Date: Fri, 02 Oct 2020 06:44:35 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 250043] ptrace() GETFPREGS/SETFPREGS uses 32-bit version of *XSAVE*/*XRSTOR* truncating FIP/FDP Message-ID: <bug-250043-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D250043 Bug ID: 250043 Summary: ptrace() GETFPREGS/SETFPREGS uses 32-bit version of *XSAVE*/*XRSTOR* truncating FIP/FDP Product: Base System Version: Unspecified Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: mgorny@gentoo.org CC: emaste@freebsd.org This is a problem discovered while working on new FreeBSD plugin for LLDB, = as contracted to Moritz Systems by FreeBSD Foundation. TL;DR: We'd need to replace 'plain' *xsave* and *xrstor* calls used to popu= late GETFPREGS/SETFPREGS on amd64 (or possibly all of them) with *xsave*64 and *xrstor*64. This changes the FIP/FDP representation inside the struct not = to be truncated to 32 bits (without changing anything else). Long version: The fxsave, xsave... and fxrstor, xrstor... instructions have two variants = on amd64. The variant without prefix uses a 32-bit compatible x87 register du= mp structure while the variant prefixed by rex.w=3D1 uses a 64-bit x87 register dump. The latter can be done in gas by appending '64' suffix to the comman= d, e.g. fxsave64. The only difference in these two variants is how FIP/FDP registers are writ= ten. In the 32-bit compatible variant, they are written as a 16-bit segment register (FCS/FDS) and an actual pointer truncated to 32 bits (FIP[31:0], FDP[31:0]), plus 16 bits of padding. In the 64-bit version, they are writt= en as full 64-bit register instead. FreeBSD currently calls the 32-bit compatible variant of instructions. Thi= s is problematic because it means that pointers exceeding 2^32 are truncated.=20 Switching to the 64-bit variant would solve that. This is a potentially breaking change but we don't think it is likely to br= eak anything. The FIP/FDP registers are used to locate instruction and its mem= ory operand (if any) when software handling of x87 exceptions is used. We don't think modern debuggers are used often in that context and even if they are,= the current state is broken as they get a truncated pointer. We'd lose access to respective segment registers but unless I'm mistaken th= ey aren't really used much these days. The problem also affects current versions of gdb. Linux gdb and lldb are u= sing the 64-bit variant. Although it is displayed split as fiseg/fioff, foseg/fooff, the *seg register does not contain the 16-bit segment but inst= ead FIP[63:32], FDP[63:32]. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-250043-227>