On Wed, May 10, 2023 at 9:05 PM Sergey Bugaev <buga...@gmail.com> wrote:
> _hurd_startup crashes on accessing 'args' it has just received from
> the exec server in the __exec_startup_get_info. The data arrives
> out-of-line, and... broken:
>
> <snip>
>
> argvType is { msgt_inline = 0, msgt_longform = 1, msgt_deallocate = 1
> }, but argvP is just 0x1000, and it crashes on trying to access that.
>
> Probably the kernel not copying out longform / out-of-line pointers
> correctly? Or MIG generating a wrong userspace structure? cc'ing
> Flavio :)No; that was a false alarm, sorry. By stepping through the copyout code, I see that the data indeed gets allocated at 0x1000. GDB says it cannot read memory because the page is mapped lazily when the userspace reads it, that's all. The real reason it's crashing (on trying to access the argv, yes, that part is true) is that it's calling strlen (argz) -- and guess what happens? That's right, the not-yet-relocated ifunc thing strikes again! Why wasn't this an issue on i386? Apparently strlen is not ifunc-enabled in !SHARED on i386 either. Well, we can work around it the same way as for memcpy; that should help proc proceed further. But that also means it's a different crash than what I've been seeing with the dynamically-linked proc. Sergey
