lxylxy123456
commented
1 year ago I have created PR https://github.com/OSPreservProject/oskit/pull/2 that fixes this bug.
Open lxylxy123456 opened 1 year ago
lxylxy123456
commented
1 year ago I have created PR https://github.com/OSPreservProject/oskit/pull/2 that fixes this bug.
npe9
commented
1 year ago What sort of environment are you compiling in?
lxylxy123456
commented
1 year ago I am compiling using GCC 12. The target machine is i386 (Intel, 32 bits, BIOS). This bug is reporducible on real hardware and on QEMU.
I found this bug while taking an operating systems class in a university. The class website contains more information about the environment.
npe9
commented
1 year ago Gotcha, you're still going to have to be very specific. I've got two little kids so I don't have many cycles for deep dives. Can I get your exact command lines to start? both gcc and qemu?
npe9
commented
1 year ago Also roping in @bford because he's the subject matter expert here.
lxylxy123456
commented
1 year ago The bug is triggered while the lmm library is used by the code provided by my class. Unfortunately this code is not publicly available. I think it is easier to reproduce this bug by running lmm in a Linux process.
The source code is in: https://gist.github.com/lxylxy123456/1cb7c1319aaf37373c6712e7cfae35ad
I am using GCC 12.2.1, Fedora 37 (Linux kernel 6.0). This program should be able to run on other operating systems.
Steps to reproduce:
./configure
cd lmm
make
cd ..
gcc -I . a.c -o a lmm/liboskit_lmm.a
./aThe program output looks like
mem = 0x4040c0
lmm_init
lmm_add_region
lmm_add_free(&lmm, mem + 8, 4096 - 8)
lmm_add_free(&lmm, mem + 1, 3)
a: a.c:23: panic: Assertion `0' failed.
Aborted (core dumped)Using GDB, the backtrace is:
#0 0x00007ffff7e4fe7c in __pthread_kill_implementation ()
from /lib64/libc.so.6
#1 0x00007ffff7dffaa6 in raise () from /lib64/libc.so.6
#2 0x00007ffff7de97fc in abort () from /lib64/libc.so.6
#3 0x00007ffff7de971b in __assert_fail_base.cold () from /lib64/libc.so.6
#4 0x00007ffff7df8656 in __assert_fail () from /lib64/libc.so.6
#5 0x00000000004011b8 in panic (
fmt=0x4020a0 "lmm_add_free.c:%u: failed assertion `max >= min'") at a.c:23
#6 0x0000000000401375 in lmm_add_free (lmm=<optimized out>,
block=<optimized out>, size=<optimized out>) at lmm_add_free.c:33
#7 0x0000000000401255 in main () at a.c:36If you change line 34 from if (1) to if (0), then the assertion failure disappears
mem = 0x4040c0
lmm_init
lmm_add_region
lmm_add_free(&lmm, mem + 8, 4096 - 8)
lmm_alloc
result: 0x4040d0Please let me know if you need any other information. Than you.
npe9
commented
1 year ago Excellent, thank you. I'll look at it and merge it when I reproduce it.
I recently encountered assertion error in the following line in lmm_add_free(): https://github.com/OSPreservProject/oskit/blob/c9e5fcde719a151a5f67b1f67e7186203c95b82f/lmm/lmm_add_free.c#L33
This error happens when the caller calls
lmm_add_free(lmm, (void *)0x2345, 2). Suppose alignment is 8. Then:min = 0x2345max = 0x2347min = 0x2348max = 0x2340max >= minis false (0x2340 >= 0x2348is false)