Re: head -r320521 (e.g.): another powerpc64 problem: programs using fgets crash trying to store address over code instead of into __cleanup_info__
On 2017-Jul-1, at 8:40 PM, Konstantin Belousov wrote: > On Sat, Jul 01, 2017 at 07:42:11PM -0700, Mark Millard wrote: >> powerpc64 is having programs crash with an attempt >> to store addresses over code instead of into >> __cleanup_info__ when fgets is used. ntpd is an >> example. As is sshd (although I've looked at >> its details less). > > Yes, I think you are right. I also see how this worked on amd64, > where I tested the change. > > Try this. > > diff --git a/lib/libc/gen/_pthread_stubs.c b/lib/libc/gen/_pthread_stubs.c > index 18a23216d50..fcf7ff04fed 100644 > --- a/lib/libc/gen/_pthread_stubs.c > +++ b/lib/libc/gen/_pthread_stubs.c > @@ -279,10 +279,11 @@ STUB_FUNC2(pthread_kill, PJT_KILL, int, void *, int) > STUB_FUNC2(pthread_setcancelstate, PJT_SETCANCELSTATE, int, int, void *) > STUB_FUNC2(pthread_setcanceltype, PJT_SETCANCELTYPE, int, int, void *) > STUB_FUNC(pthread_testcancel, PJT_TESTCANCEL, void) > -STUB_FUNC1(__pthread_cleanup_pop_imp, PJT_CLEANUP_POP_IMP, int, int) > -STUB_FUNC2(__pthread_cleanup_push_imp, PJT_CLEANUP_PUSH_IMP, void, void*, > void *); > -STUB_FUNC1(_pthread_cancel_enter, PJT_CANCEL_ENTER, int, int) > -STUB_FUNC1(_pthread_cancel_leave, PJT_CANCEL_LEAVE, int, int) > +STUB_FUNC1(__pthread_cleanup_pop_imp, PJT_CLEANUP_POP_IMP, void, int) > +STUB_FUNC3(__pthread_cleanup_push_imp, PJT_CLEANUP_PUSH_IMP, void, void *, > +void *, void *); > +STUB_FUNC1(_pthread_cancel_enter, PJT_CANCEL_ENTER, void, int) > +STUB_FUNC1(_pthread_cancel_leave, PJT_CANCEL_LEAVE, void, int) > > static int > stub_zero(void) That fixed the issue for my powerpc64 context. For examples: sshd and ntpd are running. I'll go rebuild the rest of my contexts now. Thanks! === Mark Millard markmi at dsl-only.net ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: head -r320521 (e.g.): another powerpc64 problem: programs using fgets crash trying to store address over code instead of into __cleanup_info__
On Sat, Jul 01, 2017 at 07:42:11PM -0700, Mark Millard wrote: > powerpc64 is having programs crash with an attempt > to store addresses over code instead of into > __cleanup_info__ when fgets is used. ntpd is an > example. As is sshd (although I've looked at > its details less). Yes, I think you are right. I also see how this worked on amd64, where I tested the change. Try this. diff --git a/lib/libc/gen/_pthread_stubs.c b/lib/libc/gen/_pthread_stubs.c index 18a23216d50..fcf7ff04fed 100644 --- a/lib/libc/gen/_pthread_stubs.c +++ b/lib/libc/gen/_pthread_stubs.c @@ -279,10 +279,11 @@ STUB_FUNC2(pthread_kill, PJT_KILL, int, void *, int) STUB_FUNC2(pthread_setcancelstate, PJT_SETCANCELSTATE, int, int, void *) STUB_FUNC2(pthread_setcanceltype, PJT_SETCANCELTYPE, int, int, void *) STUB_FUNC(pthread_testcancel, PJT_TESTCANCEL, void) -STUB_FUNC1(__pthread_cleanup_pop_imp, PJT_CLEANUP_POP_IMP, int, int) -STUB_FUNC2(__pthread_cleanup_push_imp, PJT_CLEANUP_PUSH_IMP, void, void*, void *); -STUB_FUNC1(_pthread_cancel_enter, PJT_CANCEL_ENTER, int, int) -STUB_FUNC1(_pthread_cancel_leave, PJT_CANCEL_LEAVE, int, int) +STUB_FUNC1(__pthread_cleanup_pop_imp, PJT_CLEANUP_POP_IMP, void, int) +STUB_FUNC3(__pthread_cleanup_push_imp, PJT_CLEANUP_PUSH_IMP, void, void *, +void *, void *); +STUB_FUNC1(_pthread_cancel_enter, PJT_CANCEL_ENTER, void, int) +STUB_FUNC1(_pthread_cancel_leave, PJT_CANCEL_LEAVE, void, int) static int stub_zero(void) ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: head -r320521 (e.g.): another powerpc64 problem: programs using fgets crash trying to store address over code instead of into __cleanup_info__
[I've now got a route to get information from the old PowerMac so-called "Quad Core" despite sshd being broken. So I add gdb output material as evidence to go with the more source code level analysis from before.] On 2017-Jul-1, at 7:42 PM, Mark Millard wrote: > [Note: this is from a amd64 -> powerpc64 cross-build based > on system clang 4 instead of gcc 4.2.1. I'm building a > gcc 4.2.1 based system currently so that I can test > a more standard configuration. But I'm one of the ones > that experiments with finding things to report for > clang targeting powerpc64 and powerpc.] > > powerpc64 is having programs crash with an attempt > to store addresses over code instead of into > __cleanup_info__ when fgets is used. ntpd is an > example. As is sshd (although I've looked at > its details less). > > Building up the context for this claim. . . > > public declaration: > > struct _pthread_cleanup_info { >__uintptr_t pthread_cleanup_pad[8]; > }; > > private declaration: > > struct pthread_cleanup { >struct pthread_cleanup *prev; >void(*routine)(void *); >void*routine_arg; >int onheap; > }; > > ntpd and sshd die with segmentation faults in: > > void > __pthread_cleanup_push_imp(void (*routine)(void *), void *arg, >struct _pthread_cleanup_info *info) > { >struct pthread *curthread = _get_curthread(); >struct pthread_cleanup *newbuf; > >newbuf = (void *)info; >newbuf->routine = routine; >newbuf->routine_arg = arg; >newbuf->onheap = 0; >newbuf->prev = curthread->cleanup; >curthread->cleanup = newbuf; > } > > at the statement: newbuf->routine = routine; > > But it turns out that the bt is like: > > __pthread_cleanup_push_imp(routine=0x507b1248 <__stdio_cancel_cleanup>, > arg=0x0, info=0x509eaaf4) > __pthread_cleanup_push_imp_int(p0=0x507b1248,p1=0x0) > fgets (buf=0x51415000 "", n=511, fp=0x507d4c40) > . . . > > Note the 2 arguments to __pthread_cleanup_push_imp_int when called > from fgets but the 3 arguemnts to __pthread_cleanup_push_imp . . . > > fgets uses FLOCK_CANCELSAFE(fp) : > > #define FLOCKFILE_CANCELSAFE(fp)\ >{ \ >struct _pthread_cleanup_info __cleanup_info__; \ >if (__isthreaded) { \ >_FLOCKFILE(fp); \ >___pthread_cleanup_push_imp(\ >__stdio_cancel_cleanup, (fp), \ >&__cleanup_info__); \ >} else {\ >___pthread_cleanup_push_imp(\ >__stdio_cancel_cleanup, NULL, \ >&__cleanup_info__); \ >} \ >{ > #define FUNLOCKFILE_CANCELSAFE()\ >(void)0;\ >} \ >___pthread_cleanup_pop_imp(1); \ >} > > where here the NULL case is in use. 3 arguments. > > But: > > STUB_FUNC2(__pthread_cleanup_push_imp, PJT_CLEANUP_PUSH_IMP, void, void*, > void *); > > which is use of: > > #define STUB_FUNC2(name, idx, ret, p0_type, p1_type)\ >static ret FUNC_EXP(name)(p0_type, p1_type) __used; \ >static ret FUNC_INT(name)(p0_type, p1_type) __used; \ >WEAK_REF(FUNC_EXP(name), name); \ >WEAK_REF(FUNC_INT(name), __CONCAT(_, name));\ >typedef ret (*FUNC_TYPE(name))(p0_type, p1_type); \ >static ret FUNC_EXP(name)(p0_type p0, p1_type p1) \ >{ \ >FUNC_TYPE(name) func; \ >func = (FUNC_TYPE(name))__thr_jtable[idx][0]; \ >return (func(p0, p1)); \ >} \ >static ret FUNC_INT(name)(p0_type p0, p1_type p1) \ >{ \ >FUNC_TYPE(name) func; \ >func = (FUNC_TYPE(name))__thr_jtable[idx][1]; \ >return (func(p0, p1)); \ >} > > so only 2 arguments to func (i.e., __pthread_cleanup_push_imp > here). > > Compared to: > >___pthread_cleanup_push_imp(