From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) by sourceware.org (Postfix) with ESMTPS id 583823858D35 for ; Mon, 11 Oct 2021 08:56:20 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 583823858D35 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=denx.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=denx.de Received: from ktm (85-222-111-42.dynamic.chello.pl [85.222.111.42]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: lukma@denx.de) by phobos.denx.de (Postfix) with ESMTPSA id EDECF836DA; Mon, 11 Oct 2021 10:56:17 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=denx.de; s=phobos-20191101; t=1633942578; bh=/1AV0cNHjxGkvM6ZQjPTypvBMTQuhIfqQTRE6+dC57U=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=YrRArqe/b0JIO5lbuvDT8PFEVpBHtCbuBxvd8XtuugzlOFaOhikc3sGfQr6eiabRL uvAsMhCZ9tvFP36km2KFlGeB9UAiJEl5ltn0bZW8yfmjClAHusegaeUVy7mqJTHvXm NiJ9IEVPjwE3WeNZgqOBG46+JlL2GkSfn+Hw7BikStSbH/AUbfZ1Hw6fCht/JEQVtl zLvr16VG1h8h/R30n4rqvItwfWhUqj9PjU16WDlM0ojCMPPkdJcdjA0LkqFnJNexf4 FZKMW1xVf4tWXPLlAO5Qh95WFiJLbvQRGBMTcPKIzfz3wnY0nsBSOtxn3nFecSALpm O0r8+J2O5r4OA== Date: Mon, 11 Oct 2021 10:56:17 +0200 From: Lukasz Majewski To: "H.J. Lu" , Adhemerval Zanella , Szabolcs Nagy Cc: Florian Weimer , libc-alpha , Andreas Schwab , Joseph Myers Subject: Re: [PATCH] dl: Use "adr" assembler command to get proper load address Message-ID: <20211011105617.5bcd493d@ktm> In-Reply-To: References: <20210907131616.23472-1-lukma@denx.de> <20210907164906.yt6nonvfyhvbrx6p@google.com> <20210907193227.6047f9cc@ktm> <20210907174417.sctsswphsyae4mpc@google.com> <20211005094554.2f28d6bd@ktm> <20211006075721.qnv6qabroytcsido@google.com> <20211006110321.5f1a9610@ktm> <20211006134344.63395242@ktm> <20211006125517.GE2700@arm.com> <20211007111926.30db4c4f@ktm> <20211007120038.1445bbd3@ktm> <44bac775-3127-7bc7-c4ea-fa282ed277d3@linaro.org> Organization: denx.de X-Mailer: Claws Mail 3.18.0 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; boundary="Sig_/8qBM.6tonesQogwrWXei=W5"; protocol="application/pgp-signature" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean X-Spam-Status: No, score=-2.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_BARRACUDACENTRAL, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Oct 2021 08:56:22 -0000 --Sig_/8qBM.6tonesQogwrWXei=W5 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Hi H.J, Adhemerval, Szabolcs, > On Thu, Oct 7, 2021 at 7:18 AM Adhemerval Zanella via Libc-alpha > wrote: > > > > > > > > On 07/10/2021 07:00, Lukasz Majewski wrote: =20 > > > On Thu, 7 Oct 2021 11:19:26 +0200 > > > Lukasz Majewski wrote: > > > =20 > > >> Hi Szabolcs, > > >> =20 > > >>> The 10/06/2021 13:43, Lukasz Majewski wrote: =20 > > >>>> Please find in-depth analyze about the issue: > > >>>> > > >>>> It was tested with Beagle Bone Black (BBB) and QEMU (the same > > >>>> binary rootfs images). > > >>>> (If needed I will upload images and script to run QEMU to some > > >>>> server for reproduction). > > >>>> Branch: > > >>>> https://github.com/lmajewski/y2038_glibc/commits/y2038_edge =20 > > >>> > > >>> i think it is easier to look at if you upload the broken > > >>> ld.so binary. or at least readelf -aW ld.so output. =20 > > >> > > >> Please find working and broken ld-linux-armhf.so.3: > > >> https://owncloud.denx.de/s/wtAfktG6pXLffSA > > >> =20 > > >>> =20 > > >>>> On working setup to trigger the core dump: > > >>>> /home/root/ld-linux-armhf.so.3 /sbin/init > > >>>> gdb ./ld-linux-armhf.so.3 core > > >>>> > > >>>> (and the /home/root/ld-linux-armhf.so.3 is the "broken" one). > > >>>> > > >>>> > > >>>> Not working (patch [1] not applied): > > >>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > >>>> > > >>>> All the code is located in _dl_start in elf/rtld.c and > > >>>> elf/get-dynamic-info.h files: > > >>>> > > >>>> (gdb) p/x $r5 > > >>>> $46 =3D 0xb6fc8000 > > >>>> r5 is set from the elf_machine_load_address() > > >>>> > > >>>> Then we enter the elf_get_dynamic_info() > > >>>> > > >>>> 0xb6fc95fc 99 ADJUST_DYN_INFO (DT_SYMTAB); > > >>>> 0xb6fc95f8 <_dl_start+308>: 04 30 92 15 ldrne r3, > > >>>> [r2, #4] =3D> 0xb6fc95fc <_dl_start+312>: 05 30 83 10 addne > > >>>> r3, r3, r5 0xb6fc9600 <_dl_start+316>: 04 30 82 15 > > >>>> strne r3, [r2, #4] (gdb) p/x $r3 > > >>>> $63 =3D 0x410003f4 > > >>>> (gdb) p/x $r5 > > >>>> $64 =3D 0xb6fc8000 =20 > > >>> > > >>> it seems r5 is already wrong here, it's not the runtime > > >>> address of 0. (looks more like the runtime address of > > >>> 0x41000000) =20 > > >> > > >> The r5 is set according to the change in patch which now I'm > > >> trying to fix. > > >> > > >> To be more specific - r5 is set according to code in patch SHA1: > > >> bca0f5cbc9257c13322b99e55235c4f21ba0bd82 > > >> =20 > > >>> > > >>> likely something goes wrong with the computation of r5. =20 > > >> > > >> Before the SHA1: bca0f5cbc9257c13322b99e55235c4f21ba0bd82 patch > > >> r5 was computed with using 'adr' assembler instruction, not set > > >> from some constant value. > > >> > > >> asm ("adr %0, _dl_start" : "=3Dr" (pcrel_addr)); > > >> > > >> And r5 value was 0x75fc8000 > > >> =20 > > >>> =20 > > >>>> Links: > > >>>> [1] - > > >>>> https://github.com/lmajewski/y2038_glibc/commit/e67e0f589b88a44be8= f8b9b770b08950dd7e5bd5 > > >>>> > > >>>> readelf -e ld-linux-armhf.so.3 > > >>>> > > >>>> [10] .plt PROGBITS 41000994 000994 000050 > > >>>> 04 AX 0 0 4 [11] .text PROGBITS 41000a00 > > >>>> 000a00 01fed0 00 AX 0 0 64 [12] .rodata PROGBITS > > >>>> 410208d0 0208d0 004b24 00 A 0 0 4 [13] .ARM.extab > > >>>> PROGBITS 410253f4 0253f4 000018 00 A 0 0 4 [14] > > >>>> .ARM.exidx ARM_EXIDX 4102540c 02540c 0000c8 00 > > >>>> AL 11 0 4 [15] .data.rel.ro PROGBITS 41036200 > > >>>> 026200 000cf4 00 WA 0 0 8 [16] .dynamic DYNAMIC > > >>>> 41036ef4 026ef4 0000c8 08 WA 5 0 4 [17] .got > > >>>> PROGBITS 41036fbc 026fbc 000040 04 WA 0 0 4 =20 > > >>> > > >>> why are all addresses >0x41000000 ? > > >>> in a shared library i expect all those addresses > > >>> to be close to 0. =20 > > >> > > >> On this real HW system (the rootfs which is running) - libc.so.6 > > >> also has address > 0x41000000 > > >> libm.so.6 also has the value > 0x41200000 > > >> (Entry point address: 0x412c9190) > > >> > > >> The offset of > 0x41000000 looks a bit strange indeed, but it is > > >> still less than the kernel space. Moreover, with position > > >> independent code it shall not matter. > > >> =20 > > >>> > > >>> is this made by some modified binutils? =20 > > >> > > >> I've double checked the ld-linux-armhf.so.3 and after build it > > >> has: (Entry point address: 0xa00) which seems to > > >> be correct. > > >> > > >> So it looks like during installation of the glibc (on the > > >> Yocto/OE created rootfs) the elf header is modified and this > > >> 0x41000000 offset is added. > > >> =20 > > > > > > And indeed it is the case. Yocto/OE by default perform prelinking > > > (use prelink program) to speedup start time of dynamic program. > > > > > > The prelink [1] itself assigns some virtual addresses to all > > > required shared objects (in our case for /sbin/init), so no > > > clashes are encountered. > > > > > > And using prelink is a _default_ behaviour in Yocto/OE poky > > > distro. =20 > > > > Does it work without prelink? Also, does it fail with prelink in > > real hardware? > > > > It indeed might be a prelink issue in fact. =20 >=20 > This will fail everywhere if prelink is used. >=20 Do we have _any_ plan how to fix it? BSPs for many boards are built with Yocto/OE nowadays... The approach with using 'adr' (pseudo) assembler instruction to calculate the on-runtime addresses was working previously. Shall we revert changes which were introduced recently (to use __ehdr_start)? Best regards, Lukasz Majewski -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-59 Fax: (+49)-8142-66989-80 Email: lukma@denx.de --Sig_/8qBM.6tonesQogwrWXei=W5 Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEgAyFJ+N6uu6+XupJAR8vZIA0zr0FAmFj/DEACgkQAR8vZIA0 zr2DlAf/a4+ufEBuE+E8qW0FLkhTqaHGElugO0wAiBFF4twZ7m+809ifKgzQBsRl +o/d39kPNqhw5Ux9jRo/vbPTNbxZhhTnaQN8bT6u/ctNKxYDBN2vs+NhVIj/EGHK s1K8KgRT3woPvifcvVTUld40XUfzVi68qW5QZ26ZRTXuUaKjN+cJQuJvijJJw47k DaPdJlyMEV3ivQ2lQHSB7L77os74THp5zp8zfVeaIIcd+aj0KGK6q/ipCfLtKJpJ d4l1TbjXLj9m1Zq24T/RShNEnmwILhNI/XPKRUaixgvGWBegvvXTnHjr2NtM35MJ I875IDED5cRwRn7pBRBrLE85hV6BhQ== =ND7O -----END PGP SIGNATURE----- --Sig_/8qBM.6tonesQogwrWXei=W5--