Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1423434
Summary: | out of bounds stack access triggered by __sync_synchronize() on i686 | |||
---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Kamil Dudka <kdudka> | |
Component: | gcc | Assignee: | Jakub Jelinek <jakub> | |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | |
Severity: | high | Docs Contact: | ||
Priority: | high | |||
Version: | 26 | CC: | davejohansen, dueno, jakub, jstanek, jwakely, kdudka, law, lslebodn, mjw, mpolacek, pkubat, wilmer5 | |
Target Milestone: | --- | Keywords: | Regression | |
Target Release: | --- | |||
Hardware: | i686 | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | If docs needed, set a value | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1428286 (view as bug list) | Environment: | ||
Last Closed: | 2017-03-01 20:35:32 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1423318, 1428286 |
Description
Kamil Dudka
2017-02-17 10:20:10 UTC
The minimal example seems to be as easy as: int main() { __sync_synchronize(); } ==18365== Invalid read of size 4 ==18365== at 0x80483D9: main (test.c:3) ==18365== Address 0xfec676b4 is on thread 1's stack ==18365== 4 bytes below stack pointer # rpm -q gcc valgrind gcc-7.0.1-0.8.fc26.i686 valgrind-3.12.0-3.fc26.i686 Switching to gcc... *** Bug 1425107 has been marked as a duplicate of this bug. *** This has been reverted upstream today, the lock orl $0, -4(%esp) form of mfence has been done that way for performance reasons, but people who care about performance should not be using 32-bit code anyway, so it will be again lock orl $0, (%esp). See http://gcc.gnu.org/r245577 This will be picked by Fedora gcc mid to late this week, then you'll need to rebuild anything that uses __sync_synchronize or similar atomic barriers and you care about running it under valgrind in 32-bit mode (the code is really harmless, because it doesn't change the word below sp, but valgrind is still unhappy about that). Thanks. The valgrind bug related to below stack accesses to implement memory fences on i386 is https://bugs.kde.org/show_bug.cgi?id=374940 This bug appears to have been reported against 'rawhide' during the Fedora 26 development cycle. Changing version to '26'. Should be fixed in gcc-7.0.1-0.10.fc26. You need to rebuild 32-bit packages that use such barriers and you want to run them under valgrind (outside of valgrind it is really harmless). |