Bug 160049

Summary: x86-64 on 32-bit vdso syscall entry, %ebp value is not seen in %rbp via ptrace
Product: Red Hat Enterprise Linux 3 Reporter: Bastien Nocera <bnocera>
Component: kernelAssignee: Roland McGrath <roland>
Status: CLOSED WONTFIX QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: jparadis, mwesley, peterm, petrides, tao
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-10-19 19:00:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 162467    
Bug Blocks: 170417    

Description Bastien Nocera 2005-06-10 14:35:20 UTC 
$ uname -a
Linux bnocera 2.6.9-1.906_EL #1 Sun Dec 12 22:51:52 EST 2004 i686 i686 i386
GNU/Linux
$ file test
test: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux
2.2.5, dynamically linked (uses shared libs), not stripped
$ strace -v ./a.out 2>&1 | grep old
old_mmap(NULL, 76063, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fed000
old_mmap(0x469000, 1215644, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x469000
old_mmap(0x58c000, 16384, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x123000) = 0x58c000
old_mmap(0x590000, 7324, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x590000
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7fec000

On the 64 bit machine:
rpm -q strace
strace-4.5.9-2.EL3
[root@host-59 tmp]# uname -a
Linux host-59.support.localnet 2.4.21-27.0.2.ELsmp #1 SMP Wed Jan 12 23:25:44
EST 2005 x86_64 x86_64 x86_64 GNU/Linux
[root@host-59 tmp]# file test
test: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux
2.2.5, dynamically linked (uses shared libs), not stripped
[root@host-59 tmp]# strace -v ./test 2>&1 | grep old
old_mmap(0xedf500000000, 8589934593, PROT_READ|PROT_WRITE, 0xf /* MAP_???
*/|MAP_FIXED|MAP_ANONYMOUS|MAP_NORESERVE|MAP_POPULATE|MAP_NONBLOCK|MAP_GROWSDOWN|MAP_DENYWRITE|MAP_EXECUTABLE|MAP_LOCKED|0xfffe06c0,
14849, 0x3b55b00000000) = 0x40016000
old_mmap(0x1375cc00000000, 8589934597, PROT_READ|PROT_WRITE, MAP_FILE, 0, 0) =
0x40025000
old_mmap(0x300040157000, 77309411331, PROT_READ|PROT_WRITE, MAP_FILE, 0, 0) =
0x40157000
old_mmap(0x25cc4015a000, 214748364803,
PROT_READ|PROT_WRITE|PROT_EXEC|PROT_GROWSDOWN|PROT_GROWSUP|0xfcfffff8, MAP_FILE,
0, 0) = 0x4015a000
old_mmap(0x100000000000, 146028888067,
PROT_READ|PROT_WRITE|PROT_EXEC|PROT_GROWSDOWN|PROT_GROWSUP|0xfcfffff8, 0x8 /*
MAP_???
*/|MAP_FIXED|MAP_NORESERVE|MAP_NONBLOCK|MAP_GROWSDOWN|MAP_EXECUTABLE|0x40000400,
1073744439, 0x840010307) = 0x4015d000
old_mmap()                              = -1 EFAULT (Bad address)

test is built from the test.c below:
#include <sys/syscall.h>
#include <unistd.h>
#include <sys/mman.h>

int main (int argc, char **argv)
{
        syscall (SYS_mmap2, NULL, 88983, PROT_READ, MAP_PRIVATE, 3, 0);
        return 0;
}
Comment 3 Roland McGrath 2005-07-05 04:18:12 UTC 
The actual bug here is that the x86-64 kernel doing syscall tracing of a 32-bit
process fails to reflect the %ebp value in %rbp, and so is inconsistent with
what native 32-bit ptrace shows.  This bug exists in the upstream kernel as well.
Comment 4 Roland McGrath 2005-07-05 09:46:47 UTC 
There are two bugs in the original report.  This bug is tracking the kernel bug
that gives wrong results for the mmap2 syscall, which is what the test case
source mentions.  However, the original complaints were about the old_mmap
syscall output, which is an strace bug #162467 tracks now.
Comment 12 RHEL Program Management 2007-10-19 19:00:42 UTC 
This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
 
For more information of the RHEL errata support policy, please visit:
http://www.redhat.com/security/updates/errata/
 
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.