Re: recent SIGBUS/SIGSEGV mips kernel bug

All of lore.kernel.org
 help / color / mirror / Atom feed

From: David Daney <ddaney@caviumnetworks.com>
To: Camm Maguire <camm@maguirefamily.org>
Cc: debian-mips@lists.debian.org,
	Frederick Isaac <freddyisaac@gmail.com>,
	gcl-devel@gnu.org, linux-mips <linux-mips@linux-mips.org>
Subject: Re: recent SIGBUS/SIGSEGV mips kernel bug
Date: Wed, 20 Oct 2010 09:38:54 -0700	[thread overview]
Message-ID: <4CBF1B1E.6050804@caviumnetworks.com> (raw)
In-Reply-To: <87r5fksxby.fsf_-_@maguirefamily.org>

On 10/20/2010 08:22 AM, Camm Maguire wrote:
> Greetings!  Recent mips (aka gabrielli sid) appears to have a new
> SIGBUS/SIGSEGV bug.  Briefly, attempted writes to pages mprotected
> read-only occasionally pass a SIGBUS instead of SIGSEGV to the
> sigaction handler.  In such an instance, the code of the siginfo
> structure is 128, and the fault address is not filled in.  This
> behavior appears to hinge on writing from the floating point registers
> into the protected memory.
>

What processor is it running on?  Specifically does it have hardware 
floating point, or are the floating point instructions being emulated in 
the kernel?

It is conceivable that it is an FPU emulator bug.

David Daney


> strace:
>
> 30717 mprotect(0x2f59000, 4096, PROT_READ|PROT_EXEC) = 0
> 30717 mprotect(0x2f5a000, 745472, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
> 30717 mprotect(0x3010000, 323584, PROT_READ|PROT_EXEC) = 0
> 30717 mprotect(0x305f000, 548864, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
> 30717 mprotect(0x30e5000, 1220608, PROT_READ|PROT_EXEC) = 0
> 30717 mprotect(0x320f000, 53559296, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
> 30717 mprotect(0x6523000, 53739520, PROT_READ|PROT_EXEC) = 0
> 30717 mprotect(0x9863000, 60375040, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
> 30717 mprotect(0x6523000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
> 30717 --- SIGSEGV (Segmentation fault) @ 0 (0) ---  /* good */
> 30717 mprotect(0x31fb000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
> 30717 rt_sigreturn(0xdc5e80)            = -1 EPERM (Operation not permitted)
> 30717 --- SIGSEGV (Segmentation fault) @ 0 (0) ---  /* good */
> 30717 mprotect(0x9862000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
> 30717 rt_sigreturn(0xdc5e80)            = -1 EBADF (Bad file descriptor)
> 30717 --- SIGBUS (Bus error) @ 0 (0) ---  /* bad handler call */
>
> Here are the gdb details:
>
> (gdb) frame 28
> #28 0x004a3e98 in memprotect_handler (sig=10, code=2140765848,
>      scp=0x7f997f18, addr=0xfdb6c0 "\b") at sgbc.c:1687
> 1687	  segmentation_catcher(0);
> (gdb) p faddr
> $1 = 0x0
> (gdb) p/x *((siginfo_t *)code )
> $2 = {si_signo = 0xa, si_code = 0x80, si_errno = 0x0, __pad0 = 0x7f997e98,
>    _sifields = {_pad = {0x0, 0x0, 0x7f997eb4, 0x7f997fd4, 0x2167b80,
>        0x233c5b8, 0xde5e80, 0xbbec80, 0x65f8a80, 0x7f997ed0, 0x4951a8,
>        0xbbec80, 0xffffffff, 0x7f997ee0, 0x495170, 0xbbec80, 0x65f8a48,
>        0x7f997ef0, 0x4951a8, 0xbbec80, 0xffffffff, 0x7f997f00, 0x495170,
>        0xbbec80, 0x31ecc48, 0x7f997f10, 0xfdead4, 0x7f997f18, 0x454ebc},
>      _kill = {si_pid = 0x0, si_uid = 0x0}, _timer = {si_tid = 0x0,
>        si_overrun = 0x0, si_sigval = {sival_int = 0x7f997eb4,
>          sival_ptr = 0x7f997eb4}}, _rt = {si_pid = 0x0, si_uid = 0x0,
>        si_sigval = {sival_int = 0x7f997eb4, sival_ptr = 0x7f997eb4}},
>      _sigchld = {si_pid = 0x0, si_uid = 0x0, si_status = 0x7f997eb4,
>        si_utime = 0x7f997fd4, si_stime = 0x2167b80}, _sigfault = {
>        si_addr = 0x0}, _sigpoll = {si_band = 0x0, si_fd = 0x0}}}
> (gdb) up
> #29<signal handler called>
> (gdb) up
> #30 0x004484e8 in fSaset1 (x=0x29b5930, i=0, val=0x2d8d870) at array.c:231
> 231	      (x->lfa.lfa_self[i]) = Mlf(val);
> (gdb) p/x x->lfa.lfa_self
> $3 = 0x9861ff0
> (gdb) disassemble
>     0x004484d8<+1352>:	lwc1	$f0,12(v1)
>     0x004484dc<+1356>:	move	at,at
>     0x004484e0<+1360>:	lwc1	$f1,8(v1)
>     0x004484e4<+1364>:	move	at,at
> =>  0x004484e8<+1368>:	swc1	$f0,4(v0)
>     0x004484ec<+1372>:	swc1	$f1,0(v0)
> (gdb) i reg v1
> v1: 0x2d8d870
> (gdb) i reg f1
> f1:  0x3fa2056c flt: 1.26579046
> (gdb) i reg f0
> f0:  0x8f1afe4f flt: -7.64176427e-30   dbl: 0.035197632283140316
> (gdb) i reg v0
> v0: 0x9861ff0
>
> How should this be filed?
>
> Take care,

next      parent reply	other threads:[~2010-10-20 16:39 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <E1OwbkA-0006gv-Bi@localhost.m.enhanced.com>
     [not found] ` <4C93993E.7030008@caviumnetworks.com>
     [not found]   ` <8762y49k1k.fsf@maguirefamily.org>
     [not found]     ` <4C93D86D.5090201@caviumnetworks.com>
     [not found]       ` <87fwx4dwu5.fsf@maguirefamily.org>
     [not found]         ` <4C97D9A1.7050102@caviumnetworks.com>
     [not found]           ` <87lj6te9t1.fsf@maguirefamily.org>
     [not found]             ` <4C9A8BC9.1020605@caviumnetworks.com>
     [not found]               ` <4C9A9699.6080908@caviumnetworks.com>
     [not found]                 ` <87pqvbs7oa.fsf@maguirefamily.org>
     [not found]                   ` <4CB88D2C.8020900@caviumnetworks.com>
     [not found]                     ` <87r5fksxby.fsf_-_@maguirefamily.org>
2010-10-20 16:38                       ` David Daney [this message]
2010-10-20 21:31                         ` recent SIGBUS/SIGSEGV mips kernel bug Camm Maguire
2010-10-21 16:19                           ` David Daney
2010-10-21 16:32                             ` Camm Maguire
2010-10-21 17:29                             ` David Daney
2010-10-21 19:07                               ` Camm Maguire
2010-10-25 20:11                               ` Camm Maguire
2010-10-25 21:32                               ` gdb for mips64 Camm Maguire
2010-10-25 21:45                                 ` David Daney
2010-10-26 12:47                                   ` Maciej W. Rozycki
2010-10-26 17:19                                     ` David Daney
2010-11-01 16:24                                       ` mips and ADDR_NO_RANDOMIZE Camm Maguire
2010-11-01 18:06                                         ` David Daney
2010-11-01 18:24                                           ` Camm Maguire
2010-10-26 14:47                                   ` gdb for mips64 Camm Maguire
2010-10-26 20:12                                     ` [Gcl-devel] " Camm Maguire
2010-10-28 10:50                                       ` Maciej W. Rozycki
2010-10-28 21:28                                         ` Camm Maguire
2010-10-29  7:47                                           ` Maciej W. Rozycki
2010-10-29 15:52                                             ` Camm Maguire
2010-10-30 12:39                                               ` Maciej W. Rozycki

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4CBF1B1E.6050804@caviumnetworks.com \
    --to=ddaney@caviumnetworks.com \
    --cc=camm@maguirefamily.org \
    --cc=debian-mips@lists.debian.org \
    --cc=freddyisaac@gmail.com \
    --cc=gcl-devel@gnu.org \
    --cc=linux-mips@linux-mips.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.