| Message ID | 20180511115228.22098-1-andrew.burgess@embecosm.com |
|---|---|
| State | New, archived |
| Headers |
Received: (qmail 119973 invoked by alias); 11 May 2018 11:52:37 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: <gdb-patches.sourceware.org> List-Unsubscribe: <mailto:gdb-patches-unsubscribe-##L=##H@sourceware.org> List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org> List-Archive: <http://sourceware.org/ml/gdb-patches/> List-Post: <mailto:gdb-patches@sourceware.org> List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs> Sender: gdb-patches-owner@sourceware.org Delivered-To: mailing list gdb-patches@sourceware.org Received: (qmail 119949 invoked by uid 89); 11 May 2018 11:52:36 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.4 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE, SPF_PASS autolearn=ham version=3.3.2 spammy=sk:8ee2205, i387tdepc, UD:i387-tdep.c, mxcsr X-HELO: mail-wr0-f175.google.com Received: from mail-wr0-f175.google.com (HELO mail-wr0-f175.google.com) (209.85.128.175) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 11 May 2018 11:52:34 +0000 Received: by mail-wr0-f175.google.com with SMTP id y15-v6so5053725wrg.11 for <gdb-patches@sourceware.org>; Fri, 11 May 2018 04:52:34 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=pTBGvrx2S6DmneQ9U/sQupjrT1oVaIOt7kakjYsBYDE=; b=io3XIKr3cqfXMk4fpQZdRMf6aidu4k25veA6b+HJk0iMzKwjbflGPmjNTO3W1c1x6O 0/1IPTCLj9a94oo6M0YyjGgnVZqx7oIQ7lhHm9RClNZS0YLht36jrH4UOv68kc23xcQi 8rvrPSCILQCsZ2JZEKNUTn+5WIzsE0di5bTBKc33o/LUOgbprX0uHPfuwPxK1J8LVJe8 H2x+ituzY3XXzTGnX5az1hAIl1NW66fadY3esXAh8RDyS0X9jOF+iSlgOEjeT4VTyf5R d6+Nd42zcA/s2msvkTEGNrW2GFSbBx548ln7n4cBT/yiPVahkJKpM/CHhMLhuwrVJlmL taIw== X-Gm-Message-State: ALKqPweuslsqVdLVCTxt+HcaKKaPe0fPK/MU+iZuSWbblW3COQ2Un5CE dNsG+CqDaqhlajTjJzsxrsfzngcA X-Google-Smtp-Source: AB8JxZqp2nAthXIdtQ2dXj+m+pZBsUAXuqEvB0/GvLq3DewnE0vw3EBUmlaRgKJKlcAEy56OXmPieA== X-Received: by 2002:adf:c88c:: with SMTP id k12-v6mr4593252wrh.6.1526039552183; Fri, 11 May 2018 04:52:32 -0700 (PDT) Received: from localhost (host81-147-175-127.range81-147.btcentralplus.com. [81.147.175.127]) by smtp.gmail.com with ESMTPSA id k28-v6sm4399032wrk.46.2018.05.11.04.52.31 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 11 May 2018 04:52:31 -0700 (PDT) From: Andrew Burgess <andrew.burgess@embecosm.com> To: gdb-patches@sourceware.org Cc: Andrew Burgess <andrew.burgess@embecosm.com> Subject: [PATCH] gdb/x86: Fix write out of mxcsr register for xsave targets Date: Fri, 11 May 2018 12:52:28 +0100 Message-Id: <20180511115228.22098-1-andrew.burgess@embecosm.com> X-IsSubscribed: yes |
Commit Message
Andrew Burgess
May 11, 2018, 11:52 a.m. UTC
In commit:
commit 8ee22052f690c007556b97eed59f49350ece5ca9
Author: Andrew Burgess <andrew.burgess@embecosm.com>
Date: Thu May 3 17:46:14 2018 +0100
gdb/x86: Handle kernels using compact xsave format
in two places FXSAVE_ADDR was used instead of FXSAVE_MXCSR_ADDR to get
the address of the mxcsr register within the xsave buffer. This will
mean we are potentially accessing the wrong location within the xsave
buffer.
There are no tests included with this patch. The first mistake would
only trigger an issue if/when the user tries to manually set the mxcsr
register to a value that matches the random (value off stack) value
that is in the xsave buffer, in this case the change by the user will
go unnoticed by GDB, and the default value of mxcsr will be preserved.
The second mistake only happens on the code path where all x87
registers are being written out of the register cache. I'm not sure
how to trigger that code path.
gdb/ChangeLog:
* i387-tdep.c (i387_collect_xsave): Use FXSAVE_MXCSR_ADDR not
FXSAVE_ADDR for the mxcsr register.
---
gdb/ChangeLog | 5 +++++
gdb/i387-tdep.c | 4 ++--
2 files changed, 7 insertions(+), 2 deletions(-)
Comments
On 05/11/2018 12:52 PM, Andrew Burgess wrote: > In commit: > > commit 8ee22052f690c007556b97eed59f49350ece5ca9 > Author: Andrew Burgess <andrew.burgess@embecosm.com> > Date: Thu May 3 17:46:14 2018 +0100 > > gdb/x86: Handle kernels using compact xsave format > > in two places FXSAVE_ADDR was used instead of FXSAVE_MXCSR_ADDR to get > the address of the mxcsr register within the xsave buffer. This will > mean we are potentially accessing the wrong location within the xsave > buffer. > > There are no tests included with this patch. The first mistake would > only trigger an issue if/when the user tries to manually set the mxcsr > register to a value that matches the random (value off stack) value > that is in the xsave buffer, in this case the change by the user will > go unnoticed by GDB, and the default value of mxcsr will be preserved. > > The second mistake only happens on the code path where all x87 > registers are being written out of the register cache. I'm not sure > how to trigger that code path. > OK as is. How did you notice this? Valgrind? Thanks, Pedro Alves
* Pedro Alves <palves@redhat.com> [2018-05-11 18:14:20 +0100]: > On 05/11/2018 12:52 PM, Andrew Burgess wrote: > > In commit: > > > > commit 8ee22052f690c007556b97eed59f49350ece5ca9 > > Author: Andrew Burgess <andrew.burgess@embecosm.com> > > Date: Thu May 3 17:46:14 2018 +0100 > > > > gdb/x86: Handle kernels using compact xsave format > > > > in two places FXSAVE_ADDR was used instead of FXSAVE_MXCSR_ADDR to get > > the address of the mxcsr register within the xsave buffer. This will > > mean we are potentially accessing the wrong location within the xsave > > buffer. > > > > There are no tests included with this patch. The first mistake would > > only trigger an issue if/when the user tries to manually set the mxcsr > > register to a value that matches the random (value off stack) value > > that is in the xsave buffer, in this case the change by the user will > > go unnoticed by GDB, and the default value of mxcsr will be preserved. > > > > The second mistake only happens on the code path where all x87 > > registers are being written out of the register cache. I'm not sure > > how to trigger that code path. > > > > OK as is. > > How did you notice this? Valgrind? That's a funny story... I had reason to compile HEAD on a machine with GCC 5.4, and the build failed with a warning that 'i' was used uninitialised in this block: /* The mxcsr register is written into the xsave buffer if either AVX or SSE is enabled, so only clear it if both of those features require clearing. */ if ((clear_bv & (X86_XSTATE_AVX | X86_XSTATE_SSE)) == (X86_XSTATE_AVX | X86_XSTATE_SSE)) store_unsigned_integer (FXSAVE_ADDR (tdep, regs, i), 2, byte_order, I387_MXCSR_INIT_VAL); Now the warning from GCC is bogus, 'i' will be initialised, but it's not going to be initialised correctly, and when I looked into how to set 'i' to the correct value I realised the mistake I made. After that I double checked all the accesses to mxcsr that I changed, and found the second bug. Just a lucky find at the end of the day :) Thanks, Andrew
diff --git a/gdb/i387-tdep.c b/gdb/i387-tdep.c index aca70c186f9..3effc35b174 100644 --- a/gdb/i387-tdep.c +++ b/gdb/i387-tdep.c @@ -1490,7 +1490,7 @@ i387_collect_xsave (const struct regcache *regcache, int regnum, require clearing. */ if ((clear_bv & (X86_XSTATE_AVX | X86_XSTATE_SSE)) == (X86_XSTATE_AVX | X86_XSTATE_SSE)) - store_unsigned_integer (FXSAVE_ADDR (tdep, regs, i), 2, byte_order, + store_unsigned_integer (FXSAVE_MXCSR_ADDR (regs), 2, byte_order, I387_MXCSR_INIT_VAL); if ((clear_bv & X86_XSTATE_X87)) @@ -1643,7 +1643,7 @@ i387_collect_xsave (const struct regcache *regcache, int regnum, { i = I387_MXCSR_REGNUM (tdep); regcache_raw_collect (regcache, i, raw); - p = FXSAVE_ADDR (tdep, regs, i); + p = FXSAVE_MXCSR_ADDR (regs); if (memcmp (raw, p, 4)) { /* Now, we need to mark one of either SSE of AVX as enabled.