#2618 closed defect (fixed)

linux libpthread issue corrupted gs register - possible lock cmpxchg emulation issue?

Reported by:	joeba	Owned by:
Component:	VMM	Version:	VirtualBox 2.0.2
Keywords:		Cc:	joseph.balenzano@…
Guest type:	other	Host type:	Linux

Description (last modified by Frank Mehnert)

Environment

VB 2.0.2, Host, RHEL 4.0, Guest RHEL 4.0, 32bit

Code only crashes under VB. Runs fine under VMWare and bare metal

Dump of Registers:

(gdb) info registers
eax            0x0      0
ecx            0xbff5237c       -1074453636
edx            0x4      4
ebx            0xbff5237c       -1074453636
esp            0xbff52320       0xbff52320
ebp            0xbff52320       0xbff52320
esi            0x0      0
edi            0x4      4
eip            0x848397 0x848397       /*** Fault instruction right here !!!! ***/
eflags         0x246    582
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x33     51

Here is the stack trace ...

(gdb) disassemble 0xcc2397
Dump of assembler code for function __pthread_disable_asynccancel:
0x00cc2390 <__pthread_disable_asynccancel+0>: push %ebp
0x00cc2391 <__pthread_disable_asynccancel+1>: test $0x2,%al
0x00cc2393 <__pthread_disable_asynccancel+3>: mov %esp,%ebp
0x00cc2395 <__pthread_disable_asynccancel+5>: jne 0xcc23b6 <__pthread_disable_asynccancel+38>
0x00cc2397 <__pthread_disable_asynccancel+7>: mov %gs:0x58,%edx /*** Same fault instruction ***/
0x00cc239e <__pthread_disable_asynccancel+14>: mov %edx,%ecx
0x00cc23a0 <__pthread_disable_asynccancel+16>: and $0xfffffffd,%ecx
0x00cc23a3 <__pthread_disable_asynccancel+19>: cmp %edx,%ecx
0x00cc23a5 <__pthread_disable_asynccancel+21>: je 0xcc23b6 <__pthread_disable_asynccancel+38>
0x00cc23a7 <__pthread_disable_asynccancel+23>: mov %edx,%eax
0x00cc23a9 <__pthread_disable_asynccancel+25>: lock cmpxchg

Here is the source of the code that caused the crash. It's the THREAD_GETMEM macro which is part of the libpthreads implementation under linux ...

/* Read member of the thread descriptor directly. */

# define THREAD_GETMEM(descr, member) \
({ __typeof (descr->member) __value; \
if (sizeof (__value) == 1) \
asm volatile ("movb %%gs:%P2,%b0" \
: "=q" (__value) \
: "0" (0), "i" (offsetof (struct pthread, member))); \[[BR]]
else if (sizeof (__value) == 4) \
asm volatile ("movl %%gs:%P1,%0" \
: "=r" (__value) \
: "i" (offsetof (struct pthread, member))); \
else \
{ \
if (sizeof (__value) != Cool \
/* There should not be any value with a size other than 1, \
4 or 8. */ \
abort (); \
\
asm volatile ("movl %%gs:%P1,%%eax\n	" \
"movl %%gs:%P2,%%edx" \ /*** instruction that causes fault *****/
: "=A" (__value) \
: "i" (offsetof (struct pthread, member)), \
"i" (offsetof (struct pthread, member) + 4)); \
} \
__value; })

I'm taking a guess at this, but could the lock instruction emulation cause this?

Change History (3)

comment:1 by Frank Mehnert, 16 years ago

Description:	modified (diff)

Please use {{{ and }}} next time you quote code.

comment:2 by Frank Mehnert, 16 years ago

Component:	other → VMM

comment:3 by Frank Mehnert, 16 years ago

Resolution:	→ fixed
Status:	new → closed

Please reopen if the problem persists with a recent version of VirtualBox (use 2.2.4).

Note: See TracTickets for help on using tickets.

Download in other formats: