﻿id,summary,reporter,owner,description,type,status,component,version,resolution,keywords,cc,guest,host
2618,linux libpthread issue corrupted gs register - possible  lock cmpxchg emulation issue?,joeba,,"Environment

VB 2.0.2, Host, RHEL 4.0, Guest RHEL 4.0, 32bit

Code only crashes under VB. Runs fine under VMWare and bare metal

Dump of Registers:
{{{
(gdb) info registers
eax            0x0      0
ecx            0xbff5237c       -1074453636
edx            0x4      4
ebx            0xbff5237c       -1074453636
esp            0xbff52320       0xbff52320
ebp            0xbff52320       0xbff52320
esi            0x0      0
edi            0x4      4
eip            0x848397 0x848397       /*** Fault instruction right here !!!! ***/
eflags         0x246    582
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x33     51
}}}
Here is the stack trace ...
{{{
(gdb) disassemble 0xcc2397
Dump of assembler code for function __pthread_disable_asynccancel:
0x00cc2390 <__pthread_disable_asynccancel+0>: push %ebp
0x00cc2391 <__pthread_disable_asynccancel+1>: test $0x2,%al
0x00cc2393 <__pthread_disable_asynccancel+3>: mov %esp,%ebp
0x00cc2395 <__pthread_disable_asynccancel+5>: jne 0xcc23b6 <__pthread_disable_asynccancel+38>
0x00cc2397 <__pthread_disable_asynccancel+7>: mov %gs:0x58,%edx /*** Same fault instruction ***/
0x00cc239e <__pthread_disable_asynccancel+14>: mov %edx,%ecx
0x00cc23a0 <__pthread_disable_asynccancel+16>: and $0xfffffffd,%ecx
0x00cc23a3 <__pthread_disable_asynccancel+19>: cmp %edx,%ecx
0x00cc23a5 <__pthread_disable_asynccancel+21>: je 0xcc23b6 <__pthread_disable_asynccancel+38>
0x00cc23a7 <__pthread_disable_asynccancel+23>: mov %edx,%eax
0x00cc23a9 <__pthread_disable_asynccancel+25>: lock cmpxchg
}}}

Here is the source of the code that caused the crash. It's the THREAD_GETMEM macro which is
part of the libpthreads implementation under linux ...
{{{
/* Read member of the thread descriptor directly. */

# define THREAD_GETMEM(descr, member) \
({ __typeof (descr->member) __value; \
if (sizeof (__value) == 1) \
asm volatile (""movb %%gs:%P2,%b0"" \
: ""=q"" (__value) \
: ""0"" (0), ""i"" (offsetof (struct pthread, member))); \[[BR]]
else if (sizeof (__value) == 4) \
asm volatile (""movl %%gs:%P1,%0"" \
: ""=r"" (__value) \
: ""i"" (offsetof (struct pthread, member))); \
else \
{ \
if (sizeof (__value) != Cool \
/* There should not be any value with a size other than 1, \
4 or 8. */ \
abort (); \
\
asm volatile (""movl %%gs:%P1,%%eax\n	"" \
""movl %%gs:%P2,%%edx"" \ /*** instruction that causes fault *****/
: ""=A"" (__value) \
: ""i"" (offsetof (struct pthread, member)), \
""i"" (offsetof (struct pthread, member) + 4)); \
} \
__value; })
}}}
I'm taking a guess at this, but could the lock instruction emulation cause this?",defect,closed,VMM,VirtualBox 2.0.2,fixed,,joseph.balenzano@…,other,Linux
