system() fails on s3c2410 (2.6.11)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
Hi All,
   I have an application running on an s3c2410 which makes fairly heavy
use of the system() function call.
The system() call seems to launch the requested binary, but execution
fails to return to the correct point in the calling application. That
is, I have debug statements before and after the system() call; I see
the before, but not after debug statement. The calling program does
continue, just not from where system() returns.

I have experimented with various versions of gcc and glibc. I am cross
compiling from an x86 host. I have used pre-rolled toolchains from
handhelds.org, and custom rolled versions with the same outcome. I have
settled on a combination of GCC 3.4.5 and glibc 2.3.6.

I'm in the process of instrumenting execve() in sys_arm.c to see if I
can shed any more light on the problem.

The actual behaviour of the calling application varies when calling
system(); it may exit (killed by kernel),  silently return to some
location further on in the application, or it may oops (see below). My
hunch is that it's related to stack pointer corruption in
execve/do_exec/memcpy/ret_to_user.

I can't change kernel versions at this point, we have modified too many
parts of the kernel to cleanly patch in anything newer. I've trawled
through changelogs and tried to understand the differences between the
2.6.11 and latest versions of the relevant files, but nothing stands out.

Is anyone aware of issues related to system() or execve() on ARM in
general, or specifically the s3c24xx?

Details:
/bin/sh is supplied by busybox
root f/s is cramfs (on flash)
kernel version is 2.6.11
micro is an s3c2410 on custom board
application is a c++ binary (stripped, dynamically linked)
gcc 3.4.5
glibc 2.3.6

oops/backtrace calling system( "pidof" ):
CPU: 0
PC is at collect_sigign_sigcatch+0x24/0x74
LR is at 0xffffff01
pc : [<c009b2a8>]    lr : [<ffffff01>]    Not tainted
sp : c0625da8  ip : c0625dc4  fp : c0625dc0
r10: 00000000  r9 : c0ee27e0  r8 : 00000000
r7 : 00000000  r6 : c0625ee0  r5 : c0625ed8  r4 : 0000003f
r3 : fffffefd  r2 : c0625ed8  r1 : 00000000  r0 : c0ee27e0
Flags: NzCv  IRQs off  FIQs on  Mode SVC_32  Segment user
Control: C000317F  Table: 30780000  DAC: 00000015
Process pidof (pid: 913, stack limit = 0xc0624194)
Stack: (0xc0625da8 to 0xc0626000)
5da0:                   00000001 c0626000 c040d8b8 c0625f20 c0625dc4
c009b860
5dc0: c009b294 00000000 00000000 c001b040 00000001 c0591854 00000000
c0828d80
5de0: 40015000 00001000 c0780000 00000817 c0625e44 c0625e00 c0060050
00000000
5e00: c01ecac4 c0625e2c c0625e14 c009825c c0037cb4 c040db30 c0625e54
c0625e28
5e20: c0086318 c00c515c c0af8884 c040d9fc c0625e54 c0625e40 c0099514
c00993dc
5e40: c040d9fc c0af8884 c0625e84 c0625e58 c007b578 c00994e4 c026b180
c040d9fc
5e60: c0625f34 00000000 c040d9fc c0625f34 c040d8c8 c0625f34 00000060
c0625f68
5e80: 2b0cdbd8 00000000 00000000 00000000 00000000 00000000 00000000
00000000
5ea0: 00000000 00000001 ffffffff ffffffff 00000053 00000000 ffffffff
00000000
5ec0: c08715c0 ffffffff 00000000 00000000 00000000 c0626000 00000000
00000000
5ee0: 00000000 00000000 69666977 6b727720 00000071 00000000 c0ee27e0
c0626000
5f00: c040d8b8 00000400 c0625f78 c0624000 40015000 c0625f4c c0625f24
c00988e4
5f20: c009b73c 00000000 00000400 00000000 c042a580 40015000 c0624000
c0625f78
5f40: c0625f74 c0625f50 c006da90 c0098898 c042a5a4 c042a580 c0625f78
00000000
5f60: 00000000 401316d8 c0625fa4 c0625f78 c006dd74 c006d9e0 00000000
00000000
5f80: 00000000 00012bb0 00012bb0 000000ff 00000003 c001fa64 00000000
c0625fa8
5fa0: c001f8e0 c006dd38 00012bb0 00000000 00000010 40015000 00000400
00000000
5fc0: 00012bb0 00012bb0 000000ff beffc214 00000000 0000000a 401316d8
beffc214
5fe0: 00000000 beffc168 00002668 400c97f0 60000010 00000010 e5999004
e5993000
Backtrace:
[<c009b284>] (collect_sigign_sigcatch+0x0/0x74) from [<c009b860>]
(do_task_stat+0x134/0x514)
r6 = C040D8B8  r5 = C0626000  r4 = 00000001
[<c009b72c>] (do_task_stat+0x0/0x514) from [<c00988e4>]
(proc_info_read+0x5c/0x98)
[<c0098888>] (proc_info_read+0x0/0x98) from [<c006da90>]
(vfs_read+0xc0/0x138)
[<c006d9d0>] (vfs_read+0x0/0x138) from [<c006dd74>] (sys_read+0x4c/0x74)
[<c006dd28>] (sys_read+0x0/0x74) from [<c001f8e0>]
(ret_fast_syscall+0x0/0x2c)
r8 = C001FA64  r7 = 00000003  r6 = 000000FF  r5 = 00012BB0
r4 = 00012BB0
Code: e1a05002 e283e004 e3a01000 e3a0403f (e59e2000)



-------------------------------------------------------------------
List admin: http://lists.arm.linux.org.uk/mailman/listinfo/linux-arm
FAQ:        http://www.arm.linux.org.uk/mailinglists/faq.php
Etiquette:  http://www.arm.linux.org.uk/mailinglists/etiquette.php

[Linux ARM]     [Linux ARM MSM]     [Linux ARM Kernel]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

Add to Google Follow linuxarm on Twitter