Re: [PATCH v6 00/15] Handle variable XSAVE layouts

[John Baldwin <jhb@FreeBSD.org>]

On 7/25/23 10:17 AM, Keith Seitz wrote:
> Hi,
> 
> On 7/14/23 08:51, John Baldwin wrote:
>> Changes since V5:
>>
>> - A few fixes not tied to the new layout handling have been merged to
>>     master.
>>
>> - Reworded the comment describing i386_*_core_read_xsave_info in patches
>>     6 and 8.
>>
> 
> I am sorry I am late to the review here, but I've been testing Sapphire
> Rapids this past week (and its expanded register save area), and thought
> I would dig into this a bit, testing it on random x86 systems in our (internal)
> test farm.
>    
> The (unsurprising) good news is that on RHEL9, this series does not adversely
> affect regression testing results on ppc64le, aarch64, or s390x. It also
> greatly improves results on Sapphire Rapids CPUs (at least on the native
> unix target).
> 
> However, I've run into some pretty consistent problems which I have not yet begun to
> investigate (likely all the same bug).
> 
> With either a Raptor Lake CPU ("13th Gen Intel(R) Core(TM) i7-13700") or Sapphire
> Rapids ("Intel(R) Xeon(R) Gold 5418Y"), I can get gdb to consistently segfault in
> memcpy in several tests using gdbserver w/-m32:
> 
> $ make check RUNTESTFLAGS="--target_board native-gdbserver/-m32" TESTS=gdb.base/auxv.exp
> [snip]
> 		=== gdb Summary ===
> 
> # of expected passes		6
> # of unexpected failures	1
> # of unresolved testcases	5
> # of unsupported tests		3
> 
>   From gdb.log:
> 
> (gdb) PASS: gdb.base/auxv.exp: info auxv on live process
> gcore /root/test-fsf-master/gdb/build-x86_64-redhat-linux-gnu/gdb/testsuite/outputs/gdb.base/auxv/auxv.gcore
> 
> 
> Fatal signal: Segmentation fault
> ----- Backtrace -----
> 0x55ef54b9acda gdb_internal_backtrace_1
>           ../../gdb/bt-utils.c:122
> 0x55ef54b9acda _Z22gdb_internal_backtracev
>           ../../gdb/bt-utils.c:168
> 0x55ef54b9acda _Z22gdb_internal_backtracev
>           ../../gdb/bt-utils.c:154
> 0x55ef54cc086e handle_fatal_signal
>           ../../gdb/event-top.c:889
> 0x55ef54cc0a78 handle_sigsegv
>           ../../gdb/event-top.c:962
> 0x7fd237654dcf ???
> 0x55ef54d4e9bf memcpy
>           /usr/include/bits/string_fortified.h:29
> 0x55ef54d4e9bf _Z18i387_collect_xsavePK8regcacheiPvi
>           ../../gdb/i387-tdep.c:1543

Can you confirm where this is in your patched copy?  For me this line is here:

   if (gcore)
     {
       /* Clear XSAVE extended state.  */
       memset (regs, 0, tdep->xsave_layout.sizeof_xsave);

       /* Update XCR0 and `xstate_bv' with XCR0 for gcore.  */
       if (tdep->xsave_xcr0_offset != -1)
>>>	memcpy (regs + tdep->xsave_xcr0_offset, &tdep->xcr0, 8);
       memcpy (XSAVE_XSTATE_BV_ADDR (regs), &tdep->xcr0, 8);
     }

If you have a core handy, could you provide the output of 'p tdep->xsave_layout'
and 'p tdep->xsave_xcr0_offset'?

-- 
John Baldwin