$ uname -a Linux bnocera 2.6.9-1.906_EL #1 Sun Dec 12 22:51:52 EST 2004 i686 i686 i386 GNU/Linux $ file test test: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, dynamically linked (uses shared libs), not stripped $ strace -v ./a.out 2>&1 | grep old old_mmap(NULL, 76063, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fed000 old_mmap(0x469000, 1215644, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x469000 old_mmap(0x58c000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x123000) = 0x58c000 old_mmap(0x590000, 7324, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x590000 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fec000 On the 64 bit machine: rpm -q strace strace-4.5.9-2.EL3 [root@host-59 tmp]# uname -a Linux host-59.support.localnet 2.4.21-27.0.2.ELsmp #1 SMP Wed Jan 12 23:25:44 EST 2005 x86_64 x86_64 x86_64 GNU/Linux [root@host-59 tmp]# file test test: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, dynamically linked (uses shared libs), not stripped [root@host-59 tmp]# strace -v ./test 2>&1 | grep old old_mmap(0xedf500000000, 8589934593, PROT_READ|PROT_WRITE, 0xf /* MAP_??? */|MAP_FIXED|MAP_ANONYMOUS|MAP_NORESERVE|MAP_POPULATE|MAP_NONBLOCK|MAP_GROWSDOWN|MAP_DENYWRITE|MAP_EXECUTABLE|MAP_LOCKED|0xfffe06c0, 14849, 0x3b55b00000000) = 0x40016000 old_mmap(0x1375cc00000000, 8589934597, PROT_READ|PROT_WRITE, MAP_FILE, 0, 0) = 0x40025000 old_mmap(0x300040157000, 77309411331, PROT_READ|PROT_WRITE, MAP_FILE, 0, 0) = 0x40157000 old_mmap(0x25cc4015a000, 214748364803, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_GROWSDOWN|PROT_GROWSUP|0xfcfffff8, MAP_FILE, 0, 0) = 0x4015a000 old_mmap(0x100000000000, 146028888067, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_GROWSDOWN|PROT_GROWSUP|0xfcfffff8, 0x8 /* MAP_??? */|MAP_FIXED|MAP_NORESERVE|MAP_NONBLOCK|MAP_GROWSDOWN|MAP_EXECUTABLE|0x40000400, 1073744439, 0x840010307) = 0x4015d000 old_mmap() = -1 EFAULT (Bad address) test is built from the test.c below: #include <sys/syscall.h> #include <unistd.h> #include <sys/mman.h> int main (int argc, char **argv) { syscall (SYS_mmap2, NULL, 88983, PROT_READ, MAP_PRIVATE, 3, 0); return 0; }
The actual bug here is that the x86-64 kernel doing syscall tracing of a 32-bit process fails to reflect the %ebp value in %rbp, and so is inconsistent with what native 32-bit ptrace shows. This bug exists in the upstream kernel as well.
There are two bugs in the original report. This bug is tracking the kernel bug that gives wrong results for the mmap2 syscall, which is what the test case source mentions. However, the original complaints were about the old_mmap syscall output, which is an strace bug #162467 tracks now.
This bug is filed against RHEL 3, which is in maintenance phase. During the maintenance phase, only security errata and select mission critical bug fixes will be released for enterprise products. Since this bug does not meet that criteria, it is now being closed. For more information of the RHEL errata support policy, please visit: http://www.redhat.com/security/updates/errata/ If you feel this bug is indeed mission critical, please contact your support representative. You may be asked to provide detailed information on how this bug is affecting you.