Opened 16 years ago
Last modified 15 years ago
#2618 closed defect
linux libpthread issue corrupted gs register - possible lock cmpxchg emulation issue? — at Initial Version
| Reported by: | joeba | Owned by: | |
|---|---|---|---|
| Component: | VMM | Version: | VirtualBox 2.0.2 |
| Keywords: | Cc: | joseph.balenzano@… | |
| Guest type: | other | Host type: | Linux |
Description
Environment
VB 2.0.2, Host, RHEL 4.0, Guest RHEL 4.0, 32bit
Code only crashes under VB. Runs fine under VMWare and bare metal
Dump of Registers:
(gdb) info registers
eax 0x0 0
ecx 0xbff5237c -1074453636
edx 0x4 4
ebx 0xbff5237c -1074453636
esp 0xbff52320 0xbff52320
ebp 0xbff52320 0xbff52320
esi 0x0 0
edi 0x4 4
eip 0x848397 0x848397 /* Fault instruction right here !!!! */
eflags 0x246 582
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
Here is the stack trace ...
(gdb) disassemble 0xcc2397
Dump of assembler code for function pthread_disable_asynccancel:
0x00cc2390 <pthread_disable_asynccancel+0>: push %ebp
0x00cc2391 <pthread_disable_asynccancel+1>: test $0x2,%al
0x00cc2393 <pthread_disable_asynccancel+3>: mov %esp,%ebp
0x00cc2395 <pthread_disable_asynccancel+5>: jne 0xcc23b6
<pthread_disable_asynccancel+38>
0x00cc2397 <pthread_disable_asynccancel+7>: mov %gs:0x58,%edx /* Same fault instruction */
0x00cc239e <pthread_disable_asynccancel+14>: mov %edx,%ecx
0x00cc23a0 <pthread_disable_asynccancel+16>: and $0xfffffffd,%ecx
0x00cc23a3 <pthread_disable_asynccancel+19>: cmp %edx,%ecx
0x00cc23a5 <pthread_disable_asynccancel+21>: je 0xcc23b6
<pthread_disable_asynccancel+38>
0x00cc23a7 <pthread_disable_asynccancel+23>: mov %edx,%eax
0x00cc23a9 <pthread_disable_asynccancel+25>: lock cmpxchg
Here is the source of the code that caused the crash. It's the THREAD_GETMEM macro which is part of the libpthreads implementation under linux ...
/* Read member of the thread descriptor directly. */
# define THREAD_GETMEM(descr, member) \
({ typeof (descr->member) value; \
if (sizeof (value) == 1) \
asm volatile ("movb %%gs:%P2,%b0" \
: "=q" (value) \
: "0" (0), "i" (offsetof (struct pthread, member))); \
else if (sizeof (value) == 4) \
asm volatile ("movl %%gs:%P1,%0" \
: "=r" (value) \
: "i" (offsetof (struct pthread, member))); \
else \
{ \
if (sizeof (value) != Cool \
/* There should not be any value with a size other than 1, \
4 or 8. */ \
abort (); \
\
asm volatile ("movl %%gs:%P1,%%eax\n " \
"movl %%gs:%P2,%%edx" \ /* instruction that causes fault */
: "=A" (value) \
: "i" (offsetof (struct pthread, member)), \
"i" (offsetof (struct pthread, member) + 4)); \
} \
value; })
I'm taking a guess at this, but could the lock instruction emulation cause this?

