Date: Fri, 2 Nov 2018 10:38:08 -0700 From: Mark Millard <marklmi26-fbsd@yahoo.com> To: Konstantin Belousov <kostikbel@gmail.com> Cc: svn-src-head@freebsd.org, Alexander Richardson <arichardson@freebsd.org> Subject: Re: svn commit: r339876 - head/libexec/rtld-elf Message-ID: <E93B3880-281E-482C-9DA7-851398543B97@yahoo.com> In-Reply-To: <20181102155234.GN5335@kib.kiev.ua> References: <8E5A5F3A-F1A7-4702-A2F7-65D74CC5B2E5@yahoo.com> <20181102004101.GI5335@kib.kiev.ua> <E44F5772-1F8A-40B8-9C4E-B8362B768F37@yahoo.com> <003A49D7-6E8B-4775-A70B-E0EB44505D4B@yahoo.com> <20181102113827.GM5335@kib.kiev.ua> <7B29A4C8-228D-41CB-B594-98DFA456E9C8@yahoo.com> <20181102155234.GN5335@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2018-Nov-2, at 8:52 AM, Konstantin Belousov <kostikbel at gmail.com> =
wrote:
> On Fri, Nov 02, 2018 at 08:30:17AM -0700, Mark Millard wrote:
>> Breakpoint 4, reloc_non_plt (obj=3D0x41041000, obj_rtld=3D0x1801cc7, =
flags=3D4, lockstate=3D0x0) at =
/usr/src/libexec/rtld-elf/powerpc/reloc.c:338
>> 338 __syncicache(obj->mapbase + =
phdr->p_vaddr,
>> 1: x/i $pc
>> =3D> 0x1012b90 <reloc_non_plt+276>: lwz r0,36(r29)
>> (gdb) print/x obj->mapbase+phdr->p_vaddr
>> $17 =3D 0x3000000
>> (gdb) print/x obj->mapbase =20
>> $18 =3D 0x1800000
>> (gdb) print/x phdr->p_vaddr
>> $19 =3D 0x1800000
>> (gdb) c
>> Continuing.
>>=20
>> Program received signal SIGSEGV, Segmentation fault.
>> __syncicache (from=3D0x3000000, len=3D34112) at =
/usr/src/lib/libc/powerpc/gen/syncicache.c:94
>> 94 __asm __volatile ("dcbst 0,%0" :: "r"(p));
>> 1: x/i $pc
>> =3D> 0x10228b8 <__syncicache+96>: dcbst 0,r11
>>=20
>>=20
>>=20
>> It looks to me like the 0x1800000 component of the
>> overall figure was double counted. ( phdr->p_vaddr
>> would vary but obj->mapbase would not. )
>>=20
>> Omit "obj->mapbase + "?
> I used the wrong addend. Try this fix.
>=20
> diff --git a/libexec/rtld-elf/powerpc/reloc.c =
b/libexec/rtld-elf/powerpc/reloc.c
> index e921a4dc7d1..fae28dd9224 100644
> --- a/libexec/rtld-elf/powerpc/reloc.c
> +++ b/libexec/rtld-elf/powerpc/reloc.c
> @@ -294,6 +294,7 @@ reloc_non_plt(Obj_Entry *obj, Obj_Entry *obj_rtld, =
int flags,
> {
> const Elf_Rela *relalim;
> const Elf_Rela *rela;
> + const Elf_Phdr *phdr;
> SymCache *cache;
> int r =3D -1;
>=20
> @@ -327,8 +328,18 @@ reloc_non_plt(Obj_Entry *obj, Obj_Entry =
*obj_rtld, int flags,
> if (cache !=3D NULL)
> free(cache);
>=20
> - /* Synchronize icache for text seg in case we made any changes =
*/
> - __syncicache(obj->mapbase, obj->textsize);
> + /*
> + * Synchronize icache for executable segments in case we made
> + * any changes.
> + */
> + for (phdr =3D obj->phdr;
> + (const char *)phdr < (const char *)obj->phdr + obj->phsize;
> + phdr++) {
> + if (phdr->p_type =3D=3D PT_LOAD && (phdr->p_flags & =
PF_X) !=3D 0) {
> + __syncicache(obj->relocbase + phdr->p_vaddr,
> + phdr->p_memsz);
> + }
> + }
>=20
> return (r);
> }
> diff --git a/libexec/rtld-elf/powerpc64/reloc.c =
b/libexec/rtld-elf/powerpc64/reloc.c
> index c2d6dac13b1..15f31738ab7 100644
> --- a/libexec/rtld-elf/powerpc64/reloc.c
> +++ b/libexec/rtld-elf/powerpc64/reloc.c
> @@ -291,6 +291,7 @@ reloc_non_plt(Obj_Entry *obj, Obj_Entry *obj_rtld, =
int flags,
> {
> const Elf_Rela *relalim;
> const Elf_Rela *rela;
> + const Elf_Phdr *phdr;
> SymCache *cache;
> int bytes =3D obj->dynsymcount * sizeof(SymCache);
> int r =3D -1;
> @@ -327,8 +328,18 @@ reloc_non_plt(Obj_Entry *obj, Obj_Entry =
*obj_rtld, int flags,
> if (cache)
> munmap(cache, bytes);
>=20
> - /* Synchronize icache for text seg in case we made any changes =
*/
> - __syncicache(obj->mapbase, obj->textsize);
> + /*
> + * Synchronize icache for executable segments in case we made
> + * any changes.
> + */
> + for (phdr =3D obj->phdr;
> + (const char *)phdr < (const char *)obj->phdr + obj->phsize;
> + phdr++) {
> + if (phdr->p_type =3D=3D PT_LOAD && (phdr->p_flags & =
PF_X) !=3D 0) {
> + __syncicache(obj->relocbase + phdr->p_vaddr,
> + phdr->p_memsz);
> + }
> + }
>=20
> return (r);
> }
That seems better. But it crashes during /bin/ls execution
( 0x0180???? addresses ), apparently in a library routine
( 0x41?????? addresses ):
Program received signal SIGSEGV, Segmentation fault.
0x411220b4 in ?? ()
(gdb) bt
#0 0x411220b4 in ?? ()
#1 0x4112200c in ?? ()
#2 0x01803c84 in ?? ()
#3 0x018023b4 in ?? ()
#4 0x010121a0 in .rtld_start () at =
/usr/src/libexec/rtld-elf/powerpc/rtld_start.S:112
Using a normal gdb run of /bin/ls suggests:
#2 0x01803c84 in ?? () should be in main and seems to be: bl 0x1818914 =
<getopt_long@plt>
#3 0x018023b4 in ?? () should be in _start
Looking in the test context:
0x1803c80: bl 0x1818914
0x1803c84: cmpwi cr7,r3,-1
and:
0x1818914: li r11,59
0x1818918: b 0x18186f4
and:
0x18186f4: rlwinm r11,r11,2,0,29
0x18186f8: addis r11,r11,386
0x18186fc: lwz r11,-30316(r11)
0x1818700: mtctr r11
0x1818704: bctr
Breaking at the bctr and using info reg:
r11 0x4125ffa0 1093009312
It looks like there is some amount of
activity before the traceback addresses
show up.
I've not found a good way to fill in the "in ??()"
(or analogous) information. The addresses 0x411220??
do not match up with a normal run of /bin/ls from
gdb: the addresses can not be accessed.
It does appear that the code is in /lib/libc.so.7 in the
test context:
Breakpoint 2, reloc_non_plt (obj=3D0x41041600, obj_rtld=3D0x41104b57, =
flags=3D4, lockstate=3D0x0) at =
/usr/src/libexec/rtld-elf/powerpc/reloc.c:338
338 __syncicache(obj->relocbase + =
phdr->p_vaddr,
1: /x obj->relocbase + phdr->p_vaddr =3D 0x410ec000
2: /x obj->relocbase + phdr->p_vaddr + phdr->p_memsz =3D 0x4127f9d0
4: *obj =3D {magic =3D 0, version =3D 0, next =3D {tqe_next =3D 0x0, =
tqe_prev =3D 0x41041408}, path =3D 0x4103f100 "/lib/libc.so.7", =
origin_path =3D 0x0, refcount =3D 1, holdcount =3D 0, dl_refcount =3D 0,=20=
mapbase =3D 0x410ec000 "\177ELF\001\002\001\t", mapsize =3D 1908736, =
textsize =3D 1908736, vaddrbase =3D 0, relocbase =3D 0x410ec000 =
"\177ELF\001\002\001\t", dynamic =3D 0x412938e0,=20
entry =3D 0x41119d20 "\224!\377\340|\b\002\246H\027\374\001\223\301", =
phdr =3D 0x410ec034, phsize =3D 192, interp =3D 0x0, stack_flags =3D 6, =
tlsindex =3D 2, tlsinit =3D 0x4128f9d0, tlsinitsize =3D 2832,=20
tlssize =3D 2860, tlsoffset =3D 8, tlsalign =3D 16, relro_page =3D =
0x410ec000 "\177ELF\001\002\001\t", relro_size =3D 0, pltgot =3D =
0x41299ba8, rel =3D 0x0, relsize =3D 0, rela =3D 0x41106530, relasize =3D =
79800,=20
pltrel =3D 0x0, pltrelsize =3D 0, pltrela =3D 0x41116d6c, pltrelasize =
=3D 12156, symtab =3D 0x410f12a0, strtab =3D 0x410fd8e0 "", strsize =3D =
29303, verneed =3D 0x0, verneednum =3D 0, verdef =3D 0x41106420,=20
verdefnum =3D 8, versyms =3D 0x41104b58, buckets =3D 0x410ec0fc, =
nbuckets =3D 2053, chains =3D 0x410ee110, nchains =3D 3172, nbuckets_gnu =
=3D 0, symndx_gnu =3D 0, maskwords_bm_gnu =3D 0, shift2_gnu =3D 0,=20
dynsymcount =3D 3172, bloom_gnu =3D 0x0, buckets_gnu =3D 0x0, =
chain_zero_gnu =3D 0x0, rpath =3D 0x0, runpath =3D 0x0, needed =3D 0x0, =
needed_filtees =3D 0x0, needed_aux_filtees =3D 0x0, names =3D {
stqh_first =3D 0x4103f120, stqh_last =3D 0x4103f140}, vertab =3D =
0x41040400, vernum =3D 9, init =3D 1091673320, fini =3D 1093063668, =
preinit_array =3D 0, init_array =3D 0, fini_array =3D 0, =
preinit_array_num =3D 0,=20
init_array_num =3D 0, fini_array_num =3D 0, osrel =3D 0, mainprog =3D =
0 '\000', rtld =3D 0 '\000', relocated =3D 1 '\001', ver_checked =3D 1 =
'\001', textrel =3D 0 '\000', symbolic =3D 0 '\000', bind_now =3D 0 =
'\000',=20
traced =3D 0 '\000', jmpslots_done =3D 0 '\000', init_done =3D 0 =
'\000', tls_done =3D 1 '\001', phdr_alloc =3D 0 '\000', z_origin =3D 0 =
'\000', z_nodelete =3D 0 '\000', z_noopen =3D 0 '\000',=20
z_loadfltr =3D 0 '\000', z_interpose =3D 0 '\000', z_nodeflib =3D 0 =
'\000', z_global =3D 0 '\000', ref_nodel =3D 0 '\000', init_scanned =3D =
0 '\000', on_fini_list =3D 0 '\000', dag_inited =3D 0 '\000',=20
filtees_loaded =3D 0 '\000', irelative =3D 0 '\000', gnu_ifunc =3D 0 =
'\000', non_plt_gnu_ifunc =3D 0 '\000', crt_no_init =3D 0 '\000', =
valid_hash_sysv =3D 1 '\001', valid_hash_gnu =3D 0 '\000',=20
dlopened =3D 0 '\000', marker =3D 0 '\000', unholdfree =3D 0 '\000', =
doomed =3D 0 '\000', linkmap =3D {l_addr =3D 0x410ec000 =
"\177ELF\001\002\001\t", l_name =3D 0x4103f100 "/lib/libc.so.7", l_ld =3D =
0x412938e0,=20
l_next =3D 0x103ec1c <obj_rtld+308>, l_prev =3D 0x41041534}, dldags =
=3D {stqh_first =3D 0x0, stqh_last =3D 0x41041748}, dagmembers =3D =
{stqh_first =3D 0x0, stqh_last =3D 0x41041750}, dev =3D 137, ino =3D =
3370513,=20
priv =3D 0x0}
(gdb) c
Continuing.
Breakpoint 2, reloc_non_plt (obj=3D0x41041600, obj_rtld=3D0xffffff50, =
flags=3D4, lockstate=3D0x0) at =
/usr/src/libexec/rtld-elf/powerpc/reloc.c:338
338 __syncicache(obj->relocbase + =
phdr->p_vaddr,
1: /x obj->relocbase + phdr->p_vaddr =3D 0x4128f9d0
2: /x obj->relocbase + phdr->p_vaddr + phdr->p_memsz =3D 0x412bdef0
4: *obj =3D {magic =3D 0, version =3D 0, next =3D {tqe_next =3D 0x0, =
tqe_prev =3D 0x41041408}, path =3D 0x4103f100 "/lib/libc.so.7", =
origin_path =3D 0x0, refcount =3D 1, holdcount =3D 0, dl_refcount =3D 0,=20=
mapbase =3D 0x410ec000 "\177ELF\001\002\001\t", mapsize =3D 1908736, =
textsize =3D 1908736, vaddrbase =3D 0, relocbase =3D 0x410ec000 =
"\177ELF\001\002\001\t", dynamic =3D 0x412938e0,=20
entry =3D 0x41119d20 "\224!\377\340|\b\002\246H\027\374\001\223\301", =
phdr =3D 0x410ec034, phsize =3D 192, interp =3D 0x0, stack_flags =3D 6, =
tlsindex =3D 2, tlsinit =3D 0x4128f9d0, tlsinitsize =3D 2832,=20
tlssize =3D 2860, tlsoffset =3D 8, tlsalign =3D 16, relro_page =3D =
0x410ec000 "\177ELF\001\002\001\t", relro_size =3D 0, pltgot =3D =
0x41299ba8, rel =3D 0x0, relsize =3D 0, rela =3D 0x41106530, relasize =3D =
79800,=20
pltrel =3D 0x0, pltrelsize =3D 0, pltrela =3D 0x41116d6c, pltrelasize =
=3D 12156, symtab =3D 0x410f12a0, strtab =3D 0x410fd8e0 "", strsize =3D =
29303, verneed =3D 0x0, verneednum =3D 0, verdef =3D 0x41106420,=20
verdefnum =3D 8, versyms =3D 0x41104b58, buckets =3D 0x410ec0fc, =
nbuckets =3D 2053, chains =3D 0x410ee110, nchains =3D 3172, nbuckets_gnu =
=3D 0, symndx_gnu =3D 0, maskwords_bm_gnu =3D 0, shift2_gnu =3D 0,=20
dynsymcount =3D 3172, bloom_gnu =3D 0x0, buckets_gnu =3D 0x0, =
chain_zero_gnu =3D 0x0, rpath =3D 0x0, runpath =3D 0x0, needed =3D 0x0, =
needed_filtees =3D 0x0, needed_aux_filtees =3D 0x0, names =3D {
stqh_first =3D 0x4103f120, stqh_last =3D 0x4103f140}, vertab =3D =
0x41040400, vernum =3D 9, init =3D 1091673320, fini =3D 1093063668, =
preinit_array =3D 0, init_array =3D 0, fini_array =3D 0, =
preinit_array_num =3D 0,=20
init_array_num =3D 0, fini_array_num =3D 0, osrel =3D 0, mainprog =3D =
0 '\000', rtld =3D 0 '\000', relocated =3D 1 '\001', ver_checked =3D 1 =
'\001', textrel =3D 0 '\000', symbolic =3D 0 '\000', bind_now =3D 0 =
'\000',=20
traced =3D 0 '\000', jmpslots_done =3D 0 '\000', init_done =3D 0 =
'\000', tls_done =3D 1 '\001', phdr_alloc =3D 0 '\000', z_origin =3D 0 =
'\000', z_nodelete =3D 0 '\000', z_noopen =3D 0 '\000',=20
z_loadfltr =3D 0 '\000', z_interpose =3D 0 '\000', z_nodeflib =3D 0 =
'\000', z_global =3D 0 '\000', ref_nodel =3D 0 '\000', init_scanned =3D =
0 '\000', on_fini_list =3D 0 '\000', dag_inited =3D 0 '\000',=20
filtees_loaded =3D 0 '\000', irelative =3D 0 '\000', gnu_ifunc =3D 0 =
'\000', non_plt_gnu_ifunc =3D 0 '\000', crt_no_init =3D 0 '\000', =
valid_hash_sysv =3D 1 '\001', valid_hash_gnu =3D 0 '\000',=20
dlopened =3D 0 '\000', marker =3D 0 '\000', unholdfree =3D 0 '\000', =
doomed =3D 0 '\000', linkmap =3D {l_addr =3D 0x410ec000 =
"\177ELF\001\002\001\t", l_name =3D 0x4103f100 "/lib/libc.so.7", l_ld =3D =
0x412938e0,=20
l_next =3D 0x103ec1c <obj_rtld+308>, l_prev =3D 0x41041534}, dldags =
=3D {stqh_first =3D 0x0, stqh_last =3D 0x41041748}, dagmembers =3D =
{stqh_first =3D 0x0, stqh_last =3D 0x41041750}, dev =3D 137, ino =3D =
3370513,=20
priv =3D 0x0}
I'm going to at least go eat before investigating more.
=3D=3D=3D
Mark Millard
marklmi at yahoo.com
( dsl-only.net went
away in early 2018-Mar)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E93B3880-281E-482C-9DA7-851398543B97>