From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id HEtxBJ8AuWmuES0AWB0awg (envelope-from ) for ; Tue, 17 Mar 2026 03:19:59 -0400 Authentication-Results: simark.ca; dkim=pass (1024-bit key; unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=X7FBVNZV; dkim=pass header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=mN/HQXcS; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=DeGXKXsX; dkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=zEOUgtr1; dkim-atps=neutral Received: by simark.ca (Postfix, from userid 112) id 0227D1E04F; Tue, 17 Mar 2026 03:19:58 -0400 (EDT) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on simark.ca X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_VALIDITY_CERTIFIED_BLOCKED, RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED autolearn=ham autolearn_force=no version=4.0.1 Received: from vm01.sourceware.org (vm01.sourceware.org [38.145.34.32]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id 4D4B61E04F for ; Tue, 17 Mar 2026 03:19:57 -0400 (EDT) Received: from vm01.sourceware.org (localhost [127.0.0.1]) by sourceware.org (Postfix) with ESMTP id E019A4B920F0 for ; Tue, 17 Mar 2026 07:19:55 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E019A4B920F0 Authentication-Results: sourceware.org; dkim=pass (1024-bit key, unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=X7FBVNZV; dkim=pass header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=mN/HQXcS; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=DeGXKXsX; dkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=zEOUgtr1 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) by sourceware.org (Postfix) with ESMTPS id C43064BB5933 for ; Tue, 17 Mar 2026 07:19:27 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org C43064BB5933 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=suse.de ARC-Filter: OpenARC Filter v1.0.0 sourceware.org C43064BB5933 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=195.135.223.130 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1773731967; cv=none; b=KbDGeXpQRhQsClfN9fiJ/zHuoabB1Y8FC86elkC1SLGeEH2XfLX5Yk6hLQignT5RlorIqusGCeNyNwwrk6xAffiylG228Q0K5F8t61zHJXXAzcFgP7oe+C3yXU5eAAG8sKQC5UoQrgtdRMftFEdSdLobaEXr/Z8tGx2V8NdZ+Ko= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1773731967; c=relaxed/simple; bh=Jpl6tp6zSI7Aje7fYJQqisavOe51dZsj5rFc0hYu7oo=; h=DKIM-Signature:DKIM-Signature:DKIM-Signature:DKIM-Signature:From: To:Subject:Date:Message-ID:MIME-Version; b=m0jyPWD+9Qup6iWTfx6+pWmlt9V7M6jDroR3cB90vPDeoyOBsa3brDKExgEC4srnAIN9LgazxQRTOF5AQs6PIKozmZc/xyrHM0dlC9inqojErJaGDImpiH8tYnm/f6nm1hLaK/gCIp3NACS0JnJ5apBNEJZpErE6X7+KgYUlHbs= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C43064BB5933 Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id D2F184D250 for ; Tue, 17 Mar 2026 07:19:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1773731966; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=yfCTwjjlA2XDvhteiH3TnuoJu8dR8Jbbxf5Esbujvvg=; b=X7FBVNZVRQqbcFVcV9gMrh5XqYpaInIo0DtoFsF8bQ0FVRKgL/MRns3o7eRzgguUcFdEC/ qyCgZVhiHoCFUgjjWn/K3Zf2guXJEC+WOAJqQgqTbq5SKWOW95xw+ViYTRnG5Vmx2gP0ua BkQIBFlvDvQgbUyW7Z6XjPG2ZiHqzWI= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1773731966; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=yfCTwjjlA2XDvhteiH3TnuoJu8dR8Jbbxf5Esbujvvg=; b=mN/HQXcSbsca4ZlAiySHqStxVIM3tibYViJwhYMtnuy5LnTOvUas6ANsXRs3Uv0x6zkLMX U+KwlH0N0u2ejTBg== Authentication-Results: smtp-out1.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1773731965; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=yfCTwjjlA2XDvhteiH3TnuoJu8dR8Jbbxf5Esbujvvg=; b=DeGXKXsX/5Fne6kvaMDyDZVGViSBAF30QIHOP9IVFvjf+yaP89X1Zhan1Qb21hPTtkG+xb DBcThSI1GkqrebxmoZauWg9/MmD/mSVR+m4vhVsHcJ4ZfYGP8vU7JTPwXjQQGpOKP8Acq7 Dpezlt7PWczn7nHhOxBAE2FzE059NMc= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1773731965; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=yfCTwjjlA2XDvhteiH3TnuoJu8dR8Jbbxf5Esbujvvg=; b=zEOUgtr1nKBgGLavvfGCTmmFYbx804sRMOZ32+QK4h6vKlnNIEsOy53byOFtgw3d2s62jq kG0I/T/QMD8GD8Ag== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id BF2334273B for ; Tue, 17 Mar 2026 07:19:25 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id PxB1LX0AuWmZGwAAD6G6ig (envelope-from ) for ; Tue, 17 Mar 2026 07:19:25 +0000 From: Tom de Vries To: gdb-patches@sourceware.org Subject: [PATCH] [gdb/tdep] Fix unrelocated pc in i386_displaced_step_fixup Date: Tue, 17 Mar 2026 08:19:25 +0100 Message-ID: <20260317071925.3543-1-tdevries@suse.de> X-Mailer: git-send-email 2.51.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spamd-Result: default: False [-2.80 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; MID_CONTAINS_FROM(1.00)[]; R_MISSING_CHARSET(0.50)[]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; FUZZY_RATELIMITED(0.00)[rspamd.com]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; ARC_NA(0.00)[]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:helo,suse.de:mid]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[gdb-patches@sourceware.org]; RCVD_TLS_ALL(0.00)[] X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gdb-patches-bounces~public-inbox=simark.ca@sourceware.org With test-case gdb.threads/next-fork-other-thread.exp and target board unix/-m32 I run into: ... (gdb) next^M [Switching to Thread 0xf643ab40 (LWP 3267939)]^M ^M Thread 5 "next-fork-other" hit Breakpoint 1, main () at \ next-fork-other-thread.c:73^M 73 alarm (60);^M (gdb) FAIL: $exp: fork_func=fork: target-non-stop=off: non-stop=off: \ displaced-stepping=on: i=$n: next to break here ... Before we go into how this happens, let's first look at the inferior. In main, 4 threads are started with the same thread function, leaving all 5 threads in a loop: - the main thread is stuck in a loop calling sleep, and gdb steps through this loop using next - the other, non-main threads are stuck in a loop where each thread: - forks off a child process that exits immediately - waits for the child process to exit - calls sleep The FAIL happens as follows (following snippets from this gdb.log [1]). One of the non-main threads enters __syscall_cancel_arch to do a sycall ( either to sleep, or to wait). Then the non-main thread stops: ... [infrun] handle_signal_stop: [2937316.2937324.0] hit another thread's \ single-step breakpoint^M [infrun] handle_signal_stop: delayed software breakpoint trap, ignoring^M [infrun] switch_back_to_stepped_thread: need to step [2937316.2937324.0] \ over single-step breakpoint^M ... because we "hit another thread's single-step breakpoint". AFAIU, this is because of the main thread stepping through __syscall_cancel_arch. To handle this, we're going to try displaced stepping. The syscall instruction is copied: ... [displaced] displaced_step_prepare_throw: original insn 0xf7cdce69: \ cd 80 int $0x80^M [displaced] prepare: selected buffer at 0x80490d2^M ... to a buffer at _start+2: ... 080490d0 <_start>: 80490d0: 31 ed xor %ebp,%ebp 80490d2: 5e pop %esi ... and we're going to resume execution there. However, right after resuming we get a GDB_SIGNAL_CHLD for the same thread. Part of handling that is finalizing the displaced stepping: ... [displaced] finish: restored 2937316.2937324.0 0x80490d2^M [displaced] i386_displaced_step_fixup: fixup (0xf7cdce69, 0x80490d2), \ insn = 0xcd 0x80 ...^M [displaced] i386_displaced_step_fixup: syscall changed %eip; not relocating^M [infrun] handle_signal_stop: stop_pc=0x80490d2^M ... The stop pc is 0x80490d2, the address of the copied instruction. In other words, we've stopped without making progress. The problem is that the address is in the displaced stepping buffer, and needs relocating, but instead we have "syscall changed %eip; not relocating". The code in i386_displaced_step_fixup doesn't recognize this situation: ... if (i386_syscall_p (insn, &insn_len) && pc != to + (insn - insn_start) + insn_len /* GDB can get control back after the insn after the syscall. Presumably this is a kernel bug. i386_displaced_step_copy_insn ensures it's a nop, we add one to the length for it. */ && pc != to + (insn - insn_start) + insn_len + 1) displaced_debug_printf ("syscall changed %%eip; not relocating"); ... It only handles the cases where the stop pc is: - the address after the syscall insn, or - the address after the nop after the syscall insn So, instead of relocating the stop pc back to the original 0xf7cdce69, it stays 0x80490d2. After resuming at that address, the thread: - executes the syscall, - executes the rest of _start, - enters main, and - runs into the breakpoint at the start of main. Since commit cf141dd8ccd ("gdb: fix reg corruption from displaced stepping on amd64"), we do handle the "pc == to" case in amd64_displaced_step_fixup: ... if (amd64_syscall_p (insn_details, &insn_len) /* GDB can get control back after the insn after the syscall. Presumably this is a kernel bug. Fixup ensures its a nop, we add one to the length for it. */ && (pc < to || pc > (to + insn_len + 1))) displaced_debug_printf ("syscall changed %%rip; not relocating"); ... Fix this in the same way. Tested on x86_64-linux, with target board unix/-m32. On openSUSE Tumbleweed (kernel version 6.19.7), this patch fixes the test-case. On openSUSE Leap 16.0 (kernel version 6.12.0), we still run into PR29040. Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=33997 [1] https://sourceware.org/bugzilla/attachment.cgi?id=16660 --- gdb/i386-tdep.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/gdb/i386-tdep.c b/gdb/i386-tdep.c index b9013e183c2..93357b41b10 100644 --- a/gdb/i386-tdep.c +++ b/gdb/i386-tdep.c @@ -813,12 +813,11 @@ i386_displaced_step_fixup (struct gdbarch *gdbarch, it unrelocated. Goodness help us if there are PC-relative system calls. */ if (i386_syscall_p (insn, &insn_len) - && pc != to + (insn - insn_start) + insn_len /* GDB can get control back after the insn after the syscall. Presumably this is a kernel bug. i386_displaced_step_copy_insn ensures it's a nop, we add one to the length for it. */ - && pc != to + (insn - insn_start) + insn_len + 1) + && (pc < to || pc > to + (insn - insn_start) + insn_len + 1)) displaced_debug_printf ("syscall changed %%eip; not relocating"); else { base-commit: 9cc83ec0ce9b4b75e8cd2b0c46f23d4cbf4b2f2b -- 2.51.0