[uml-devel] Stop the insanity

[uml-devel] Stop the insanity

[Jeff Dike]

I'm sending this mail out to everyone that I can find who has had the UML
stubs compiled in unexpected ways, resulting in crashing.

I'd like testing of the patch below on as many gcc versions as possible.  I
think this patch avoids the fundamental issue which is behind this, namely
gcc using the stack when we have just replaced it, behind gcc's back.  The 
remapping and storage of the return value is hidden in a blob of asm, hopefully
giving gcc no room for creativity.

The patch changes both i386 and x86_64 and I'd appreciate testing on both
architectures.  It's against -rc3, but should go cleanly against -rc4 as well.

Please report back both successes and failures.

				Jeff

Index: linux-2.6.15/arch/um/include/sysdep-i386/stub.h
===================================================================
--- linux-2.6.15.orig/arch/um/include/sysdep-i386/stub.h	2005-11-29 18:45:43.000000000 -0500
+++ linux-2.6.15/arch/um/include/sysdep-i386/stub.h	2005-12-01 15:04:56.000000000 -0500
@@ -6,8 +6,12 @@
 #ifndef __SYSDEP_STUB_H
 #define __SYSDEP_STUB_H
 
+#include <sys/mman.h>
 #include <asm/ptrace.h>
 #include <asm/unistd.h>
+#include "stub-data.h"
+#include "kern_constants.h"
+#include "uml-config.h"
 
 extern void stub_segv_handler(int sig);
 extern void stub_clone_handler(void);
@@ -76,23 +80,22 @@ static inline long stub_syscall5(long sy
 	return ret;
 }
 
-static inline long stub_syscall6(long syscall, long arg1, long arg2, long arg3,
-				 long arg4, long arg5, long arg6)
+static inline void trap_myself(void)
 {
-	long ret;
-
-	__asm__ volatile ("push %%ebp ; movl %%eax,%%ebp ; movl %1,%%eax ; "
-			"int $0x80 ; pop %%ebp"
-			: "=a" (ret)
-			: "g" (syscall), "b" (arg1), "c" (arg2), "d" (arg3),
-			  "S" (arg4), "D" (arg5), "0" (arg6));
-
-	return ret;
+	__asm("int3");
 }
 
-static inline void trap_myself(void)
+static inline void remap_stack(int fd, unsigned long offset)
 {
-	__asm("int3");
+	__asm__ volatile ("movl %%eax,%%ebp ; movl %0,%%eax ; int $0x80 ;"
+			  "movl %7, %%ebx ; movl %%eax, (%%ebx)"
+			  : : "g" (STUB_MMAP_NR), "b" (UML_CONFIG_STUB_DATA), 
+			    "c" (UM_KERN_PAGE_SIZE), 
+			    "d" (PROT_READ | PROT_WRITE),
+			    "S" (MAP_FIXED | MAP_SHARED), "D" (fd), 
+			    "a" (offset), 
+			    "i" (&((struct stub_data *) UML_CONFIG_STUB_DATA)->err) 
+			  : "memory");
 }
 
 #endif
Index: linux-2.6.15/arch/um/include/sysdep-x86_64/stub.h
===================================================================
--- linux-2.6.15.orig/arch/um/include/sysdep-x86_64/stub.h	2005-11-29 18:45:43.000000000 -0500
+++ linux-2.6.15/arch/um/include/sysdep-x86_64/stub.h	2005-12-01 16:15:28.000000000 -0500
@@ -6,8 +6,12 @@
 #ifndef __SYSDEP_STUB_H
 #define __SYSDEP_STUB_H
 
+#include <sys/mman.h>
 #include <asm/unistd.h>
 #include <sysdep/ptrace_user.h>
+#include "stub-data.h"
+#include "kern_constants.h"
+#include "uml-config.h"
 
 extern void stub_segv_handler(int sig);
 extern void stub_clone_handler(void);
@@ -81,23 +85,23 @@ static inline long stub_syscall5(long sy
 	return ret;
 }
 
-static inline long stub_syscall6(long syscall, long arg1, long arg2, long arg3,
-				 long arg4, long arg5, long arg6)
+static inline void trap_myself(void)
 {
-	long ret;
-
-	__asm__ volatile ("movq %5,%%r10 ; movq %6,%%r8 ; "
-		"movq %7, %%r9; " __syscall : "=a" (ret)
-		: "0" (syscall), "D" (arg1), "S" (arg2), "d" (arg3),
-		  "g" (arg4), "g" (arg5), "g" (arg6)
-		: __syscall_clobber, "r10", "r8", "r9" );
-
-	return ret;
+	__asm("int3");
 }
 
-static inline void trap_myself(void)
+static inline void remap_stack(long fd, unsigned long offset)
 {
-	__asm("int3");
+	__asm__ volatile ("movq %4,%%r10 ; movq %5,%%r8 ; "
+			  "movq %6, %%r9; " __syscall "; movq %7, %%rbx ; "
+			  "movq %%rax, (%%rbx)": 
+			  : "a" (STUB_MMAP_NR), "D" (UML_CONFIG_STUB_DATA), 
+			    "S" (UM_KERN_PAGE_SIZE), 
+			    "d" (PROT_READ | PROT_WRITE), 
+                            "g" (MAP_FIXED | MAP_SHARED), "g" (fd), 
+			    "g" (offset),
+			    "i" (&((struct stub_data *) UML_CONFIG_STUB_DATA)->err)
+			  : __syscall_clobber, "r10", "r8", "r9" );
 }
 
 #endif
Index: linux-2.6.15/arch/um/kernel/skas/clone.c
===================================================================
--- linux-2.6.15.orig/arch/um/kernel/skas/clone.c	2005-12-01 11:49:12.000000000 -0500
+++ linux-2.6.15/arch/um/kernel/skas/clone.c	2005-12-01 13:52:10.000000000 -0500
@@ -18,11 +18,10 @@
  * on some systems.
  */
 
-#define STUB_DATA(field) (((struct stub_data *) UML_CONFIG_STUB_DATA)->field)
-
 void __attribute__ ((__section__ (".__syscall_stub")))
 stub_clone_handler(void)
 {
+	struct stub_data *data = (struct stub_data *) UML_CONFIG_STUB_DATA;
 	long err;
 
 	err = stub_syscall2(__NR_clone, CLONE_PARENT | CLONE_FILES | SIGCHLD,
@@ -35,17 +34,21 @@ stub_clone_handler(void)
 	if(err)
 		goto out;
 
-	err = stub_syscall3(__NR_setitimer, ITIMER_VIRTUAL,
-			    (long) &STUB_DATA(timer), 0);
+	err = stub_syscall3(__NR_setitimer, ITIMER_VIRTUAL, 
+			    (long) &data->timer, 0);
 	if(err)
 		goto out;
 
-	err = stub_syscall6(STUB_MMAP_NR, UML_CONFIG_STUB_DATA,
-			    UM_KERN_PAGE_SIZE, PROT_READ | PROT_WRITE,
-			    MAP_FIXED | MAP_SHARED, STUB_DATA(fd),
-			    STUB_DATA(offset));
+	remap_stack(data->fd, data->offset);
+	goto done;
+
  out:
-	/* save current result. Parent: pid; child: retcode of mmap */
-	STUB_DATA(err) = err;
+	/* save current result. 
+	 * Parent: pid; 
+	 * child: retcode of mmap already saved and it jumps around this 
+	 * assignment
+	 */
+	data->err = err;
+ done:
 	trap_myself();
 }


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel

[uml-devel] Re: Stop the insanity

[Antoine Martin]

Hi Jeff,

Thanks for taking a stab at sorting out this gcc madness.
I had to apply it by hand on top of -rc3 (I then tried -rc4 too):
(but since no UML patches went into rc4 I guess it's just an offset
problem)

tar -jxf linux-2.6.14.tar.bz2
mv linux-2.6.14 linux-2.6.15-rc3-uml-x86
cd linux-2.6.15-rc3-uml-x86
bzcat ../patch-2.6.15-rc3.bz2 | patch -p1
patch -p1 --dry-run < ../stub-clone.patch
patching file arch/um/include/sysdep-i386/stub.h
Hunk #2 FAILED at 80.
1 out of 2 hunks FAILED -- saving rejects to file
arch/um/include/sysdep-i386/stub.h.rej
patching file arch/um/include/sysdep-x86_64/stub.h
Hunk #2 FAILED at 85.
1 out of 2 hunks FAILED -- saving rejects to file
arch/um/include/sysdep-x86_64/stub.h.rej
patching file arch/um/kernel/skas/clone.c
Hunk #1 FAILED at 18.
Hunk #2 FAILED at 34.
2 out of 2 hunks FAILED -- saving rejects to file
arch/um/kernel/skas/clone.c.rej

I can build the amd64 guest with both:
* gcc (GCC) 3.4.4 (Gentoo Hardened 3.4.4-r1, HTB-3.4.4-1.00,
ssp-3.4.4-1.0, pie-8.7.8)
* gcc (GCC) 4.0.2 20051125 (Red Hat 4.0.2-8)
But as reported yesterday, the GCC-3.4.4 compiled one stops very early
in the boot process.

Now for the SUBARCH=i386 build: using GCC 4.0.2 (FC4 as above) worked,
but using GCC 3.4.4 (Gentoo Hardened):

I get the same result for SUBARCH=i386 and native x86 builds:
* Native: gcc (GCC) 3.3.6 (Gentoo Hardened 3.3.6, HTB-3.3.6-1.00-r1,
ssp-3.3.6-1.0, pie-8.7.8)
* SUBARCH=i386: gcc (GCC) 3.4.4 (Gentoo Hardened 3.4.4-r1,
HTB-3.4.4-1.00, ssp-3.4.4-1.0, pie-8.7.8)

  CC      arch/um/kernel/skas/clone.o
arch/um/kernel/skas/clone.c: In function `stub_clone_handler':
arch/um/include/sysdep/stub.h:45: error: can't find a register in class
`BREG' while reloading `asm'
arch/um/include/sysdep/stub.h:66: error: can't find a register in class
`BREG' while reloading `asm'
arch/um/include/sysdep/stub.h:55: error: can't find a register in class
`BREG' while reloading `asm'
arch/um/include/sysdep/stub.h:90: error: can't find a register in class
`BREG' while reloading `asm'
make[2]: *** [arch/um/kernel/skas/clone.o] Error 1
make[1]: *** [arch/um/kernel/skas] Error 2
make: *** [arch/um/kernel] Error 2

(I used the files that worked on gcc4 to make sure I did not make a
mistake merging it)
I haven't booted into the GCC4 one, but there is no reason why it
wouldn't work.

Antoine



On Thu, 2005-12-01 at 19:13 -0500, Jeff Dike wrote:
> I'm sending this mail out to everyone that I can find who has had the UML
> stubs compiled in unexpected ways, resulting in crashing.
> 
> I'd like testing of the patch below on as many gcc versions as possible.  I
> think this patch avoids the fundamental issue which is behind this, namely
> gcc using the stack when we have just replaced it, behind gcc's back.  The 
> remapping and storage of the return value is hidden in a blob of asm, hopefully
> giving gcc no room for creativity.
> 
> The patch changes both i386 and x86_64 and I'd appreciate testing on both
> architectures.  It's against -rc3, but should go cleanly against -rc4 as well.
> 
> Please report back both successes and failures.
> 
> 				Jeff




-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel

[uml-devel] Re: Stop the insanity

[Antoine Martin]

> arch/um/kernel/skas/clone.c: In function `stub_clone_handler':
> arch/um/include/sysdep/stub.h:45: error: can't find a register in class
> `BREG' while reloading `asm'
> arch/um/include/sysdep/stub.h:66: error: can't find a register in class
> `BREG' while reloading `asm'
> arch/um/include/sysdep/stub.h:55: error: can't find a register in class
> `BREG' while reloading `asm'
> arch/um/include/sysdep/stub.h:90: error: can't find a register in class
> `BREG' while reloading `asm'
> make[2]: *** [arch/um/kernel/skas/clone.o] Error 1
> make[1]: *** [arch/um/kernel/skas] Error 2
> make: *** [arch/um/kernel] Error 2
After switching to gcc-vanilla it compiles fine... (both with 3.3.6 and
3.4.4)
Later I will try all the gcc profiles to try to identify which hardened
patches cause the problem.

Antoine



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel

[uml-devel] Re: Stop the insanity

[Michael Richardson]

>>>>> "Antoine" == Antoine Martin <antoine@nagafix.co.uk> writes:
    Antoine> Thanks for taking a stab at sorting out this gcc madness.  I had
    Antoine> to apply it by hand on top of -rc3 (I then tried -rc4 too): (but
    Antoine> since no UML patches went into rc4 I guess it's just an offset
    Antoine> problem)

  I had no problems or complaints against -rc3.



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel

[uml-devel] Re: Stop the insanity

[Michael Richardson]

The following message is a courtesy copy of an article
that has been posted to gmane.linux.uml.devel as well.


>>>>> "Antoine" == Antoine Martin <antoine@nagafix.co.uk> writes:
    Antoine> Thanks for taking a stab at sorting out this gcc madness.  I had
    Antoine> to apply it by hand on top of -rc3 (I then tried -rc4 too): (but
    Antoine> since no UML patches went into rc4 I guess it's just an offset
    Antoine> problem)

  I had no problems or complaints against -rc3.



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel

[uml-devel] Re: Stop the insanity

[Rob Landley]

On Thursday 01 December 2005 18:13, Jeff Dike wrote:
> I'm sending this mail out to everyone that I can find who has had the UML
> stubs compiled in unexpected ways, resulting in crashing.
>
> I'd like testing of the patch below on as many gcc versions as possible.  I
> think this patch avoids the fundamental issue which is behind this, namely
> gcc using the stack when we have just replaced it, behind gcc's back.  The
> remapping and storage of the return value is hidden in a blob of asm,
> hopefully giving gcc no room for creativity.
>
> The patch changes both i386 and x86_64 and I'd appreciate testing on both
> architectures.  It's against -rc3, but should go cleanly against -rc4 as
> well.
>
> Please report back both successes and failures.

Seems to work ok on Ubuntu with gcc 3.3.5...  The x86-64 PLD build broke but 
that's just the /lib64 issue, patch that...  The result works just fine there 
too.

Thumbs up.

(My gcc 4.0+uClibc build system died with a header file issue trying to build 
-rc4.  I'll track that down later, but it's not related to this patch.  Might 
easily be something wrong on my end...)

Rob
-- 
Steve Ballmer: Innovation!  Inigo Montoya: You keep using that word.
I do not think it means what you think it means.


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel

[uml-devel] Re: Stop the insanity

[Michael Richardson]

[-- Attachment #1: Type: text/plain, Size: 675 bytes --]


>>>>> "Jeff" == Jeff Dike <jdike@addtoit.com> writes:
    Jeff> I'm sending this mail out to everyone that I can find who has had
    Jeff> the UML stubs compiled in unexpected ways, resulting in crashing.

    Jeff> I'd like testing of the patch below on as many gcc versions as
    Jeff> possible.  I think this patch avoids the fundamental issue which is
    Jeff> behind this, namely gcc using the stack when we have just replaced
    Jeff> it, behind gcc's back.  The remapping and storage of the return

Linux version 2.6.15-rc3-gefe3e2df (mcr@marajade.sandelman.ca) (gcc version 3.3.5 (Debian 1:3.3.5-13)) #7 Fri Dec 2 13:42:13 EST 2005

boots and runs.

Thank you!


[-- Attachment #2: Type: application/pgp-signature, Size: 480 bytes --]