NetBSD Problem Report #32424

From www@netbsd.org  Sun Jan  1 04:08:04 2006
Return-Path: <www@netbsd.org>
Received: by narn.netbsd.org (Postfix, from userid 31301)
	id F267C63B869; Sun,  1 Jan 2006 04:08:03 +0000 (UTC)
Message-Id: <20060101040803.F267C63B869@narn.netbsd.org>
Date: Sun,  1 Jan 2006 04:08:03 +0000 (UTC)
From: jakethompson1@gmail.com
Reply-To: jakethompson1@gmail.com
To: gnats-bugs@netbsd.org
Subject: compat_svr4 fails to execute Solaris 10 binaries
X-Send-Pr-Version: www-1.0

>Number:         32424
>Category:       port-i386
>Synopsis:       compat_svr4 fails to execute Solaris 10 binaries
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    port-i386-maintainer
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jan 01 04:10:00 +0000 2006
>Closed-Date:    Fri Oct 15 04:48:03 +0000 2010
>Last-Modified:  Fri Oct 15 04:48:03 +0000 2010
>Originator:     Jake Thompson
>Release:        3.0
>Organization:
-
>Environment:
NetBSD athlon 3.0 NetBSD 3.0 (GENERIC) #0: Mon Dec 19 01:04:02 UTC 2005  builds@works.netbsd.org:/home/builds/ab/netbsd-3-0-RELEASE/i386/200512182024Z-obj/home/builds/ab/netbsd-3-0-RELEASE/src/sys/arch/i386/compile/GENERIC i386

>Description:
When attempting to execute a Solaris 10 x86 binary on NetBSD with compat_svr4 enabled, the binary immediately aborts with a memory fault and a core dump:

athlon# ktrace /emul/svr4/usr/bin/csh                                          
Memory fault (core dumped) 

The kdump output is as follows:

   413 ktrace   EMUL  "netbsd"
   413 ktrace   CALL  execve(0xbfbfeb2f,0xbfbfea8c,0xbfbfea94)
   413 ktrace   NAMI  "/emul/svr4/usr/bin/csh"
   413 ktrace   NAMI  "/emul/svr4/usr/lib/ld.so.1"
   413 ktrace   NAMI  "/emul/svr4"
   413 ktrace   NAMI  "/emul/svr4/usr/lib/ld.so.1"
   413 csh      EMUL  "svr4"
   413 csh      RET   execve JUSTRETURN
   413 csh      PSIG  SIGSEGV SIG_DFL
   413 csh      NAMI  "csh.core"

>How-To-Repeat:
Attempt to execute any Solaris 10 (x86) binary.  Even the dynamic loader (/lib/ld.so.1) will abort with similar kdump output.
>Fix:

>Release-Note:

>Audit-Trail:
From: Matthias Drochner <drochner@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/32424 CVS commit: src/sys/arch/i386/i386
Date: Sun, 14 Feb 2010 11:09:55 +0000

 Module Name:	src
 Committed By:	drochner
 Date:		Sun Feb 14 11:09:54 UTC 2010

 Modified Files:
 	src/sys/arch/i386/i386: ibcs2_machdep.c svr4_machdep.c

 Log Message:
 fix confused CS selector, fixes the panic reported by Mark Davis
 per PR port-i386/42787 (the panic happens due to a GPF when a
 privileged descriptor is tried to be loaded with the UPL bit set)
 The original bug is very old (pre-2.0, i386/svr4_machdep.c rev. 1.69),
 but it was relatively harmless until the order of GDT entries was
 shuffled (pre-5.0, i386/segments.h rev. 1.42). Before, it caused
 a userlevel data selector to be used for CS which broke the emulation
 (likely the reason of PR port-i386/32424). The shuffle made that
 a privileged selector was used, causing the GPF.
 (recent -current doesn't panic on that GPF which seems to be a
 side effect of another change)


 To generate a diff of this commit:
 cvs rdiff -u -r1.39 -r1.40 src/sys/arch/i386/i386/ibcs2_machdep.c
 cvs rdiff -u -r1.95 -r1.96 src/sys/arch/i386/i386/svr4_machdep.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->feedback
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Sun, 14 Feb 2010 19:36:17 +0000
State-Changed-Why:
Did that commit fix things?


From: Manuel Bouyer <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/32424 CVS commit: [netbsd-5] src/sys/arch/i386/i386
Date: Tue, 16 Feb 2010 21:24:15 +0000

 Module Name:	src
 Committed By:	bouyer
 Date:		Tue Feb 16 21:24:15 UTC 2010

 Modified Files:
 	src/sys/arch/i386/i386 [netbsd-5]: ibcs2_machdep.c svr4_machdep.c

 Log Message:
 Pull up following revision(s) (requested by drochner in ticket #1307):
 	sys/arch/i386/i386/svr4_machdep.c: revision 1.96
 	sys/arch/i386/i386/ibcs2_machdep.c: revision 1.40
 fix confused CS selector, fixes the panic reported by Mark Davis
 per PR port-i386/42787 (the panic happens due to a GPF when a
 privileged descriptor is tried to be loaded with the UPL bit set)
 The original bug is very old (pre-2.0, i386/svr4_machdep.c rev. 1.69),
 but it was relatively harmless until the order of GDT entries was
 shuffled (pre-5.0, i386/segments.h rev. 1.42). Before, it caused
 a userlevel data selector to be used for CS which broke the emulation
 (likely the reason of PR port-i386/32424). The shuffle made that
 a privileged selector was used, causing the GPF.
 (recent -current doesn't panic on that GPF which seems to be a
 side effect of another change)


 To generate a diff of this commit:
 cvs rdiff -u -r1.36 -r1.36.10.1 src/sys/arch/i386/i386/ibcs2_machdep.c
 cvs rdiff -u -r1.92 -r1.92.4.1 src/sys/arch/i386/i386/svr4_machdep.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: Manuel Bouyer <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/32424 CVS commit: [netbsd-5-0] src/sys/arch/i386/i386
Date: Tue, 16 Feb 2010 21:24:22 +0000

 Module Name:	src
 Committed By:	bouyer
 Date:		Tue Feb 16 21:24:22 UTC 2010

 Modified Files:
 	src/sys/arch/i386/i386 [netbsd-5-0]: ibcs2_machdep.c svr4_machdep.c

 Log Message:
 Pull up following revision(s) (requested by drochner in ticket #1307):
 	sys/arch/i386/i386/svr4_machdep.c: revision 1.96
 	sys/arch/i386/i386/ibcs2_machdep.c: revision 1.40
 fix confused CS selector, fixes the panic reported by Mark Davis
 per PR port-i386/42787 (the panic happens due to a GPF when a
 privileged descriptor is tried to be loaded with the UPL bit set)
 The original bug is very old (pre-2.0, i386/svr4_machdep.c rev. 1.69),
 but it was relatively harmless until the order of GDT entries was
 shuffled (pre-5.0, i386/segments.h rev. 1.42). Before, it caused
 a userlevel data selector to be used for CS which broke the emulation
 (likely the reason of PR port-i386/32424). The shuffle made that
 a privileged selector was used, causing the GPF.
 (recent -current doesn't panic on that GPF which seems to be a
 side effect of another change)


 To generate a diff of this commit:
 cvs rdiff -u -r1.36 -r1.36.16.1 src/sys/arch/i386/i386/ibcs2_machdep.c
 cvs rdiff -u -r1.92 -r1.92.6.1 src/sys/arch/i386/i386/svr4_machdep.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: feedback->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Fri, 15 Oct 2010 04:48:03 +0000
State-Changed-Why:
Feedback timeout; assume the commit fixed it.


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.