luik@UUNET.UU.NET (Andreas Luik) (10/08/89)
Hello,
a bug report:
Version: gdb 3.2
Machine: Sun 3/50 or 3/60
Op. Sys: SunOS 4.0.3
Synopsis:
the command try-writing-regs crashes the kernel
Description:
If someone trys the command try-writing-regs, the function
try_writing_regs_command() tries to display the values of the
kernel address space starting from 0. After it displays
" Failed at 0x1f00.", the kernel of our Sun crashes with the
following messages:
vmunix: sh:
vmunix: trap address 0x8, pid 18329, pc = f028198, sr = 2000, stkfmt b, context 2
vmunix: Bus Error Reg 80<INVALID>
vmunix: data fault address ffffa000 faultc 0 faultb 0 dfault 1 rw 1 size 2 fcode 5
vmunix: KERNEL MODE
vmunix: page map 2000000 pmgrp f8
vmunix: D0-D7 1ffe f0ba388 2 0 0 0 18 1ffe
vmunix: A0-A7 1ffe 1fff8000 1ffe efffd68 f08446a f0ba388 ffff9768 ffff9744
vmunix: Begin traceback...fp = ffff9768, sp = ffff9744
vmunix: Called from f01d2ce, fp=ffff9780, args=ffffffff f0ba388 10 10
vmunix: Called from f061904, fp=ffff97a8, args=0 20117 eca005c eca005c
vmunix: Called from f004768, fp=efffd28, args=3b 0 0 0
vmunix: End traceback...
vmunix: panic: Bus error
vmunix: syncing file systems... [5] [4] [1] done
vmunix:
vmunix: dumping to vp f11fa8c, offset 25123
vmunix: 1022 total pages, dump succeeded
vmunix: rebooting...
vmunix: SunOS Release 4.0.3_EXPORT (GOEDEL) #3: Wed Aug 2 16:05:10 MET DST 1989
Fix:
First, I reported this bug to Sun. The German Answer Center told me,
that they will report the bug to the development team to ensure that
the parameters of the ptrace() system call will be checked for legal
values. The reason of the crash is that the loop is not terminated
at the end of the address space. A correct version of the loop in
try_writing_regs_command() should have the following form: (at least
on a Sun):
{
struct user user;
for (i = 0; i < sizeof (user); i += 2) {
errno = 0;
value = ptrace (3, pid, i, 0);
ptrace (6, pid, i, value);
if (errno == 0)
printf ("Succeeded with address 0x%x; value 0x%x (%d).\n",
i, value, value);
else if ((i & 0377) == 0)
printf ("Failed at 0x%x.\n", i);
}
break;
}
Note: The struct user is defined in <sys/user.h>.
Is this a correct fix. How does this affect other architectures?
Thanks,
--
Andreas Luik
I S A GmbH - Informationssysteme fuer computerintegrierte Automatisierung
Azenbergstr. 35, D-7000 Stuttgart 1, West-Germany, Phone: +49-711/22769-44
Domain: luik@isaak.isa.de BITNET: luik%isaak.uucp@unido.bitnet
UUCP: luik@isaak.uucp Bang: ...{uunet!unido,pyramid!iaoobel}!isaak!luik