Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 135848 - syscall() behaviour wrong when called using _syscall6 macro
syscall() behaviour wrong when called using _syscall6 macro
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: glibc (Show other bugs)
2
i686 Linux
medium Severity high
: ---
: ---
Assigned To: Jakub Jelinek
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-10-15 08:06 EDT by Jonas Maebe
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-10-16 03:30:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Test case to reproduce crash (765 bytes, text/plain)
2004-10-15 08:07 EDT, Jonas Maebe 		no flags Details
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Jonas Maebe 2004-10-15 08:06:22 EDT 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.5 (KHTML, 
like Gecko) Safari/125.9

Description of problem:
This is the compiled code for syscall() in glibc:

0x0060e510 <syscall+0>: push   %edi
0x0060e511 <syscall+1>: push   %esi
0x0060e512 <syscall+2>: push   %ebx
0x0060e513 <syscall+3>: mov    0x24(%esp),%edi
0x0060e517 <syscall+7>: mov    0x20(%esp),%esi
0x0060e51b <syscall+11>:        mov    0x1c(%esp),%edx
0x0060e51f <syscall+15>:        mov    0x18(%esp),%ecx
0x0060e523 <syscall+19>:        mov    0x14(%esp),%ebx
0x0060e527 <syscall+23>:        mov    0x10(%esp),%eax
0x0060e52b <syscall+27>:        call   *%gs:0x10
0x0060e532 <syscall+34>:        pop    %ebx
0x0060e533 <syscall+35>:        pop    %esi
0x0060e534 <syscall+36>:        pop    %edi
0x0060e535 <syscall+37>:        cmp    $0xfffff001,%eax
0x0060e53a <syscall+42>:        jae    0x60e53d <syscall+45>
0x0060e53c <syscall+44>:        ret    
0x0060e53d <syscall+45>:        call   0x648ed6 <__i686.get_pc_thunk.cx>
0x0060e542 <syscall+50>:        add    $0x5faba,%ecx
0x0060e548 <syscall+56>:        mov    0xffffff3c(%ecx),%ecx
0x0060e54e <syscall+62>:        xor    %edx,%edx
0x0060e550 <syscall+64>:        sub    %eax,%edx
0x0060e552 <syscall+66>:        mov    %edx,%gs:0x0(%ecx)
0x0060e556 <syscall+70>:        or     $0xffffffff,%eax
0x0060e559 <syscall+73>:        jmp    0x60e53c <syscall+44>


The _syscall6() macro (in /usr/include/linux/unistd.h passes 6 parameters however. The 
last of these parameters should be loaded in %ebp before doing the syscall. Currently, this 
results in a bogus value to be passed as sixth parameter (the current value of ebp).

Version-Release number of selected component (if applicable):
glibc-2.3.3-27

How reproducible:
Always

Steps to Reproduce:
1. Compile and run the supplied demo program
    

Actual Results:  Bus error

Expected Results:  No error

Additional info:

The program works perfectly if "my_mmap" is replaced with glibc's mmap, because that 
one does not use the _syscall6() macro internally to call mmap2. You can use strace to 
verify that a bogus value is passed as 6th parameter to the mmap2 syscall with my 
version.
Comment 1 Jonas Maebe 2004-10-15 08:07:38 EDT 
Created attachment 105272 [details]
Test case to reproduce crash
Comment 2 Jakub Jelinek 2004-10-16 03:30:43 EDT 
FYI glibc doesn't use linux/unistd.h _syscall* macros, but its own.
Although all the 6 argument syscalls in glibc are currently covered
by saner glibc interfaces, I have changed this upstream and the change
will make it into the next rawhide glibc build.
http://sources.redhat.com/ml/libc-hacker/2004-10/msg00020.html
Comment 3 Jonas Maebe 2004-10-16 14:41:54 EDT 
Thanks!
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.