mirror of
https://sourceware.org/git/binutils-gdb.git
synced 2024-11-23 10:03:47 +08:00
x32: gdb: Fix 'call' insn relocation with qRelocInsn
Running the fast tracepoints tests against x32 gdbserver exposes a latent bug. E.g.,: (gdb) continue Continuing. Reading /media/sf_host-pedro/gdb/mygit/build-ubuntu-x32/gdb/testsuite/outputs/gdb.trace/change-loc/change-loc-2.sl from remote target... Thread 1 "change-loc" received signal SIGSEGV, Segmentation fault. func4 () at /home/pedro/gdb/src/gdb/testsuite/gdb.trace/change-loc.h:24 24 } (gdb) FAIL: gdb.trace/change-loc.exp: 1 ftrace: continue to marker 2 The test sets a fast tracepoint on a shared library. On x32, shared libraries end up loaded somewhere in the upper 2GB of the 4GB address space x32 has access to. When gdbserver needs to copy an instruction to execute it in the jump pad, it asks gdb to relocate/adjust it, with the qRelocInsn packet. gdb converts "call" instructions into a "push $<2GB-4GB addr> + jmp" sequence, however, the "pushq" instruction sign extends its operand, so later when the called function returns, it returns to an incorrectly sign-extended address. E.g., 0xfffffffffabc0000 instead of 0xfabc0000, resulting in the segmentation fault. Fix this by converting calls at such addresses to "sub + mov + jmp" sequences instead. gdb/ChangeLog: 2016-08-19 Pedro Alves <palves@redhat.com> * amd64-tdep.c (amd64_relocate_instruction) <callq>: Handle return addresses over 0x7fffffff.
This commit is contained in:
parent
ed036b4052
commit
f077e978de
@ -1,3 +1,8 @@
|
||||
2016-08-19 Pedro Alves <palves@redhat.com>
|
||||
|
||||
* amd64-tdep.c (amd64_relocate_instruction) <callq>: Handle return
|
||||
addresses over 0x7fffffff.
|
||||
|
||||
2016-08-18 Carl Love <cel@us.ibm.com>
|
||||
|
||||
* MAINTANERS Write After Approval): Add "Carl Love".
|
||||
|
@ -1764,15 +1764,47 @@ amd64_relocate_instruction (struct gdbarch *gdbarch,
|
||||
the user program would return to. */
|
||||
if (insn[0] == 0xe8)
|
||||
{
|
||||
gdb_byte push_buf[16];
|
||||
unsigned int ret_addr;
|
||||
gdb_byte push_buf[32];
|
||||
CORE_ADDR ret_addr;
|
||||
int i = 0;
|
||||
|
||||
/* Where "ret" in the original code will return to. */
|
||||
ret_addr = oldloc + insn_length;
|
||||
push_buf[0] = 0x68; /* pushq $... */
|
||||
store_unsigned_integer (&push_buf[1], 4, byte_order, ret_addr);
|
||||
|
||||
/* If pushing an address higher than or equal to 0x80000000,
|
||||
avoid 'pushq', as that sign extends its 32-bit operand, which
|
||||
would be incorrect. */
|
||||
if (ret_addr <= 0x7fffffff)
|
||||
{
|
||||
push_buf[0] = 0x68; /* pushq $... */
|
||||
store_unsigned_integer (&push_buf[1], 4, byte_order, ret_addr);
|
||||
i = 5;
|
||||
}
|
||||
else
|
||||
{
|
||||
push_buf[i++] = 0x48; /* sub $0x8,%rsp */
|
||||
push_buf[i++] = 0x83;
|
||||
push_buf[i++] = 0xec;
|
||||
push_buf[i++] = 0x08;
|
||||
|
||||
push_buf[i++] = 0xc7; /* movl $imm,(%rsp) */
|
||||
push_buf[i++] = 0x04;
|
||||
push_buf[i++] = 0x24;
|
||||
store_unsigned_integer (&push_buf[i], 4, byte_order,
|
||||
ret_addr & 0xffffffff);
|
||||
i += 4;
|
||||
|
||||
push_buf[i++] = 0xc7; /* movl $imm,4(%rsp) */
|
||||
push_buf[i++] = 0x44;
|
||||
push_buf[i++] = 0x24;
|
||||
push_buf[i++] = 0x04;
|
||||
store_unsigned_integer (&push_buf[i], 4, byte_order,
|
||||
ret_addr >> 32);
|
||||
i += 4;
|
||||
}
|
||||
gdb_assert (i <= sizeof (push_buf));
|
||||
/* Push the push. */
|
||||
append_insns (to, 5, push_buf);
|
||||
append_insns (to, i, push_buf);
|
||||
|
||||
/* Convert the relative call to a relative jump. */
|
||||
insn[0] = 0xe9;
|
||||
|
Loading…
Reference in New Issue
Block a user