[Bug 38719] 64-bit ARM Windows applications from Windows SDK for Windows 10 crash when accessing TEB/PEB members (AArch64 platform specific register X18 used for TEB?)
wine-bugs at winehq.org
wine-bugs at winehq.org
Thu Jun 11 17:47:26 CDT 2015
https://bugs.winehq.org/show_bug.cgi?id=38719
--- Comment #2 from Anastasius Focht <focht at gmx.net> ---
Hello André,
unfortunately it's the 64-bit ELF loader that trashes register X18 during
symbol resolving.
--- snip ---
(gdb) bt
#0 0x0000007fb7fd9498 in do_lookup_x () from /lib/ld-linux-aarch64.so.1
#1 0x0000007fb7fd9de8 in _dl_lookup_symbol_x () from
/lib/ld-linux-aarch64.so.1
#2 0x0000007fb7fdd7ec in _dl_fixup () from /lib/ld-linux-aarch64.so.1
#3 0x0000007fb7fe3b4c in _dl_runtime_resolve () from
/lib/ld-linux-aarch64.so.1
#4 0x0000007fb7e2674c in default_dbg_vlog (cls=<optimized out>,
channel=<optimized out>, func=<optimized out>,
format=0x7fb7c39518 "TEB %p\n", args=...) at ../../../libs/wine/debug.c:414
#5 0x0000007fb7e26904 in wine_dbg_log (cls=__WINE_DBCL_ERR, channel=<optimized
out>, func=<optimized out>, format=<optimized out>)
at ../../../libs/wine/debug.c:256
#6 0x0000007fb7c1a578 in signal_init_thread (teb=0x7fb7e18000) at
../../../dlls/ntdll/signal_arm64.c:815
#7 0x0000007fb7c1fb54 in thread_init () at ../../../dlls/ntdll/thread.c:299
#8 0x0000007fb7bfc29c in __wine_process_init () at
../../../dlls/ntdll/loader.c:3105
#9 0x0000007fb7e27c50 in wine_init (argc=2, argv=0x7ffffff4e8,
error=0x7fffffefa0 "", error_size=1024) at ../../../libs/wine/loader.c:958
#10 0x0000000000400c8c in main (argc=2, argv=0x7ffffff4e8) at
../../loader/main.c:247
(gdb) info share
>From To Syms Read Shared Object Library
0x0000007fb7fd1b80 0x0000007fb7fe7d10 Yes (*) /lib/ld-linux-aarch64.so.1
0x0000007fb7e24830 0x0000007fb7e2bbb4 Yes
/root/wine/64/loader/../libs/wine/libwine.so.1
0x0000007fb7dea470 0x0000007fb7df7450 Yes (*) /lib64/libpthread.so.0
0x0000007fb7ca08c0 0x0000007fb7d8215c Yes (*) /lib64/libc.so.6
0x0000007fb7c6ee10 0x0000007fb7c6fa00 Yes (*) /lib64/libdl.so.2
0x0000007fb7bd0490 0x0000007fb7c2bf64 Yes
/root/wine/64/dlls/ntdll/ntdll.dll.so
0x0000007fb7aef2a0 0x0000007fb7b3aa00 Yes (*) /lib64/libm.so.6
(gdb) frame 6
#6 0x0000007fb7c1a578 in signal_init_thread (teb=0x7fb7e18000) at
../../../dlls/ntdll/signal_arm64.c:815
815 ERR("TEB %p\n", teb);
(gdb) p teb
$1 = (TEB *) 0x7fb7e18000
(gdb) frame 0
#0 0x0000007fb7fd9498 in do_lookup_x () from /lib/ld-linux-aarch64.so.1
(gdb) info r
x0 0x7fb7e20ad2 548545891026
x1 0x8d9b5656 2375767638
x2 0x7fffffe9d0 549755808208
x3 0x7fb7e20708 548545890056
x4 0x7fffffe9e0 549755808224
x5 0x7fb8000418 548547855384
x6 0x0 0
x7 0x7fb7ff9078 548547825784
x8 0x0 0
x9 0x7a08a15e8d9b5656 8793455699915658838
x10 0x7fb7e20ae1 548545891041
x11 0x7fb7ff9078 548547825784
x12 0x7fffffe954 549755808084
x13 0x7fffffe958 549755808088
x14 0x7fffffea20 549755808288
x15 0x7fb7e1f9ac 548545886636
x16 0x7fb7fceff8 548547653624
x17 0x7fb7fe3b08 548547738376
x18 0x7fb7e18000 548545855488
x19 0x7fb7ffba90 548547836560
x20 0x1 1
x21 0x7fffffea78 549755808376
x22 0x0 0
x23 0x7fb7e20ad2 548545891026
x24 0x7fb7ff9078 548547825784
x25 0x7fb7ffb738 548547835704
x26 0x1 1
x27 0x8d9b5656 2375767638
x28 0x7fffffe9d0 549755808208
x29 0x7fffffe810 549755807760
x30 0x7fb7fd9de8 548547698152
sp 0x7fffffe7f0 0x7fffffe7f0
pc 0x7fb7fd9498 0x7fb7fd9498 <do_lookup_x+32>
cpsr 0x40000000 1073741824
fpsr 0x0 0
fpcr 0x0 0
--- snip ---
--- snip ---
(gdb) disas
Dump of assembler code for function do_lookup_x:
0x0000007fb7fd9478 <+0>: sub sp, sp, #0x120
0x0000007fb7fd947c <+4>: stp x29, x30, [sp,#32]
0x0000007fb7fd9480 <+8>: add x29, sp, #0x20
0x0000007fb7fd9484 <+12>: stp x23, x24, [sp,#80]
0x0000007fb7fd9488 <+16>: stp x19, x20, [sp,#48]
0x0000007fb7fd948c <+20>: stp x27, x28, [sp,#112]
0x0000007fb7fd9490 <+24>: stp x21, x22, [sp,#64]
0x0000007fb7fd9494 <+28>: stp x25, x26, [sp,#96]
0x0000007fb7fd9498 <+32>: ldr w23, [x5,#8]
0x0000007fb7fd949c <+36>: str x0, [x29,#224]
0x0000007fb7fd94a0 <+40>: mov x24, x1
0x0000007fb7fd94a4 <+44>: mov x14, x2
0x0000007fb7fd94a8 <+48>: str x3, [x29,#184]
0x0000007fb7fd94ac <+52>: str x4, [x29,#216]
0x0000007fb7fd94b0 <+56>: mov x20, x6
0x0000007fb7fd94b4 <+60>: mov x11, x7
...
0x0000007fb7fd9540 <+200>: ldr x18, [x2,#8] ; dang
0x0000007fb7fd9544 <+204>: cbz x3, 0x7fb7fd9b28 <do_lookup_x+1712>
...
0x0000007fb7fd9668 <+496>: add x5, x18, x5, lsl #3 ; dang
0x0000007fb7fd966c <+500>: mov w6, w16
0x0000007fb7fd9670 <+504>: str x19, [sp]
0x0000007fb7fd9674 <+508>: str x8, [x29,#128]
0x0000007fb7fd9678 <+512>: str x9, [x29,#104]
0x0000007fb7fd967c <+516>: str x10, [x29,#152]
0x0000007fb7fd9680 <+520>: str x11, [x29,#136]
0x0000007fb7fd9684 <+524>: str x12, [x29,#112]
0x0000007fb7fd9688 <+528>: str x13, [x29,#120]
0x0000007fb7fd968c <+532>: str x14, [x29,#144]
0x0000007fb7fd9690 <+536>: str x15, [x29,#176]
0x0000007fb7fd9694 <+540>: str x16, [x29,#168]
0x0000007fb7fd9698 <+544>: str x18, [x29,#160] ; dang
...
0x0000007fb7fd96c4 <+588>: ldr x16, [x29,#168]
0x0000007fb7fd96c8 <+592>: ldr x18, [x29,#160] ; dang
...
0x0000007fb7fd9b60 <+1768>: cbz w16, 0x7fb7fd96d8 <do_lookup_x+608>
0x0000007fb7fd9b64 <+1772>: mov w0, #0x18 ; dang
0x0000007fb7fd9b68 <+1776>: umull x5, w16, w0
...
0x0000007fb7fd9b8c <+1812>: add x5, x18, x5 ; dang
0x0000007fb7fd9b90 <+1816>: mov w6, w16
...
0x0000007fb7fd9bb8 <+1856>: str x18, [x29,#160] ; dang
0x0000007fb7fd9bbc <+1860>: bl 0x7fb7fd92d8 <check_match>
0x0000007fb7fd9bc0 <+1864>: mov x25, x0
0x0000007fb7fd9bc4 <+1868>: ldr x8, [x29,#128]
0x0000007fb7fd9bc8 <+1872>: ldr x9, [x29,#104]
0x0000007fb7fd9bcc <+1876>: ldr x10, [x29,#152]
0x0000007fb7fd9bd0 <+1880>: ldr x11, [x29,#136]
0x0000007fb7fd9bd4 <+1884>: ldr x12, [x29,#112]
0x0000007fb7fd9bd8 <+1888>: ldr x13, [x29,#120]
0x0000007fb7fd9bdc <+1892>: ldr x14, [x29,#144]
0x0000007fb7fd9be0 <+1896>: ldr x16, [x29,#168]
0x0000007fb7fd9be4 <+1900>: ldr x18, [x29,#160] ; dang
0x0000007fb7fd9be8 <+1904>: cbz x0, 0x7fb7fd9b58 <do_lookup_x+1760>
...
0x0000007fb7fd9ce4 <+2156>: b 0x7fb7fd9b48 <do_lookup_x+1744>
--- snip ---
A safe solution would be to rebuild the aarch64 toolchain with '-ffixed-x18'
enabled by default along with glibc (or better whole userland).
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list