public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed
From: "boudewijn83 at gmail dot com" <sourceware-bugzilla@sourceware.org>
To: gdb-prs@sourceware.org
Subject: [Bug breakpoints/31481] New: Certain instructions load the wrong RIP-relative memory after setting a breakpoint
Date: Thu, 14 Mar 2024 01:55:14 +0000 [thread overview]
Message-ID: <bug-31481-4717@http.sourceware.org/bugzilla/> (raw)
https://sourceware.org/bugzilla/show_bug.cgi?id=31481
Bug ID: 31481
Summary: Certain instructions load the wrong RIP-relative
memory after setting a breakpoint
Product: gdb
Version: HEAD
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: breakpoints
Assignee: unassigned at sourceware dot org
Reporter: boudewijn83 at gmail dot com
Target Milestone: ---
On Linux, x86-64, using any gdb version from:
7.10.50.20150930 (commit 398e081380a204e3b9fb4eb4da069ccf471f930e)
Up to and including:
HEAD
When you set a breakpoint at certain instructions that load RIP-relative
memory, run the program up to this breakpoint, then continue execution (or
single-step through), they will load the wrong memory.
Here's a minimal reproducible example:
.globl _start
.data
.align 32
unused1: .quad 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF
number: .quad 0x1122334455667788, 0xAABBCCDDEEDDCCBB
unused2: .quad 0xEEEEEEEEEEEEEEEE, 0xEEEEEEEEEEEEEEEE
.text
_start:
vmovq number(%rip), %xmm1
vpextrq $0, %xmm1, %rdi
mov $60, %eax
syscall
Assemble, link, and run in strace:
$ as -o test.o test.s && ld ./test.o && strace -e x=exit ./a.out
Output is, as expected:
exit(0x1122334455667788)
Now in gdb:
$ gdb -ex "b _start" -ex "r" -ex "stepi 2" -ex "print/x \$rdi" ./a.out
$1 = 0xccbb112233445566
Note how it somehow loaded 2 bytes from the second quad at "number".
Some instructions I found affected are:
vmovq number(%rip), %xmm1
vmovdqu number(%rip), %ymm1
vpaddq number(%rip), %ymm1, %ymm1
vpxor number(%rip), %ymm1, %ymm1
vpbroadcastd number(%rip), %ymm1
vpbroadcastq number(%rip), %ymm1
Some instructions NOT affected are:
movq number(%rip), %xmm1
movdqu number(%rip), %xmm1
vpaddd number(%rip), %ymm1, %ymm1
vpblendd $0xFF, number(%rip), %ymm1, %ymm1
vpermq $0x00, number(%rip), %ymm1
The regression seems to have occurred at the commit above, before that commit
everything works as expected.
--
You are receiving this mail because:
You are on the CC list for the bug.
next reply other threads:[~2024-03-14 1:55 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-14 1:55 boudewijn83 at gmail dot com [this message]
2024-03-14 13:01 ` [Bug breakpoints/31481] " tromey at sourceware dot org
2024-03-14 16:35 ` boudewijn83 at gmail dot com
2024-03-14 20:29 ` tromey at sourceware dot org
2024-03-14 22:43 ` sam at gentoo dot org
2024-03-16 11:54 ` boudewijn83 at gmail dot com
2024-03-16 17:39 ` tromey at sourceware dot org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-31481-4717@http.sourceware.org/bugzilla/ \
--to=sourceware-bugzilla@sourceware.org \
--cc=gdb-prs@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).