Date: Sat, 8 Jun 2019 15:37:21 -0700 From: Mark Millard <marklmi@yahoo.com> To: FreeBSD Toolchain <freebsd-toolchain@freebsd.org>, FreeBSD PowerPC ML <freebsd-ppc@freebsd.org> Cc: Alfredo Dal Ava Junior <alfredo.junior@eldorado.org.br>, Justin Hibbits <chmeeedalf@gmail.com> Subject: crash of 32-bit powerpc -r347549 kernel built via system-clang-8, _init_tls is where the initial DIAGNOSTICS-reported SIGSEGV happens Message-ID: <8F272F27-0BC3-402A-810A-4608162F9EEE@yahoo.com>
next in thread | raw e-mail | index | archive | help
The failure is related to *sp++ in the
below source code from lib/libc/gen/tls.c .
extern char **environ;
=20
void
_init_tls(void)
{
#ifndef PIC
Elf_Addr *sp;
Elf_Auxinfo *aux, *auxp;
Elf_Phdr *phdr;
size_t phent, phnum;
int i;
void *tls;
sp =3D (Elf_Addr *) environ;
while (*sp++ !=3D 0)
;
. . .
system-clang-8 produced the following
code in /sbin/init :
01812f50 <_init_tls> mflr r0
01812f54 <_init_tls+0x4> stw r0,4(r1)
01812f58 <_init_tls+0x8> stwu r1,-16(r1)
01812f5c <_init_tls+0xc> stw r31,12(r1)
01812f60 <_init_tls+0x10> mr r31,r1
01812f64 <_init_tls+0x14> lis r3,404
01812f68 <_init_tls+0x18> lwz r4,-28276(r3) #### Note: r4=3D*environ
01812f6c <_init_tls+0x1c> li r5,0
01812f70 <_init_tls+0x20> addi r3,r4,-4
01812f74 <_init_tls+0x24> lwzu r7,4(r3) #### fails here
01812f78 <_init_tls+0x28> mr r6,r5
01812f7c <_init_tls+0x2c> addi r5,r5,1
01812f80 <_init_tls+0x30> cmplwi r7,0
01812f84 <_init_tls+0x34> bne+ 01812f74 <_init_tls+0x24>
. . .
readelf -asW shows environ as:
2652: 000000000193918c 4 OBJECT GLOBAL DEFAULT 17 environ
MAJOR CONCLUSION (so far): It appears that the values
found by the sp++ are strange so *sp++ gets the SIGSEGV.
The:
01812f64 <_init_tls+0x14> lis r3,404
01812f68 <_init_tls+0x18> lwz r4,-28276(r3)
does match up: 0x193918c=3D=3D(404<<16)-28276 .
It looks like the Elf_Addr value itself is strange
when the SIGSEGV's happen.
The evidence for where the failure point is was:
KDB: enter p_pid 1 got signal 11
[ thread pid 1 tid 100002 ]
Stopped at kdb_enter+0x74: addi r3,r0,0x0
db> bt
Tracing pid 1 tid 100002 td 0x1506ae0
0xd6b7c950: at cursig+0x55c
0xd6b7ca10: at ast+0x508
0xd6b7ca40: user DSI read trap @ 0x1c000020 by 0x1812f74: srr1=3D0xd032
r1=3D0xffffde90 cr=3D0x20000000 xer=3D0 ctr=3D0 sr=3D0x40000000=
frame=3D0xd6b7ca48
db>
The "trap @" value can vary, such as instead being 0xfa5005af .
=3D=3D=3D
Mark Millard
marklmi at yahoo.com
( dsl-only.net went
away in early 2018-Mar)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8F272F27-0BC3-402A-810A-4608162F9EEE>