From: bugzilla at busybox.net <bugzilla@busybox.net>
To: buildroot@busybox.net
Subject: [Buildroot] [Bug 2995] New: -fstack-protector-all causes ssh to SIGSEGV
Date: Mon, 20 Dec 2010 15:43:55 +0000 (UTC) [thread overview]
Message-ID: <bug-2995-163@https.bugs.busybox.net/> (raw)
https://bugs.busybox.net/show_bug.cgi?id=2995
Summary: -fstack-protector-all causes ssh to SIGSEGV
Product: buildroot
Version: unspecified
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Other
AssignedTo: unassigned at buildroot.uclibc.org
ReportedBy: mario at klebsch.de
CC: buildroot at uclibc.org
Estimated Hours: 0.0
Hi!
I bought an AMD Geode alix 2D13 board and tried to get linux running on it. I
compiled buildroot and from the first attempt on, every ssh program crashes
(SIGSEGV). During booting, ssh-keygen crashes, but the other ssh programs
started on the command line did not run, either.
:-(
To get some light on this, I built gdb for my target system and tried to run
ssh-keygen under debugger control. It turned out, that the SIGSEGV was caused
by the third assembly instruction in main. I added a small 'Hello World' to the
openssh source tree and this program also crashed due to the same cause.
Here is the disassembly of the small hello word (which was compiled to xxx.o):
ds9 src # objdump --disassemble openssh-5.1p1/xxx.o
openssh-5.1p1/xxx.o: file format elf32-i386
Disassembly of section .text:
00000000 <main>:
0: 8d 4c 24 04 lea 0x4(%esp),%ecx
4: 83 e4 f0 and $0xfffffff0,%esp
7: ff 71 fc pushl -0x4(%ecx)
a: 55 push %ebp
b: 89 e5 mov %esp,%ebp
d: 51 push %ecx
e: 83 ec 20 sub $0x20,%esp
11:65 a1 14 00 00 00 mov %gs:0x14,%eax <--- Here it crashed
17:89 45 f8 mov %eax,-0x8(%ebp)
1a: 31 c0 xor %eax,%eax
1c: 68 00 00 00 00 push $0x0
21:e8 fc ff ff ff call 22 <main+0x22>
26:83 c4 10 add $0x10,%esp
29:8b 55 f8 mov -0x8(%ebp),%edx
2c: 65 33 15 14 00 00 00 xor %gs:0x14,%edx
33:75 08 jne 3d <main+0x3d>
35:8b 4d fc mov -0x4(%ebp),%ecx
38:c9 leave
39:8d 61 fc lea -0x4(%ecx),%esp
3c: c3 ret
3d:e8 fc ff ff ff call 3e <main+0x3e>
BTW, the code runs fine on my development system
gdb showed, that the gs register on my target device has a value of 0, while it
is 33 on my development system.
It turned out, that the gcc option -fstack-protector-all, which is used for
openssh, causes the failing instruction to be inserted into the object code.
I have no idea, what the gs register is good for, I was not able to google
information about gs register usage on linux systems. Perhaps, my small linux
kernel is missing some option to initialize this register, perhaps buildroot
has an option to initialize the gs register,...
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
next reply other threads:[~2010-12-20 15:43 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-12-20 15:43 bugzilla at busybox.net [this message]
2010-12-20 15:56 ` [Buildroot] [Bug 2995] -fstack-protector-all causes ssh to SIGSEGV bugzilla at busybox.net
2010-12-20 16:52 ` bugzilla at busybox.net
2010-12-20 16:56 ` bugzilla at busybox.net
2010-12-20 21:01 ` bugzilla at busybox.net
2011-03-02 13:51 ` bugzilla at busybox.net
2011-03-02 14:35 ` bugzilla at busybox.net
2011-09-18 10:18 ` bugzilla at busybox.net
2013-11-28 17:15 ` bugzilla at busybox.net
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-2995-163@https.bugs.busybox.net/ \
--to=bugzilla@busybox.net \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.