From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/4410 Path: news.gmane.org!not-for-mail From: James Gregurich Newsgroups: gmane.linux.lib.musl.general Subject: mistake in powerpc clone.s? Date: Thu, 26 Dec 2013 16:08:19 -0600 Message-ID: <6CBC4CE2-CFF2-4FE6-8DD5-6FB2B1FCBA4A@mac.com> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\)) Content-Type: multipart/alternative; boundary="Apple-Mail=_7FABB6B5-18D3-4631-AE89-3CD01BAA1D83" X-Trace: ger.gmane.org 1388095713 14116 80.91.229.3 (26 Dec 2013 22:08:33 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 26 Dec 2013 22:08:33 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-4414-gllmg-musl=m.gmane.org@lists.openwall.com Thu Dec 26 23:08:39 2013 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1VwJ6a-0006SL-4N for gllmg-musl@plane.gmane.org; Thu, 26 Dec 2013 23:08:36 +0100 Original-Received: (qmail 17708 invoked by uid 550); 26 Dec 2013 22:08:34 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 17700 invoked from network); 26 Dec 2013 22:08:34 -0000 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.87,1.0.14,0.0.0000 definitions=2013-12-26_06:2013-12-24,2013-12-26,1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=1 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1308280000 definitions=main-1312260159 X-Mailer: Apple Mail (2.1827) Xref: news.gmane.org gmane.linux.lib.musl.general:4410 Archived-At: --Apple-Mail=_7FABB6B5-18D3-4631-AE89-3CD01BAA1D83 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 hi, I was tracking down some odd behavior in the debugger that makes it at = least appear as if a stack corruption has occurred. I followed it to = clone.s. could the following be a mistake? Notice that r30 is stored to $r1 - 16 = while it is restored to $r1 + 0. When I step through this code in the = debugger, once 'stwu 30, -16(1)=92 is executed gdb claims the stack is = corrupted=85and this corruption persists up into my project code. I = suspect the -16 should be a 0. Comments? # store non-volatile regs r30, r31 on stack in order to put our # start func and its arg there stwu 30, -16(1) stw 31, 4(1) ... # restore stack lwz 30, 0(1) lwz 31, 4(1) addi 1, 1, 16 blr gdb log: (gdb) bt =20 #0 0x01922e14 in clone () #1 0x0191d364 in __posix_spawnx ( res=3D,=20 path=3D, exec=3D0x1926b30 , fa=20 attr=3D, argv=3D0xbffff7e8, envp=3D0xbff6 Backtrace stopped: previous frame inner to this frame (corrupt stack?) (gdb) disass Dump of assembler code for function clone: 0x01922e10 <+0>: stwu r30,-16(r1) =3D> 0x01922e14 <+4>: stw r31,4(r1) 0x01922e18 <+8>: mr r30,r3 0x01922e1c <+12>: mr r31,r6 0x01922e20 <+16>: mr r3,r5 0x01922e24 <+20>: mr r5,r7 0x01922e28 <+24>: mr r6,r8 0x01922e2c <+28>: mr r7,r9 0x01922e30 <+32>: li r0,120 0x01922e34 <+36>: sc =20 0x01922e38 <+40>: bns+ 0x1922e40 0x01922e3c <+44>: neg r3,r3 0x01922e40 <+48>: cmpwi cr7,r3,0 0x01922e44 <+52>: bne- cr7,0x1922e5c 0x01922e48 <+56>: mr r3,r31 0x01922e4c <+60>: mtctr r30 0x01922e50 <+64>: bctrl 0x01922e54 <+68>: li r0,1 0x01922e58 <+72>: sc =20 0x01922e5c <+76>: lwz r30,0(r1) 0x01922e60 <+80>: lwz r31,4(r1) 0x01922e64 <+84>: addi r1,r1,16 0x01922e68 <+88>: blr End of assembler dump. --Apple-Mail=_7FABB6B5-18D3-4631-AE89-3CD01BAA1D83 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=windows-1252

hi,

I was tracking = down some odd behavior in the debugger that makes it at least appear as = if a stack corruption has occurred. I followed it to = clone.s.

could = the following be a mistake? Notice that r30 is stored to $r1 - 16 = while it is restored to $r1 + 0. When I step through this code in = the debugger, once 'stwu 30, -16(1)=92 is executed gdb claims the stack is corrupted=85and = this corruption persists up into my project code. I suspect the -16 = should be a 0. = Comments?

# store non-volatile regs = r30, r31 on stack in order to put our

# start = func and its arg there

stwu 30, = -16(1)

stw 31, 4(1)

...

# = restore stack

lwz 30, 0(1)

lwz 31, 4(1)

addi 1, 1, 16

blr

<= br>

gdb = log:

(gdb) = bt

#0 0x01922e14 in clone ()

#1 = 0x0191d364 in __posix_spawnx (

res=3D<unknown = type in /root/test/SuperNodeDmx.elf.debug, CU 0x128482, DIE = 0x1284b9>,

path=3D<unknown type in = /root/test/SuperNodeDmx.elf.debug, CU 0x128482, DIE 0x1284c8>, = exec=3D0x1926b30 <execve>, fa

= attr=3D<unknown type in /root/test/SuperNodeDmx.elf.debug, CU = 0x128482, DIE 0x1284f5>, argv=3D0xbffff7e8, envp=3D0xbff6

Backtrace = stopped: previous frame inner to this frame (corrupt stack?)

(gdb) = disass

Dump of assembler code for function clone:

= 0x01922e10 <+0>: stwu = r30,-16(r1)

=3D> 0x01922e14 <+4>: stw = r31,4(r1)

0x01922e18 <+8>: = mr r30,r3

0x01922e1c <+12>: = mr r31,r6

0x01922e20 = <+16>: mr r3,r5

= 0x01922e24 <+20>: mr = r5,r7

0x01922e28 <+24>: mr = r6,r8

0x01922e2c <+28>: = mr r7,r9

0x01922e30 <+32>: = li r0,120

0x01922e34 = <+36>: sc

= 0x01922e38 <+40>: bns+ 0x1922e40 = <clone+48>

0x01922e3c <+44>: = neg r3,r3

0x01922e40 <+48>: = cmpwi cr7,r3,0

0x01922e44 <+52>: = bne- cr7,0x1922e5c <clone+76>

= 0x01922e48 <+56>: mr = r3,r31

0x01922e4c <+60>: mtctr = r30

0x01922e50 <+64>: = bctrl

0x01922e54 <+68>: li = r0,1

0x01922e58 <+72>: = sc

0x01922e5c <+76>: = lwz r30,0(r1)

0x01922e60 <+80>: = lwz r31,4(r1)

0x01922e64 = <+84>: addi r1,r1,16

= 0x01922e68 <+88>: blr

End of assembler = dump.

= --Apple-Mail=_7FABB6B5-18D3-4631-AE89-3CD01BAA1D83--