From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 9193 invoked by alias); 16 Jul 2014 16:17:27 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Received: (qmail 9003 invoked by uid 48); 16 Jul 2014 16:17:17 -0000 From: "ubizjak at gmail dot com" To: glibc-bugs@sourceware.org Subject: [Bug nptl/17165] New: [alpha] Saved stack pointer is not mangled in unwind_stop jumpbuffer Date: Wed, 16 Jul 2014 16:17:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: nptl X-Bugzilla-Version: 2.17 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: ubizjak at gmail dot com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter cc Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-07/txt/msg00620.txt.bz2 https://sourceware.org/bugzilla/show_bug.cgi?id=3D17165 Bug ID: 17165 Summary: [alpha] Saved stack pointer is not mangled in unwind_stop jumpbuffer Product: glibc Version: 2.17 Status: NEW Severity: normal Priority: P2 Component: nptl Assignee: unassigned at sourceware dot org Reporter: ubizjak at gmail dot com CC: drepper.fsp at gmail dot com Following testcase: --cut here-- #include #include void* f(void*) { try { pthread_exit(0); } catch (__cxxabiv1::__forced_unwind const&) { __builtin_puts("unwind"); throw; } catch (...) { __builtin_puts("something else"); throw; } } int main() { pthread_t t; pthread_create(&t, 0, f, 0); pthread_join(t, 0); } --cut here-- executes on alpha-linux-gnu without printing anything when compiled with "gcc-4.9 -pthread". The problem was tracked to invalid execution of unwind_= stop from nptl/unwind.c. The referred function calls _jmpbuf_sp: 0033 static inline uintptr_t __attribute__ ((unused)) 0034 _jmpbuf_sp (__jmp_buf regs) 0035 { 0036 uintptr_t sp =3D regs[JB_SP]; 0037 #ifdef PTR_DEMANGLE 0038 PTR_DEMANGLE (sp); 0039 #endif 0040 return sp; through _JMPBUF_CFA_UNWINDS_ADJ/ _JMPBUF_UNWINDS_ADJ macros, defined in =E2=80=8Bsysdeps/=E2=80=8Balpha/=E2=80=8Bjmpbuf-unwind.h. However, regs[JB_= SP] is not mangled at all at function entry, as confirmed by following gdb session: (gdb) b jmpbuf-unwind.h:38 No source file named jmpbuf-unwind.h. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint 1 (jmpbuf-unwind.h:38) pending. (gdb) r Starting program: /space/homedirs/uros/test/a.out=20 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/libthread_db.so.1". [New Thread 0x20000c391f0 (LWP 11609)] [Switching to Thread 0x20000c391f0 (LWP 11609)] Breakpoint 1, unwind_stop (version=3D, actions=3D, exc_class=3D, exc_obj=3D, context=3D,=20 stop_parameter=3D) at unwind.c:61 61 || ! _JMPBUF_CFA_UNWINDS_ADJ (buf->cancel_jmp_buf[0].jmp_buf, context, (gdb) s _jmpbuf_sp (regs=3D0x20000c38a40) at ../ports/sysdeps/alpha/jmpbuf-unwind.h= :38 38 PTR_DEMANGLE (sp); (gdb) p/x regs[8] $1 =3D 0x20000c38a10 Following detail can be obtained from dissasembly: 0x000002000028774c <+188>: ldq s1,64(a5) <-- load SP value 0x0000020000287750 <+192>: ldq t0,0(t0) <-- load ptr chk guard =3D> 0x0000020000287754 <+196>: xor s1,t0,s1 <-- mangling function just before mangling function, we have: (gdb) i r s1 t0 s1 0x20000c38a10 2199036070416 t0 0x33608b9cba2ff160 3702112398953410912 The consequence of the wrong value is, that do_longjump flag gets set in unwind_stop function. This caused errorneous call to __libc_unwind_longjmp = at the end of the function, which silently terminates the execution. I suspect a missing call to PTR_MANGLE, or one of PTR_MANGLE* macros in sysdeps/unix/alpha/sysdep.h is not defined correctly, so saved SP value in jmp_buf isn't mangled as expected by unwind_stop function. --=20 You are receiving this mail because: You are on the CC list for the bug. >>From glibc-bugs-return-25838-listarch-glibc-bugs=sources.redhat.com@sourceware.org Wed Jul 16 16:18:00 2014 Return-Path: Delivered-To: listarch-glibc-bugs@sources.redhat.com Received: (qmail 10134 invoked by alias); 16 Jul 2014 16:18:00 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Delivered-To: mailing list glibc-bugs@sourceware.org Received: (qmail 10060 invoked by uid 48); 16 Jul 2014 16:17:56 -0000 From: "ubizjak at gmail dot com" To: glibc-bugs@sourceware.org Subject: [Bug nptl/17165] [alpha] Saved stack pointer is not mangled in unwind_stop jumpbuffer Date: Wed, 16 Jul 2014 16:18:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: nptl X-Bugzilla-Version: 2.17 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: ubizjak at gmail dot com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cf_gcctarget Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-07/txt/msg00621.txt.bz2 Content-length: 380 https://sourceware.org/bugzilla/show_bug.cgi?id=17165 Uros Bizjak changed: What |Removed |Added ---------------------------------------------------------------------------- Target| |alpha-linux-gnu -- You are receiving this mail because: You are on the CC list for the bug.