff26d0       -134273328
o0             0x15     21
o1             0x354    852
o2             0x111f8  70136
o3             0x0      0
o4             0xf7ffbcc0       -134234944
o5             0x4a644  304708
sp             0xffffcf38       0xffffcf38
o7             0xf7fe1e0c       -134341108
l0             0x0      0
l1             0x2fc    764
l2             0xffffcf28       -12504
l3             0xf7f109f8       -135198216
l4             0x0      0
l5             0xf7ffbf40       -134234304
l6             0x0      0
l7             0xf7f7c000       -134758400
i0             0x0      0
i1             0xf7d1830c       -137264372
i2             0xffffd070       -12176
i3             0x1      1
i4             0x18     24
i5             0x4c068  311400
fp             0xffffcf98       0xffffcf98
i7             0x28474  164980
y              0x0      0
psr            0xff990082       [ #1 S #16 #19 #20 #23 #24 #25 #26 #27 #28 #29 #30 #31 ]
wim            *value not available*
tbr            *value not available*
pc             0xf7f673f4       0xf7f673f4 <gelf_getauxv+84>
npc            0xf7f673f8       0xf7f673f8 <gelf_getauxv+88>
fsr            0x0      [ ]
csr            *value not available*
(gdb) bt
#0  0xf7f673f4 in gelf_getauxv (data="" ndx=ndx@entry=0, dst=dst@entry=0xffffd070) at gelf_getauxv.c:100
#1  0x0002847c in handle_auxv_note (desc_pos=<optimized out>, descsz=<optimized out>, core=<optimized out>, ebl=0x4c298) at readelf.c:8613
#2  handle_notes_data (ebl=ebl@entry=0x4c298, start=<optimized out>, data="" out>, ehdr=<optimized out>) at readelf.c:8743
#3  0x000298ec in handle_notes (ehdr=0xffffd3b8, ebl=0x4c298) at readelf.c:8812
#4  process_elf_file (dwflmod=<optimized out>, fd=<optimized out>) at readelf.c:884
#5  0x0002b9a0 in process_dwflmod (dwflmod=<optimized out>, userdata=0x4c158, name=0x4c268 "tests/testfile67", base=2147483648, arg=0xffffd5b0) at readelf.c:690
#6  0xf7fa075c in dwfl_getmodules (dwfl=dwfl@entry=0x4c018, callback=callback@entry=0x2b940 <process_dwflmod>, arg=arg@entry=0xffffd5b0, offset=offset@entry=0) at dwfl_getmodules.c:82
#7  0x00017788 in process_file (fd=7, fname=0xffffd8a1 "tests/testfile67", at readelf.c:775
#8  0x00012818 in main (argc=3, argv=0xffffd764) at readelf.c:295

dst is a stack allocated GElf_auxv_t.  I can't see anything obvious
wrong with the code, and it works on all other arches.

Is there some requirement from alligned access?


Kurt


--
To UNSUBSCRIBE, email to debian-sparc-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20130824224459.GB11432@roeckx.be" target="_blank">http://lists.debian.org/20130824224459.GB11432@roeckx.be



Reply to: