Mark Wielaard [Tue, 31 Jul 2018 13:32:43 +0000 (15:32 +0200)]
Bug 397012 - glibc ld.so uses arch_prctl on i386.
arch_prctl used to be amd64 only. But since linux 4.12 it is also
implemented for i386. And since glibc 2.28 ld.so will use it to see
if the cpu/kernel provides CET support.
To prevent seeing:
WARNING: unhandled x86-linux syscall: 384
You may be able to write your own handler.
Read the file README_MISSING_SYSCALL_OR_IOCTL.
Nevertheless we consider this a bug. Please report
it at http://valgrind.org/support/bug_reports.html.
on every program run under valgrind just make it explicitly
not implemented (ENOSYS). This is fine for the glibc usage.
It just indicates there is no CET support.
Probably not very critical, as very surely the process will die
shortly after, but better still clean the memory, as the code
was already doing some effort to free memory (e.g. VG_(free)(seg_starts);).
Note that when testing on debian 9/amd64, the resulting core dump
was not very usable (e.g. was not really showing what the guest threads
are doing). So, there must be a bug in the core dumping logic.
Fix segmentation violation caused by stack misalignment when vgdb use ptrace to force activate gdbserver
On amd64, on a big application, a vgdb call that wakes up the application
using ptrace fails unfrequently (we speak about one failure every few thousands vgdb calls).
The failure started to appear when valgrind was compiled with gcc 7.3 instead of gcc 6.4
After investigation:
* gcc 7.3 is using (more) sse instructions
* Such instructions imply to have a stack pointer aligned on 16 bytes.
* vgdb-invoker-ptrace.c 'ptrace' modification of the stack pointer was
not respecting the amd64 ABI convention to align on 16 bytes.
It was also not protecting the red zone (unclear if this could cause
the problem, but in any case, this ptrace logic is similar to a
signal handler, and cannot modify the redzone.
The fix consists in respecting the ABI.
Without the patch, segmentation violation due to an sse instruction
being executed with an address on the stack not aligned on 16 bytes,
happening something like every 5000 vgdb execution.
With the patch, 250_000 executions without problems.
Fix wrong stack range output by commit 7daa08611 (more info in scheduler state)
The stack base starts at the beginning of the protection page/zone,
so we need to add VG_STACK_GUARD_SZB to get the real lowest usable
byte.
As the VgStack is an opaque type, add a function in aspacemgr to
return the Addr of the first lowest usable byte.
Mark Wielaard [Mon, 30 Jul 2018 10:20:16 +0000 (12:20 +0200)]
Bug 396887 - arch_prctl should return EINVAL on unknown option.
Currently arch_prctl calls VG_(core_panic) when it sees an unknown
arch_prctl option which kills the process. glibc uses arch_prctl with
an (as yet) unknown option to see if the kernel supports CET. This
breaks any application running under valgrind on x86_64 with:
valgrind: the 'impossible' happened:
Unsupported arch_prctl option
Thread 1: status = VgTs_Runnable (lwpid 19934)
==19934== at 0x121A15: get_cet_status (cpu-features.c:28)
==19934== by 0x121A15: init_cpu_features (cpu-features.c:474)
==19934== by 0x121A15: dl_platform_init (dl-machine.h:228)
==19934== by 0x121A15: _dl_sysdep_start (dl-sysdep.c:231)
==19934== by 0x10A1D7: _dl_start_final (rtld.c:413)
==19934== by 0x10A1D7: _dl_start (rtld.c:520)
We already handle all known options. It would be better to do as the
kernel does and just return failure with EINVAL instead.
Give some more information in the scheduler information thread status
* In case a thread is executing a syscall, give the syscall no being
executed.
* Show the address range of the valgrind stack, similarly to the client
stack
Bug 385412 - s390x: new non-vector z13 instructions not implemented
Apart from instructions with vector operands, Valgrind does not implement the
additional z/Architecture instructions introduced with z13.
These are:
- load and zero rightmost byte (LZRF, LZRG);
- load logical and zero rightmost byte (LLZRGF);
- load halfword high immediate on condition (LOCHHI);
- load halfword immediate on condition (LOCHI, LOCGHI);
- load high on condition (LOCFHR, LOCFH);
- store high on condition (STOCFH);
- perform pseudorandom number operation (PPNO), with the functions
PPNO-Query and PPNO-SHA-512-DRNG;
- load count to block boundary (LCBB).
Patches from Vadim Barkov (vbrkov@gmail.com), with coordination, testing
and format cleanups from Andreas Arnez (arnez@linux.ibm.com).
Fix the test VPCMPESTRM_0x45_128 so that it doesn't depend on random junk in RAX and RDX.
This test fails sporadically (eg, on Fedora 27 with gcc (GCC) 7.3.1 20180303 (Red Hat 7.3.1-5))
because the tested instruction uses RAX and RDX as input, but the test framework doesn't
set them :-/, so the outcome basically depends on whatever junk the compiler left in those
registers beforehand. As a result of this, all previous uses of RAX in the test have
been changed to use RSI instead. n-i-bz.
Fix a few inconsistencies in formatting.
In particular, when an expression is split on several lines,
put the operators (e.g. && , ||, +, -, ...) at the beginning
of the new line : this seems to be more common
in the code, and is the coding convention used e.g. in gcc/gdb
(and incidently also at my work :)).
Carl Love [Mon, 25 Jun 2018 21:24:14 +0000 (16:24 -0500)]
Fix ppc32 results for test_isa_2_06_part3.c.
The ppc32 results were not updated when the xvnegsp instruction support
was added. Add the xvnegsp 32-bit results to
ppc/test_isa_2_06_part3.stdout.exp.
Petar Jovanovic [Thu, 21 Jun 2018 09:59:20 +0000 (11:59 +0200)]
Add processing of sized delete operators into filter_libc
C++14 introduces sized delete operators and Valgrind support is added
by 6ef6f73. In addition, stderr filter which is used by Regtest should
be able to recognize this particular form in error report (just like
the other kinds of delete operators) in order to provide uniform output.
Fixes memcheck/tests/mismatches failure on non C++14 builds.
Mark Wielaard [Mon, 18 Jun 2018 13:07:27 +0000 (15:07 +0200)]
Add workaround for arm64 AT_HWCAP on newer kernels. Bug KDE#381556.
Starting with linux 4.11 the kernel started to populate the AT_HWCAPS
auxv entry. And glibc 2.26 now uses this to see whether it can use the
mrs instruction and certain feature registers on arm64. Since these
are not supported under valgrind this causes an unhandled instruction
error. Workaround this for now my just clearing the AT_HWCAPS on arm64.
This should be fixed properly by someone with knowledge of what each
of the arm64 HWCAPS bits mean and which bits correspond to instructions
and registers supported by VEX or not.
https://bugs.kde.org/show_bug.cgi?id=381556
Petar Jovanovic [Thu, 14 Jun 2018 15:26:09 +0000 (15:26 +0000)]
mips64: add N32 ABI support
Adding MIPS N32 ABI support.
BZ issue - #345763.
Contributed and maintained by mulitple people over the years:
Crestez Dan Leonard, Maran Pakkirisamy, Dimitrije Nikolic,
Aleksandar Rikalo, Tamara Vlahovic.
Julian Seward [Thu, 31 May 2018 15:03:08 +0000 (17:03 +0200)]
arm64-linux: VG_(sigframe_destroy): restore int regs, PC and SP from the sigcontext previously presented to the handler. n-i-bz.
So as to correctly (well, less incorrectly) simulate handlers that change
register state in the sigcontext they are given in the expectation that the
change will take effect immediately upon the handler returning.
http://kcachegrind.sourceforge.net/cgi-bin/show.cgi/KcacheGrindIndex
page indicates to rather go to
https://kcachegrind.github.io/html/Home.html
so update the doc accordingly.
callgrind: fix setting call counter to zero if requested
We did not set the call cost counters in CLG_(zero_bbcc) to zero,
which gets called by requests to set counters to zero
- via client request
- when entering a function if configured so
- via gdb monitor command (used by callgrind_control -z)
Counters are also set to zero after they are dumped out to a file.
This does not use CLG_(zero_bbcc), and was doing the right thing.
Julian Seward [Sat, 5 May 2018 08:03:26 +0000 (10:03 +0200)]
emit_ARM64Instr: fix assertion failures associated with chaining patching (ARM64in_XDirect). n-i-bz.
This has happened because (I think!) this has never before been tested with
guest code addresses >= 2^48. This in turn means that this is the first
time that
p = imm64_to_ireg(p, /*x*/9, i->ARM64in.XDirect.dstGA);
has been called upon to emit a constant which is non-zero in all four 16-bit
chunks, so it generates 4 instructions rather than (at most, in all previous
runs) 3, and so the "how many insns at max" assertions failed. This commit
fixes the assertions.
Skip the phdrs when we have to search the shdrs. In separate
.debug files the phdrs might not be valid (they are a copy of
the main ELF file) and might trigger assertions when getting
image notes based on them.
Fix 393023 - callgrind_control risks using the wrong vgdb
Search for a vgdb executable in the same dir as callgrind_control perl file.
If not found, search for a vgdb executable in a sibling coregrind dir
(covers the case of : perl callgrind/callgrind_control)
Otherwise, just hope we find a vgdb executable in PATH
Carl Love [Wed, 11 Apr 2018 19:03:29 +0000 (14:03 -0500)]
Fix 393017 - Add missing support for xsmaxcdp instruction, bug fixes for xsm
Missed the update to none/tests/ppc64/Makefile.am to remove the
expected output files test_isa_3_0_altivec.stdout.exp and
test_isa_3_0_other.stdout.exp.
Carl Love [Wed, 11 Apr 2018 17:51:21 +0000 (12:51 -0500)]
Fix 393017 - Add missing support for xsmaxcdp instruction, bug fixes for xsmincdp, lxssp, stxssp and stxvl instructions.
Add support for instruction xsmaxcdp in VEX/priv/guest_ppc_toIR.c.
Fixes in file VEX/priv/guest_ppc_toIR.c for xsmaxcdp, xsmincdp, lxssp,
stxssp and stxvl instructions.
Fix compiler issues with optimization option -O2 for test
none/tests/ppc64/test_isa_3_0.c.
Add test case test_xsmaxcdpi to test file none/tests/ppc64/test_isa_3_0.c.
Fixes to test none/tests/ppc64/test_isa_3_0.c for compiling inline functions
with optimization -O0. Assembly instruction fixes, test argument array size
fixes, max loop index fixes. Condition code register fixes to fix control
flow issues when compiled with optimization.
Update expected results for test_isa_3_0_altivec.stdout.exp-LE and
test_isa_3_0_other.stdout.exp-LE.
Petar Jovanovic [Tue, 10 Apr 2018 12:09:08 +0000 (14:09 +0200)]
Introduce RegWord type
On majority of architectures size of long matches register width.
On mips n32 size of long is 32 bits and register width is 64 bits.
Valgrind is written with assumption that long size matches register
width. This is the reason why both UWord for Valgrind and HWord for VEX
match size of long. Long size differs from register size on mips n32 ABI.
Introducing RegWord type that will match size of registers.
Part of the changes required for BZ issue - #345763.
Contributed by:
Tamara Vlahovic and Dimitrije Nikolic.
Petar Jovanovic [Wed, 4 Apr 2018 09:51:05 +0000 (11:51 +0200)]
mips64: use register numbers instead of aliases for inline assembly
There is an inconsistency in MIPS tools for N32/N64 related to register
aliases. To avoid ambiguity, use register numbers instead of aliases where
needed.
n-i-bz Fix possible stack trashing by semctl syscall wrapping
The modified test none/tests/sem crashes with a SEGV when valgrind is compiled
with lto on various amd64 platforms (debian/gcc 6.3, RHEL7/gcc 6.4,
Ubuntu/gcc 7.2)
The problem is that the vki_semid_ds buf is not what is expected by the kernel:
the kernel expects a bigger structure vki_semid64_ds (at least on
these platforms).
Getting the sem_nsems seems to work by chance, as sem_nsems is at
the same offset in both vki_semid_ds and vki_semid64_ds.
However, e.g. the ctime was not set properly after syscall return,
and 2 words after sem_nsems were set to 0 by the kernel, causing
the SEGV, as a spilled register became 0.
Fix consists in using the 64 bit version for __NR_semctl.
Tested on debian/amd64 and s390x.
Sometimes, at least on arm platforms, we get a stack trace with
only one function.
When this happens and massif removes the top fn, we end up trying
to create an execontext of 0 ips, as the only fn is removed,
and an execontext of 0 ips causes the assert in m_execontext.c
So, do whatever to avoid to crash when having a single fn stacktrace.
The whatever means use a null execontext, which is an execontext
of one single address 0x0.
Note that this is just to bypass the crash.
What is shown by massif is not very nice (but what could we show ?).
Note that instead of using such a null execontext, we could rather
just keep the single ips. But that might create a lot of single fn
entries in the xtree and/or show undesired functions.
So, we the null execontext, which is shown as 0xFFFFFFFFFFFFFFFF ???
in the massif output.
Tested on amd64 by artificially creating stacktrace of one fn.
Fix 338252 - building valgrind with -flto (link time optimisation) fails
* Addition of a new configure option --enable-lto=yes or --enable-lto=no
Default value is --enable-lto=no, as the build is significantly slower,
so is not appropriate for valgrind development : this should be used
only on buildbots and/or by packagers.
* Some files containins asm functions have to be compiled without lto:
coregrind/m_libcsetjmp.c
coregrind/m_main.c
If these are compiled with lto, that gives undefined symbols at link time.
The files to compile without lto are
coregrind/m_libcsetjmp.c
coregrind/m_main.c
To compile these files with other options, a noinst target lib is defined.
The objects of this library are then added to the libcoregrind.
* memcheck/mc_main.c : move the handwritten asm helpers to mc_main_asm.c.
This avoids undefined symbols on some toolchains. Due to this,
the preprocessor symbols that activate the fast or asm memcheck helpers
are moved to mc_include.h
Platforms with handwritten helpers will also have the memcheck primary
map defined non static.
* In VEX, auxprogs/genoffsets.c also has to be compiled without lto,
as the asm produced by the compiler is post-processed to produce
pub/libvex_guest_offsets.h. lto not producing asm means the generation
fails if we used -flto to compile this file.
* all the various Makefile*am are modified to use LTO_CFLAGS for
(most) targets. LTO_CFLAGS is empty when --enable-lto=no,
otherwise is set to the flags needed for gcc.
If --enable-lto=no, LTO_AR and LTO_RANLIB are the standard AR and RANLIB,
otherwise they are the lto capable versions (gcc-ar and gcc-ranlib).
* This has been tested on:
debian 9.4/gcc 6.3.0/amd64+x86
rhel 7.4/gcc 6.4.0/amd64
ubuntu 17.10/gcc 7.2.0/amd64+x86
fedora26/gcc 7.3.1/s390x
Bart Van Assche [Thu, 8 Mar 2018 20:57:41 +0000 (12:57 -0800)]
Linux: Add support for the zoned block device ioctls
Shingled magnetic recording drives support a command set called ZBC
(Zoned Block Commands). Two new ioctls have been added to the Linux
kernel to support such drives, namely VKI_BLKREPORTZONE and
VKI_BLKRESETZONE. Add support to Valgrind for these ioctls.
Julian Seward [Fri, 9 Mar 2018 18:03:26 +0000 (19:03 +0100)]
coregrind/m_debuglog.c: fix incorrect inline assembly for amd64-linux.
This adds rcx and r11 to the trash lists for inline assembly in
local_sys_write_stderr and local_sys_getpid, since those registers are not
preserved across the embedded syscall that takes us into the kernel. I
believe this to be the root cause of the apparent code generation bug
addressed in 53faacfda4ad6a27bc0e8ab859c1cc5388a61a5e (16 Nov 2017). This
commit also undoes that commit, because I think it is no longer necessary.
Carl Love [Thu, 1 Mar 2018 19:50:56 +0000 (13:50 -0600)]
PPC64, Fix tests for mtvsrwa and mtfprd.
Fix the register constraints for the vtvsrwa and mtfprd instructions
in test_isa_2_07_part2.c. Update the expected output in
none/tests/jm_vec_isa_2_07.stdout.exp.
Carl Love [Tue, 27 Feb 2018 18:41:43 +0000 (12:41 -0600)]
Bug 391164: constraint bug in tests/ppc64/test_isa_2_07_part1.c for mtfprwa
Fix destination register constraint in assembly code in function
test_mtfprwa in file none/tests/ppc64/test_isa_2_07_part1.c. Constraint
changed from "=ws" to "=d".
Handle properly the case of an inlined call that has no abstract origin attribute.
Normally, an inlined call has a dwarf entry that points at the abstract origin, i.e. the
function that was inlined.
However, in some cases, the abstract origin tag is not present (observed with gcc 6.3.0, when
compiling with link time optimisation).
Such missing abstract origin was then causing an error message when reading the dwarf debug info.
This patch ensures we handle this case more gracefully, by using UnknownInlinedFun as inlined
function name for such a missing abstract origin;
Julian Seward [Fri, 16 Feb 2018 07:02:00 +0000 (08:02 +0100)]
Bug 384930 - Valgrind fails to compute correctly some code using the GMP library.
For the ADCX and ADOX instructions, the VEX front end failed to create a PUT to
the result register in the case where one of the operands is from memory, for
example in
adoxq 48(%rdi),%r12
where %r12 is never written. This commit fixes it.
Julian Seward [Tue, 6 Feb 2018 11:54:03 +0000 (12:54 +0100)]
Bug 384631 - Sanitise client args as printed with -v
umsg_arg, xml_arg: sanitise the guest's command line arguments that we print
in a "Command: " line as part of the preamble, when -v is given. This
changes any character outside the range 32 .. 127 to '_'. Printing
unsanitised command line args has been observed to cause xfce4-terminal to
assert. Of course the command line args actually given to the guest aren't
changed -- this just changes how they are printed.
Petar Jovanovic [Sat, 3 Feb 2018 22:28:30 +0000 (23:28 +0100)]
mips: remove several compiler warnings
A few warnings have showed up with recent changes on trunk:
warning: parameter names (without types) in function declaration
warning: no previous prototype for 'showRotxOp'
warning: unused variable 'src1' [-Wunused-variable]
Fixing it.
Thanks Paul Floyd for reporting one of the issues.
projects / thirdparty / valgrind.git / log
