Subject: port-amd64/36967: netbsd-32 emulation broken on amd64
To: None <port-amd64-maintainer@netbsd.org, gnats-admin@netbsd.org,>
From: None <christos@zoulas.com>
List: netbsd-bugs
Date: 09/10/2007 15:55:00
>Number: 36967
>Category: port-amd64
>Synopsis: netbsd-32 emulation broken on amd64
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: port-amd64-maintainer
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Sep 10 15:55:00 +0000 2007
>Originator: Christos Zoulas
>Release: NetBSD 4.99.31
>Organization:
None, but trying.
>Environment:
System: NetBSD quasar.astron.com 4.99.31 NetBSD 4.99.31 (QUASAR) #40: Mon Sep 10 09:06:44 EDT 2007 christos@quasar.astron.com:/usr/src/sys/arch/amd64/compile/QUASAR amd64
Architecture: x86_64
Machine: amd64
>Description:
The dynamic linker tries to mprotect the text segment of libc
in order to perform text relocations. While this works on i386
it does not seem to work on x86_64. Here's the trace:
701 1 ls CALL netbsd32_open(0xffffcf30,0,0x400)
701 1 ls NAMI "/emul/netbsd32/usr/lib/libc.so.12"
701 1 ls RET netbsd32_open 3
701 1 ls CALL __fstat30(3,0xffffce78)
701 1 ls RET __fstat30 0
701 1 ls CALL netbsd32_mmap(0,0x1000,1,1,3,0,0,0)
701 1 ls RET netbsd32_mmap 4227559424/0xfbfb7000
701 1 ls CALL netbsd32_munmap(0xfbfb7000,0x1000)
701 1 ls RET netbsd32_munmap 0
701 1 ls CALL netbsd32_mmap(0,0xe8000,5,2,3,0,0,0)
Here we map the segment with permission 5 [r-x]
701 1 ls RET netbsd32_mmap 4226613248/0xfbed0000
701 1 ls CALL netbsd32_mmap(0xfbfa1000,0x7000,3,0x12,3,0,0xd0000,0)
701 1 ls RET netbsd32_mmap 4227469312/0xfbfa1000
701 1 ls CALL netbsd32_mmap(0xfbfa8000,0x10000,3,0x1012,0xffffffff,0,0,0)
701 1 ls RET netbsd32_mmap 4227497984/0xfbfa8000
701 1 ls CALL netbsd32_close(3)
701 1 ls RET netbsd32_close 0
701 1 ls CALL netbsd32_mprotect(0xfbed0000,0xd1000,7)
Here we try to re-map it with 7 [rwx] and we fail.
701 1 ls RET netbsd32_mprotect -1 errno 13 Permission denied
701 1 ls CALL netbsd32_write(2,0xffffd488,0x48)
701 1 ls GIO fd 2 wrote 72 bytes
"/usr/lib/libc.so.12: Cannot write-enable text segment: Permission deni\
ed"
701 1 ls RET netbsd32_write 72/0x48
701 1 ls CALL netbsd32_write(2,0xfbff78e3,1)
701 1 ls GIO fd 2 wrote 1 bytes
"\n"
701 1 ls RET netbsd32_write 1
701 1 ls CALL netbsd32_exit(1)
I don't understand how this works on i386 either. It appears to be failing
the test in uvm_map.c:
if ((new_prot & current->max_protection) != new_prot) {
error = EACCES;
goto out;
}
where max_protection = 5, and new_prot = 7...
>How-To-Repeat:
Install netbsd-32 libraries from head and try to run any binary.
$ ./ls
/usr/lib/libc.so.12: Cannot write-enable text segment: Permission denied
>Fix:
?