Date: Wed, 10 Jun 2020 22:14:47 +0200 From: Michael Tuexen <tuexen@freebsd.org> To: Mark Johnston <markj@FreeBSD.org> Cc: "freebsd-current@FreeBSD.org" <freebsd-current@freebsd.org> Subject: Re: gcc versus clang issue for 32-bit binaries Message-ID: <49FD752E-9BA0-4F1A-8B6C-47EBFB5911D3@freebsd.org> In-Reply-To: <20200610165908.GA81346@raichu> References: <128AB51F-0950-448F-8463-12C573C1AA38@freebsd.org> <20200610165908.GA81346@raichu>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 10. Jun 2020, at 18:59, Mark Johnston <markj@FreeBSD.org> wrote:
>=20
> On Wed, Jun 10, 2020 at 06:41:50PM +0200, Michael Tuexen wrote:
>> Dear all,
>>=20
>> consider the following program test.c:
>>=20
>> #include <sys/mman.h>
>> #include <stdio.h>
>>=20
>> int=20
>> main(void)
>> {
>> void *p;
>> =09
>> p =3D mmap((void *)0x20000000, 0x1000000, PROT_READ | PROT_WRITE =
| PROT_EXEC, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
>> printf("p=3D %p\n", p);
>> return (0);
>> }
>>=20
>> On i386 the following happens:
>> * when compiling it with cc and running it, it crashes.
>> * when compiling it with gcc it runs fine.
>>=20
>> On amd64 the following happens:
>> * when compiling it with cc -m64 it runs fine.
>> * when compiling it with cc -m32 is crashes.
>> * when compiling it with gcc -m64 it runs fine.
>> * when compiling it with gcc -m32 it runs fine.
>>=20
>> So why does the above program crash when compiled for 32-bit when =
using clang, but runs fine when compiled with gcc.
>=20
> The difference is between ld.bfd and ld.lld, which emit executables =
with
> different entry point addresses. cc -m32 -fuse-ld=3Dbfd gives an
> executable that does not crash.
>=20
> When linked with lld, libc and ld-elf get mapped into the region
> [0x20000000,0x21000000], so the program crashes when the libc.so =
mapping
> is overwritten with that created by the mmap() call and the program
> calls printf().
>=20
>> I'm testing this on 32-bit and 64-bit head systems. gcc is from =
ports.
>>=20
>> The reason I'm looking into it is that I want to get syzkaller =
working on 32-bit with clang.
>=20
> Do you know why SYZ_DATA_OFFSET is hard-coded the way it is? It looks
> like it works more or less by accident, but at a glance I don't see =
why
> it has to be a fixed mapping.
It looks like 0x10000000 works fine on my 32-bit VM.
I added you as a reviewer on =
https://github.com/google/syzkaller/pull/1809
Best regards
Michael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49FD752E-9BA0-4F1A-8B6C-47EBFB5911D3>