Bug 1147137

Summary: Valgrind 3.9.0 does not recognize bndmov instruction
Product: [Fedora] Fedora Reporter: Mark Wielaard <mjw>
Component: valgrindAssignee: Mark Wielaard <mjw>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: abeekhof, dodji, extras-qa, jakub, kalevlember, matteo, mjw, mjw, paulo.cesar.pereira.de.andrade, redhat-bugzilla, zbyszek
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard:
Fixed In Version: valgrind-3.9.0-9.fc20 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1087933 Environment:
Last Closed: 2014-10-06 05:01:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1087933    
Bug Blocks:    

Description Mark Wielaard 2014-09-27 09:54:06 UTC 
This was already fixed in valgrind 3.10.0 included in fedora 21 and rawhide.

+++ This bug was initially created as a clone of Bug #1087933 +++

Rawhide updated as of yesterday:

vex amd64->IR: unhandled instruction bytes: 0x66 0xF 0x1B 0x4 0x24 0x66 0xF 0x1B
vex amd64->IR:   REX=0 REX.W=0 REX.R=0 REX.X=0 REX.B=0
vex amd64->IR:   VEX=0 VEX.L=0 VEX.nVVVV=0x0 ESC=0F
vex amd64->IR:   PFX.66=1 PFX.F2=0 PFX.F3=0
==25224== valgrind: Unrecognised instruction at address 0x3e50c17387.
==25224==    at 0x3E50C17387: _dl_runtime_resolve (in /usr/lib64/ld-2.19.90.so)


0000003e50c17360 <_dl_runtime_resolve>:
  3e50c17360:   48 83 ec 78             sub    $0x78,%rsp
  3e50c17364:   48 89 44 24 40          mov    %rax,0x40(%rsp)
  3e50c17369:   48 89 4c 24 48          mov    %rcx,0x48(%rsp)
  3e50c1736e:   48 89 54 24 50          mov    %rdx,0x50(%rsp)
  3e50c17373:   48 89 74 24 58          mov    %rsi,0x58(%rsp)
  3e50c17378:   48 89 7c 24 60          mov    %rdi,0x60(%rsp)
  3e50c1737d:   4c 89 44 24 68          mov    %r8,0x68(%rsp)
  3e50c17382:   4c 89 4c 24 70          mov    %r9,0x70(%rsp)
  3e50c17387:   66 0f 1b 04 24          bndmov %bnd0,(%rsp)                <-- here
  3e50c1738c:   66 0f 1b 4c 24 10       bndmov %bnd1,0x10(%rsp)
  3e50c17392:   66 0f 1b 54 24 20       bndmov %bnd2,0x20(%rsp)
  3e50c17398:   66 0f 1b 5c 24 30       bndmov %bnd3,0x30(%rsp)

--- Additional comment from Mark Wielaard on 2014-04-20 15:59:50 EDT ---

Confirmed. With vgdb attached and glibc-debuginfo installed:

Program received signal SIGILL, Illegal instruction.
_dl_runtime_resolve () at ../sysdeps/x86_64/dl-trampoline.S:72
72              bndmov %bnd0, REGISTER_SAVE_BND0(%rsp)

(gdb) list
67              movq %r9, REGISTER_SAVE_R9(%rsp)
68      #ifndef __ILP32__
69              # We also have to preserve bound registers.  These are nops if
70              # Intel MPX isn't available or disabled.
71      # ifdef HAVE_MPX_SUPPORT
72              bndmov %bnd0, REGISTER_SAVE_BND0(%rsp)
73              bndmov %bnd1, REGISTER_SAVE_BND1(%rsp)
74              bndmov %bnd2, REGISTER_SAVE_BND2(%rsp)
75              bndmov %bnd3, REGISTER_SAVE_BND3(%rsp)
76      # else
(gdb) 
77              .byte 0x66,0x0f,0x1b,0x44,0x24,REGISTER_SAVE_BND0
78              .byte 0x66,0x0f,0x1b,0x4c,0x24,REGISTER_SAVE_BND1
79              .byte 0x66,0x0f,0x1b,0x54,0x24,REGISTER_SAVE_BND2
80              .byte 0x66,0x0f,0x1b,0x5c,0x24,REGISTER_SAVE_BND3
81      # endif
82      #endif
83              # Copy args pushed by PLT in register.
84              # %rdi: link_map, %rsi: reloc_index
85              movq (REGISTER_SAVE_AREA + 8)(%rsp), %rsi
86              movq REGISTER_SAVE_AREA(%rsp), %rdi
(gdb) 

So in theory this should be easy to implement assuming we can just make bndmov into a NOP for valgrind.

--- Additional comment from Mark Wielaard on 2014-04-20 16:28:20 EDT ---

Reported upstream https://bugs.kde.org/show_bug.cgi?id=333666

--- Additional comment from Mark Wielaard on 2014-04-24 14:16:39 EDT ---



--- Additional comment from Mark Wielaard on 2014-04-27 06:35:03 EDT ---



--- Additional comment from Mark Wielaard on 2014-05-08 12:05:42 EDT ---

I submitted a fix upsteam and included it in the new valgrind-3.9.0-12.svn20140319r13879.fc21

--- Additional comment from Kalev Lember on 2014-05-08 12:11:53 EDT ---

You are a hero, thanks!
Comment 1 Fedora Update System 2014-09-27 11:53:01 UTC 
valgrind-3.9.0-9.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/valgrind-3.9.0-9.fc20
Comment 2 Fedora Update System 2014-09-28 04:29:58 UTC 
Package valgrind-3.9.0-9.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing valgrind-3.9.0-9.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-11768/valgrind-3.9.0-9.fc20
then log in and leave karma (feedback).
Comment 3 Fedora Update System 2014-10-06 05:01:00 UTC 
valgrind-3.9.0-9.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.