[OpenWrt-Devel] uClibc bug: epoll_pwait broken on OpenWrt x86
Matthias Schiffer
mschiffer at universe-factory.net
Mon Sep 1 06:41:00 EDT 2014
Sure, I've attached my testcase (source and compiled for Barrier Breaker).
Matthias
On 09/01/2014 08:31 AM, Waldemar Brodkorb wrote:
> Hi,
> can you provide a simple testcase showing the bug?
> best regards
> Waldemar
>
>
>> Am 01.09.2014 um 00:53 schrieb Matthias Schiffer <mschiffer at universe-factory.net>:
>>
>> Hi,
>> I'm posting this on both the OpenWrt and the uClibc lists to hopefully
>> find someone who has an idea how the code in question might ever have
>> worked (if it ever has...). The issue probably affects not only
>> epoll_pwait, but also other syscall6 on i386. It can be seen on all
>> OpenWrt versions ranging from Attitude Adjustment to Barrier Breaker
>> (and probably also the current trunk).
>>
>> I noticed that epoll_pwait always returns EINVAL when I supply a signal
>> set; analzing it with gdb I found out that %ebp contains a stack address
>> instead of the length of the signal set (which should be 8).
>>
>> Looking at the generated code reveals this:
>>
>> 0000b360 <__libc_epoll_pwait>:
>> b360: 55 push %ebp
>> b361: 57 push %edi
>> b362: 56 push %esi
>> b363: 53 push %ebx
>> b364: 51 push %ecx
>> b365: e8 eb ef ff ff call a355 <__x86.get_pc_thunk.bx>
>> b36a: 81 c3 8a 4c 04 00 add $0x44c8a,%ebx
>> b370: 8b 74 24 24 mov 0x24(%esp),%esi
>> b374: 8b 7c 24 28 mov 0x28(%esp),%edi
>> b378: c7 04 24 08 00 00 00 movl $0x8,(%esp) #1
>> b37f: 65 a1 0c 00 00 00 mov %gs:0xc,%eax
>> b385: 85 c0 test %eax,%eax
>> b387: 75 33 jne b3bc
>> <__libc_epoll_pwait+0x5c>
>> b389: 8b 44 24 18 mov 0x18(%esp),%eax
>> b38d: 8b 4c 24 1c mov 0x1c(%esp),%ecx
>> b391: 8b 54 24 20 mov 0x20(%esp),%edx
>> b395: 53 push %ebx #2
>> b396: 89 c3 mov %eax,%ebx
>> b398: 55 push %ebp #3
>> b399: 8b 2c 24 mov (%esp),%ebp #4
>> b39c: b8 3f 01 00 00 mov $0x13f,%eax
>> b3a1: cd 80 int $0x80
>> ...
>>
>> As can be seen, the value 8 is moved onto the stack at #1 and is
>> supposed to be moved to %ebp at #4. Unfortunately, #2 and #3 move the
>> stack pointer...
>>
>> _______________________________________________
>> uClibc mailing list
>> uClibc at uclibc.org
>> http://lists.busybox.net/mailman/listinfo/uclibc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: epoll_test
Type: application/octet-stream
Size: 5806 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20140901/0c77966b/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: epoll_test.c
Type: text/x-csrc
Size: 359 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20140901/0c77966b/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20140901/0c77966b/attachment.sig>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list