tech-kern: Topdown UVM breaking COMPAT

Subject: Topdown UVM breaking COMPAT_IRIX?
To: None <matt@netbsd.org, christos@netbsd.org>
From: Emmanuel Dreyfus <manu@netbsd.org>
List: tech-kern
Date: 08/02/2003 23:17:56
Hi

COMPAT_IRIX has been broken for a few months, I'm not 100% sure, but I
suspect it's related to this commit:

http://cvsweb.netbsd.org/bsdweb.cgi/
src/sys/kern/exec_elf32.c.diff?r1=3D1.82&r2=3D1.83&f=3Dh

When I run an IRIX program, the kernel loads the interpreter at a
default address it chooses itself, and it prepare the user register so
that control is transfered to the interpreter entry point, relocated to
its actual position. That works, the interpreter starts up.

But IRIX's dynamic linker does not seems to be relocatable. So quickly,
the interpreter code does a jump at an absolute address, where it
expects to find another dynamic linker routine. As we relocated it, it
jumps in the middle of nowhere and crashes (memory fault: there is
nothing mapped there).

Program startup:
0xe0774 in ?? ()
(gdb) x/4i $pc
0xe0774:        bal     0xe077c
0xe0778:        nop
0xe077c:        lui     gp,0x7
0xe0780:        addiu   gp,gp,31604
[ok, this is the interpreter start code, as observed with objdump]
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0xfa85850 in ?? ()

In the ELF headers, interpreter's startup is at 0xfae0774. This is where
IRIX starts it, and this is also what objdump tells me.

First question: does that analysis seem right?
Second question: if it's right, how to fix that?

I see two ways of fising that. First way is to modify elf_load_file() so
that it searches the ELF headers for the interpreter load address and
use that address.

Second way is to use the ability of elf_load_file') to get the
interpreter load address from the probe function. I could look for the
intepreter load address in irix_probe_{n,o}32(), and hand it to
elf_load_file().

What is the right way? Looking for the right load address in
elf_load_file seems a bad choice on the performance front, but on the
other hand, this change might have broken more emulations that just
IRIX. What about creating a function in sys/kern/exec_elf32.c that would
look for the load address, and use that function in emulation's probe
function when it is apporpriate?

Last question: what other emulation might have been broken? As I
understand, this is a mips sp=E9cific problem? COMPAT_LINUX on mips is
okay, I checked it. No idea for COMPAT_ULTRIX. Who uses that?

--=20
Emmanuel Dreyfus
Il y a 10 sortes de personnes dans le monde: ceux qui comprennent=20
le binaire et ceux qui ne le comprennent pas.
manu@netbsd.org