From: "Helge Deller" <deller@gmx.de>
To: "John David Anglin" <dave@hiauly1.hia.nrc.ca>
Cc: linux-parisc@vger.kernel.org, dave.anglin@nrc-cnrc.gc.ca,
carlos@systemhalted.org
Subject: Re: futex wait failure
Date: Mon, 04 Jan 2010 17:27:32 +0100 [thread overview]
Message-ID: <20100104162732.10090@gmx.net> (raw)
In-Reply-To: <20100101034858.80D264EA9@hiauly1.hia.nrc.ca>
> > I tested the patch and the testcase in
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D561203
> > still segfaults.
>=20
> I think the expect/tcl bug and the bug 561203 are related. Looking
> at the minifail core dump, I see:
>=20
> Core was generated by `./minifail'.
> Program terminated with signal 11, Segmentation fault.
> #0 0x00000000 in ?? ()
>=20
> So, how did we get to 0? $rp is 0, so we might have executed a
> return to this location. $r31 conains 0x4157cc4f.
>=20
> (gdb) disass 0x4157cc3c 0x4157cc5c
> Dump of assembler code from 0x4157cc3c to 0x4157cc5c:
> 0x4157cc3c <_IO_puts+332>: copy rp,r25
> 0x4157cc40 <_IO_puts+336>: copy r6,r24
> 0x4157cc44 <_IO_puts+340>: be,l b0(sr2,r0),sr0,r31
> 0x4157cc48 <_IO_puts+344>: ldi 0,r20
> 0x4157cc4c <_IO_puts+348>: ldi -b,r24
> 0x4157cc50 <_IO_puts+352>: cmpb,=3D,n r24,r21,0x4157cc38 <_IO_pu=
ts+328>
> 0x4157cc54 <_IO_puts+356>: nop
> 0x4157cc58 <_IO_puts+360>: ldi -2d,r25
I think I have an idea what could have happened and why it most of the =
times (but not always) crashes in the child process...
In ports/sysdeps/unix/sysv/linux/hppa/bits/atomic.h we have:
#define atomic_compare_and_exchange_val_acq(mem, newval, oldval) \
({ =
\
volatile int lws_errno; =
\
volatile int lws_ret; =
\
asm volatile( =
\
=2E..some assembly...
"stw %%r28, %0 \n\t" =
\
"sub %%r0, %%r21, %%r21 \n\t" =
\
"stw %%r21, %1 \n\t" =
\
: "=3Dm" (lws_ret), "=3Dm" (lws_errno) =
\
: "r" (mem), "r" (oldval), "r" (newval) =
\
: _LWS_CLOBBER =20
this means, that lws_errno and lws_ret are located on the stack.
With gdb I see this expanded to:
0x40705494 <start_thread+1204>: stw ret0,-1b8(sp)
0x40705498 <start_thread+1208>: sub r0,r21,r21
0x4070549c <start_thread+1212>: stw r21,-1b4(sp)
So, lws_ret/lws_errno are at -1b8/-1b4(sp).
And this LWS code is called from=20
=2E./nptl/sysdeps/pthread/createthread.c:
static int create_thread (struct pthread *pd, const struct pthread_attr=
*attr, STACK_VARIABLES_PARMS)
=2E..
int res =3D do_clone (pd, attr, clone_flags, start_thread,
STACK_VARIABLES_ARGS, 1);
if (res =3D=3D 0)
{
=2E..(line 216):
/* Enqueue the descriptor. */
do
pd->nextevent =3D __nptl_last_event;
while (atomic_compare_and_exchange_bool_acq(&__nptl_last_=
event, pd, pd->nextevent) !=3D 0);
And here is what could have happened:
a) do_clone() creates the child process.
b) the child process gets a new stack
c) the child calls atomic_compare_and_exchange_bool_acq() and thus the =
LWS code above.
d) the LWS code writes to the stack location at -1b8(sp), which is out =
of bounds for the child process (the child stack got only ~ 0x40 bytes =
initial room)
e) Thus the child either crashes, overwrites memory of the parent or do=
es other things wrong.
Additionally:
Due to the LWS assembly code and because we don't have many registers f=
ree while using LWS, gcc used %rp as a temporary register which may hav=
e fooled us in our thinking?
0x40705458 <start_thread+1144>: ldi 0,rp
0x4070545c <start_thread+1148>: ldi fb,r3
0x40705460 <start_thread+1152>: ldw -70(sp),ret0
0x40705464 <start_thread+1156>: ldw 214(ret0),ret1
0x40705468 <start_thread+1160>: copy r5,r26
0x4070546c <start_thread+1164>: copy ret1,r25
0x40705470 <start_thread+1168>: copy rp,r24
0x40705474 <start_thread+1172>: be,l b0(sr2,r0),sr0,r31
0x40705478 <start_thread+1176>: ldi 0,r20
0x4070547c <start_thread+1180>: ldi -b,r24
0x40705480 <start_thread+1184>: cmpb,=3D,n r24,r21,0x40705468 <start_th=
read+1160>
0x40705484 <start_thread+1188>: nop
0x40705488 <start_thread+1192>: ldi -2d,r25
0x4070548c <start_thread+1196>: cmpb,=3D,n r25,r21,0x40705468 <start_th=
read+1160>
0x40705490 <start_thread+1200>: nop
0x40705494 <start_thread+1204>: stw ret0,-1b8(sp)
0x40705498 <start_thread+1208>: sub r0,r21,r21
0x4070549c <start_thread+1212>: stw r21,-1b4(sp)
0x407054a0 <start_thread+1216>: ldw -1b4(sp),ret0
If my assumptions are correct, then we either could
a) use the gcc atomic builtins instead of own atomic code in libc6:
E.g: add to ports/sysdeps/unix/sysv/linux/hppa/bits/atomic.h:
=2E..
#if __GNUC_PREREQ (4, 1)
# define atomic_compare_and_exchange_val_acq(mem, newval, oldval) \
__sync_val_compare_and_swap (mem, oldval, newval)
# define atomic_compare_and_exchange_bool_acq(mem, newval, oldval) \
(! __sync_bool_compare_and_swap (mem, oldval, newval))
#elif __ASSUME_LWS_CAS
=2E...
b) change the assembly in=20
atomic_compare_and_exchange_val_acq()
to not put it's local variables (lws_errno and lws_ret) on the stack.
I'm currently testing option a).
Helge
(PS: I used a webmailer, so the indenting might be strange...)
--=20
GRATIS f=FCr alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
--
To unsubscribe from this list: send the line "unsubscribe linux-parisc"=
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2010-01-04 16:27 UTC|newest]
Thread overview: 194+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <no.id>
1999-06-10 18:32 ` [parisc-linux] booting problems Stan Sieler
1999-06-21 17:03 ` Hack to head.S John David Anglin
1999-06-21 19:38 ` John David Anglin
2000-10-11 20:11 ` [parisc-linux] __hp9000s700 predefined John David Anglin
2000-11-09 17:39 ` testcase for hppa64 gcc bug John David Anglin
2000-12-06 4:12 ` Jeffrey A Law
2000-12-06 4:14 ` John David Anglin
2000-12-06 5:28 ` Alan Modra
2001-02-01 1:19 ` [parisc-linux] " Jeffrey A Law
2000-11-09 23:57 ` abort in eliminate_regs compiling glob.c from glibc John David Anglin
2000-11-10 0:36 ` Alan Modra
2000-11-10 2:50 ` John David Anglin
2000-11-14 21:40 ` John David Anglin
2001-01-27 20:12 ` Richard Henderson
2000-12-14 0:48 ` pa reload problem John David Anglin
2000-12-14 3:43 ` Jeffrey A Law
2000-12-14 16:40 ` John David Anglin
2000-12-27 20:08 ` Jeffrey A Law
2000-12-28 5:18 ` John David Anglin
2000-12-16 20:38 ` [parisc-linux] PATCH: Adjust label usage count for new insns [was Re: pa reload problem] John David Anglin
2001-01-02 9:51 ` Jeffrey A Law
2002-01-07 18:39 ` [parisc-linux] PIC assembly John David Anglin
2002-01-09 1:05 ` Grant Grundler
2002-01-11 20:45 ` Grant Grundler
2002-07-15 17:21 ` [parisc-linux] compiling kernels with gcc-3.1 John David Anglin
2002-07-15 17:32 ` Randolph Chung
2002-07-15 17:43 ` Matthew Wilcox
2002-07-15 18:18 ` John David Anglin
2002-07-16 9:02 ` joel.soete
2002-07-16 17:01 ` [parisc-linux] gcc-3.[02] alignment problem John David Anglin
2002-07-16 17:22 ` Randolph Chung
2002-07-16 17:24 ` Matthew Wilcox
2002-07-16 17:24 ` Matthew Wilcox
2002-07-17 3:19 ` Randolph Chung
2002-07-17 3:19 ` Randolph Chung
2002-07-16 20:21 ` Richard Henderson
2002-07-16 20:21 ` Richard Henderson
2002-07-16 17:22 ` Randolph Chung
2002-07-16 17:01 ` John David Anglin
2002-07-16 17:27 ` [parisc-linux] gcc-3.2 bootstrap? John David Anglin
2003-01-31 21:27 ` [parisc-linux] PATCH hppa ordered load absolute ops John David Anglin
2003-01-31 21:27 ` John David Anglin
2003-08-31 19:10 ` [parisc-linux] Re: [glibc] tststatic failues, reduced to simp le testcase John David Anglin
2003-08-31 20:22 ` Carlos O'Donell
2003-08-31 20:47 ` John David Anglin
2003-09-01 6:05 ` Carlos O'Donell
2003-12-15 22:05 ` [parisc-linux] dlopen failed on 'libthread_db.so.1' - /lib/libthread_db.so.1: undefined symbol: ps_pglobal_lookup John David Anglin
2003-12-17 15:32 ` [parisc-linux] " Carlos O'Donell
2003-12-17 15:53 ` Carlos O'Donell
2003-12-17 16:43 ` [parisc-linux] Re: dlopen failed on 'libthread_db.so.1' - John David Anglin
2003-12-17 18:35 ` Carlos O'Donell
2003-12-18 0:21 ` John David Anglin
2003-12-18 0:32 ` John David Anglin
2003-12-18 0:42 ` [parisc-linux] Re: dlopen failed on 'libthread_db.so.1' -g John David Anglin
2004-01-07 21:14 ` [parisc-linux] [Testers wanted] New glibc with profiling fixed John David Anglin
2004-01-07 21:14 ` John David Anglin
2004-08-31 4:23 ` [parisc-linux] Re: linux signal race fixes, patches against hppa tree, please test John David Anglin
2004-08-31 20:43 ` [parisc-linux] Re: linux signal race fixes, patches against hppa tree, please te John David Anglin
2004-09-01 20:08 ` John David Anglin
2004-09-11 7:24 ` [parisc-linux] Another SIGSEGV, this time in /bin/sh John David Anglin
2004-09-13 15:01 ` [parisc-linux] " Carlos O'Donell
2004-09-02 6:29 ` [parisc-linux] Re: linux signal race fixes, patches against hppa tree, please te Carlos O'Donell
2005-03-05 21:53 ` [parisc-linux] Re: Comments? John David Anglin
2005-03-06 0:22 ` John David Anglin
2005-03-08 17:32 ` Carlos O'Donell
2005-03-08 17:44 ` John David Anglin
2005-03-08 17:54 ` Carlos O'Donell
2005-03-08 19:02 ` John David Anglin
2005-03-08 21:08 ` [parisc-linux] OPD's on hppa-linux, and what to do about __cffc's fragility Carlos O'Donell
2005-03-08 21:48 ` [parisc-linux] " John David Anglin
2005-03-08 21:52 ` John David Anglin
2005-03-08 22:25 ` Alan Modra
2005-03-10 15:31 ` Carlos O'Donell
2005-03-10 22:27 ` Alan Modra
2005-03-11 18:05 ` [parisc-linux] Solution to OPD's in hppa-linux, including a transition plan? Carlos O'Donell
2005-03-12 0:49 ` [parisc-linux] " John David Anglin
[not found] ` <20050315220842.GC22872@baldric.uwo.ca>
[not found] ` <20050315224142.GC21148@bubble.modra.org>
2005-03-16 20:36 ` Carlos O'Donell
2005-03-16 23:54 ` Alan Modra
[not found] ` <200503160410.j2G4ALcu021219@hiauly1.hia.nrc.ca>
2005-03-16 21:37 ` Carlos O'Donell
2005-03-17 3:51 ` John David Anglin
2005-07-16 2:55 ` [parisc-linux] Re: Non-inline math, and inline math broken, GCC to blame? (1 hppa tls toolchain regression) John David Anglin
2005-07-16 16:16 ` Carlos O'Donell
2005-07-16 17:37 ` John David Anglin
2005-07-16 17:54 ` John David Anglin
2005-07-16 19:41 ` Carlos O'Donell
2005-07-16 19:56 ` John David Anglin
2005-07-16 19:15 ` Carlos O'Donell
2005-08-16 3:32 ` [parisc-linux] Re: gsyprf11 and 2.6.13-rc3-pa1 John David Anglin
2005-12-26 19:58 ` [parisc-linux] strtold John David Anglin
2006-01-07 21:07 ` [parisc-linux] strtold Carlos O'Donell
2006-01-07 22:41 ` John David Anglin
2006-01-07 23:42 ` Carlos O'Donell
2006-01-07 23:49 ` John David Anglin
2006-01-07 23:56 ` John David Anglin
2006-01-08 4:28 ` Grant Grundler
2005-12-26 21:54 ` [parisc-linux] Re: nscd: error while loading shared libraries: unexpected reloc type 0x42 John David Anglin
2006-01-07 23:53 ` Carlos O'Donell
2006-01-08 0:16 ` [parisc-linux] Re: nscd: error while loading shared libraries: John David Anglin
2006-02-04 23:41 ` [parisc-linux] long double on hppa64-*-linux* John David Anglin
2006-02-05 0:45 ` Grant Grundler
2006-02-05 3:42 ` John David Anglin
2006-03-12 20:15 ` [parisc-linux] Re: gcj can't make shared libs on hppa John David Anglin
2006-03-13 14:24 ` Carlos O'Donell
2006-03-13 20:50 ` John David Anglin
2006-06-09 0:56 ` [parisc-linux] User space locks -- what's wrong John David Anglin
2007-01-03 1:41 ` [parisc-linux] Re: PA8800 Status (Happy New Year) John David Anglin
2007-01-03 4:24 ` John David Anglin
2007-02-17 20:32 ` [parisc-linux] Re: call_init in libc6 2.3.6.ds1-11 John David Anglin
2007-09-04 1:19 ` [parisc-linux] 2.6.23-rc5 warnings John David Anglin
2008-08-23 16:48 ` X won't start with VisEG and 2.6.22.19 John David Anglin
2008-08-24 10:35 ` Helge Deller
2008-08-24 14:09 ` John David Anglin
2008-08-24 14:38 ` Helge Deller
2009-05-03 0:48 ` Kernel Panic during init with 2.6.29-gb609308 (fresh clone of git John David Anglin
2009-08-23 21:21 ` Reproducible random python crash John David Anglin
2009-12-23 22:18 ` futex wait failure John David Anglin
2009-12-24 2:22 ` Carlos O'Donell
2009-12-28 18:59 ` John David Anglin
2009-12-29 13:47 ` Helge Deller
2009-12-29 15:00 ` John David Anglin
2009-12-30 10:49 ` Randolph Chung
2009-12-31 18:14 ` Carlos O'Donell
2009-12-31 19:11 ` Helge Deller
2010-01-01 3:49 ` John David Anglin
2010-01-01 5:02 ` John David Anglin
2010-01-04 16:27 ` Helge Deller [this message]
2010-01-04 17:16 ` Carlos O'Donell
2010-01-04 18:11 ` John David Anglin
2010-01-04 18:29 ` John David Anglin
2010-01-04 20:51 ` Helge Deller
2010-01-04 21:39 ` John David Anglin
2010-01-05 22:27 ` John David Anglin
2010-01-06 23:33 ` John David Anglin
2010-01-07 16:13 ` Helge Deller
2010-01-08 16:37 ` John David Anglin
2010-01-08 21:17 ` John David Anglin
2010-02-02 21:16 ` Helge Deller
2010-02-03 3:44 ` John David Anglin
2010-02-03 22:03 ` Helge Deller
2010-03-07 17:12 ` John David Anglin
2010-03-07 20:32 ` John David Anglin
2010-03-11 3:20 ` John David Anglin
2010-03-11 13:54 ` Kyle McMartin
2010-03-11 22:40 ` John David Anglin
2010-03-11 23:32 ` John David Anglin
2010-03-13 2:06 ` John David Anglin
2010-03-15 1:10 ` John David Anglin
2010-03-16 11:49 ` Carlos O'Donell
2010-03-21 18:19 ` John David Anglin
2010-03-22 14:26 ` Carlos O'Donell
2010-03-23 21:32 ` Carlos O'Donell
2010-03-23 22:23 ` John David Anglin
2010-02-03 22:44 ` Carlos O'Donell
2010-01-08 21:18 ` Helge Deller
2010-01-08 21:43 ` John David Anglin
2010-01-08 21:44 ` Carlos O'Donell
2010-01-08 21:44 ` Carlos O'Donell
2010-01-08 21:56 ` Kyle McMartin
2010-01-08 22:28 ` John David Anglin
2010-01-08 22:33 ` Kyle McMartin
2010-01-08 22:31 ` John David Anglin
2010-01-16 23:17 ` Helge Deller
2010-01-18 15:50 ` John David Anglin
2010-01-18 20:44 ` John David Anglin
2010-01-18 20:49 ` Carlos O'Donell
2010-01-29 17:53 ` Carlos O'Donell
2010-01-31 21:14 ` Helge Deller
2010-01-01 0:26 ` John David Anglin
2010-02-01 12:58 ` Carlos O'Donell
2010-02-01 15:47 ` John David Anglin
2010-02-01 19:02 ` Helge Deller
2010-02-01 19:11 ` John David Anglin
2010-02-01 21:36 ` Carlos O'Donell
2010-01-04 17:32 ` John David Anglin
2010-01-04 18:02 ` Carlos O'Donell
2010-01-04 18:22 ` John David Anglin
2010-01-04 21:24 ` Helge Deller
2009-12-31 22:38 ` John David Anglin
2010-01-01 0:36 ` John David Anglin
2009-12-22 15:03 John David Anglin
2009-12-22 15:52 ` Carlos O'Donell
[not found] <20091222164810.DBF3B516F@hiauly1.hia.nrc.ca>
2009-12-22 20:30 ` Carlos O'Donell
2009-12-22 22:05 ` John David Anglin
2009-12-23 15:01 ` Carlos O'Donell
2009-12-23 16:15 ` John David Anglin
2009-12-23 16:48 ` John David Anglin
2009-12-23 20:39 ` John David Anglin
2009-12-23 20:45 ` Carlos O'Donell
2009-12-23 20:46 ` Carlos O'Donell
2009-12-23 21:08 ` John David Anglin
2009-12-23 21:48 ` Carlos O'Donell
2009-12-23 20:36 ` Carlos O'Donell
2009-12-23 20:57 ` John David Anglin
[not found] ` <20091222212950.8E5F74EA9@hiauly1.hia.nrc.ca>
2009-12-23 14:56 ` Carlos O'Donell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100104162732.10090@gmx.net \
--to=deller@gmx.de \
--cc=carlos@systemhalted.org \
--cc=dave.anglin@nrc-cnrc.gc.ca \
--cc=dave@hiauly1.hia.nrc.ca \
--cc=linux-parisc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox