Summary: | Using _syscall6 from include/asm/unistd.h segfaults with -fPIC | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Peter Beutner <imago> |
Component: | [OLD] Core system | Assignee: | Tim Yamin (RETIRED) <plasmaroo> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | kernel, kevquinn, kumba, solar, vapier |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
testcase
fix for syscall6 with PIC reworked patch for unistd.h resolving syscall6 bug |
Description
Peter Beutner
2005-07-28 19:16:43 UTC
Created attachment 64586 [details, diff]
testcase
hmm looking at the assembler output its quite obvious that it couldnt work: futex: pushl %ebp movl %esp, %ebp pushl %edi pushl %esi pushl %ebx subl $12, %esp call __i686.get_pc_thunk.bx addl $_GLOBAL_OFFSET_TABLE_, %ebx movl 12(%ebp), %ecx // get param #2 movl 16(%ebp), %edx // get param #3 movl 20(%ebp), %esi // get param #4 movl 24(%ebp), %edi // get param #5 movl 28(%ebp), %eax // get param #6 #APP pushl %ebp // save ebp movl %eax,%ebp // put param #6 in ebp !!!! movl $240,%eax // syscall number pushl %ebx // save GOT movl 8(%ebp),%ebx // get param #2 <--- segfault int $0x80 popl %ebx popl %ebp it segfaults when trying to get param #2 because ebp was just overwritten 3 instructions above. i attach a patch for the unistd.h file Created attachment 64587 [details, diff]
fix for syscall6 with PIC
> pushl %ebx // save GOT
> movl 8(%ebp),%ebx // get param #2 <---segfault
^^^^^^^^^^
that's param #1 of course
Note: This is for linux-headers-2.4.22 presumably, the 2.6 headers don't have this code. solar, you added the patch, can you have a look at this please? Lets reassign this to kevin quinn who provided the initial patch Ahh; took me a few minutes to get what's happening, but Peter is right, and the patch is indeed broken on both the 2.4 and 2.6 headers. Good catch, Peter. When the compiler inserts the asm code, '%2' gets replaced with whatever the calling code has as a reference for the parameter; if this happens to be an offset from %%ebp (e.g. local data or parameter of the function that invokes the macro) then since ebp has been modified by its use to store %%eax, it all goes pear-shaped. It's only syscall6 that's affected, because it's the only one that save/restores ebp (something the original code did). I'll rework the unistd patch as Peter suggested and submit to this bug in a short while. Created attachment 64718 [details, diff]
reworked patch for unistd.h resolving syscall6 bug
This was made against 2.6.11 - it applies against 2.4.22 with a bit of offset &
fuzz. It's a replacement for the old patch, rather than a patch on the patch
(!).
Tim, if you want me to make the patch up another way, let me know (I notice on
2.6 it's merged into 2.6.11-appCompat.patch in the gentoo-headers-2.6.11-4
tarball).
is there still anything missing and preventing the patch from being applied? My guess is kevin is waiting for feedback from you on how well the patch is working out. Maybe I should have re-assigned this a while ago. Tim, as far as I'm concerned this should go in, both to 2.4 and 2.6 kernel headers. If you want me to work anything up for you, let me know - but it's probably easiest to apply the change in Peter's patch to your existing patchsets - move: + "movl %%eax,%%ebp\n\t" \ + "movl %1,%%eax\n\t" \ down a couple of lines so that they're immediately prior to: + "int $0x80\n\t" \ in the syscall6 patch. I think spanky may of gotten this one fixed up today. (or said he would) added the first patch to cvs as obvious Fixed in 2.6.11-r3, thanks! |