diff options
Diffstat (limited to 'gitlab/issues/target_mips/host_missing/accel_missing/1722.toml')
| -rw-r--r-- | gitlab/issues/target_mips/host_missing/accel_missing/1722.toml | 95 |
1 files changed, 0 insertions, 95 deletions
diff --git a/gitlab/issues/target_mips/host_missing/accel_missing/1722.toml b/gitlab/issues/target_mips/host_missing/accel_missing/1722.toml deleted file mode 100644 index 89c18863..00000000 --- a/gitlab/issues/target_mips/host_missing/accel_missing/1722.toml +++ /dev/null @@ -1,95 +0,0 @@ -id = 1722 -title = "qemu-mipsn32: Illegal Instruction at `exts` instruction" -state = "closed" -created_at = "2023-06-23T00:26:09.313Z" -closed_at = "2024-08-20T06:50:14.350Z" -labels = ["target: mips"] -url = "https://gitlab.com/qemu-project/qemu/-/issues/1722" -host-os = "Ubuntu 20.04.1" -host-arch = "x86_64" -qemu-version = "8.0.50" -guest-os = "- OS/kernel version:" -guest-arch = "N32 MIPS64" -description = """Run with the command above, I got this error: - -``` -qemu-mipsn32 run -qemu: uncaught target signal 4 (Illegal instruction) - core dumped -Illegal instruction (core dumped) -``` - -I then tried to debug the program with qemu option `-g 1234` and know that - -``` -$ gdb-multiarch run -... - -pwndbg> target remote 0:1234 -... - -pwndbg> c -Continuing. - -Program received signal SIGILL, Illegal instruction. -0x3f7d2434 in ?? () from /lib32/ld.so.1 -warning: GDB can't find the start of the function at 0x3f7d2434. -x/10i - -pwndbg> x/10i $pc -=> 0x3f7d2434:\t0x7047f03a - 0x3f7d2438:\tlui\ta3,0x7000 - 0x3f7d243c:\tori\ta3,a3,0x5e - 0x3f7d2440:\tb\t0x3f7d241c - 0x3f7d2444:\tsubu\tv0,a3,v0 - 0x3f7d2448:\tsltiu\ta7,a3,-3 - 0x3f7d244c:\tbnezl\ta7,0x3f7d246c - 0x3f7d2450:\tsubu\ta3,a4,v0 - 0x3f7d2454:\taddiu\ta3,a3,1 - 0x3f7d2458:\tli\tv0,-4 -``` - -So I know the problem is in libc32/ld.so.1. When I dissasemble that file and look at offset 0x4434, it's an `exts` instruction as below: - -``` -$ file /lib32/ld.so.1 -/lib32/ld-2.15.so: ELF 32-bit MSB shared object, MIPS, N32 MIPS64 rel2 version 1 (SYSV), dynamically linked, stripped - -$ ./mips64-n32--glibc--stable-2022.08-1/bin/mips64-buildroot-linux-gnu-objdump -d /lib32/ld.so.1 | less - ... - 4434: 7047f03a exts a3,v0,0x0,0x1e - 4438: 3c077000 lui a3,0x7000 - 443c: 34e7005e ori a3,a3,0x5e - 4440: 1000fff6 b 441c <GLIBC_2.0@@GLIBC_2.0+0x441c> - 4444: 00e21023 subu v0,a3,v0 - 4448: 2cebfffd sltiu a7,a3,-3 - 444c: 55600007 bnezl a7,446c <GLIBC_2.0@@GLIBC_2.0+0x446c> - 4450: 01023823 subu a3,a4,v0 - 4454: 24e70001 addiu a3,a3,1 - 4458: 2402fffc li v0,-4 -```""" -reproduce = """1. Download toolchain of mips64-n32 on toolchains.bootlin.com [here](https://toolchains.bootlin.com/releases_mips64-n32.html) -2. Write this c code to file `run.c`: - -```c -#include <stdio.h> - -int main(){ -\tputs("hello world"); -\twhile (1); -} -``` - -3. Compile file run.c with downloaded toolchain: - -``` -mips64-n32--glibc--stable-2022.08-1/bin/mips64-buildroot-linux-gnu-gcc run.c -o run -``` - -> Step 1, 2 and 3 can be skip if you download the attached `run` file. - -4. Download the attached ld -5. Make new dir at `/lib32` and move the file ld to `/lib32` -6. Run command `qemu-mipsn32 run`""" -additional = """[ld-2.15.so](/uploads/95f4da26e42d43d39aa2350670134bb5/ld-2.15.so) - -[run](/uploads/01be57442009a75cf2f59cbcf53474f4/run)""" |