3

I'm working on a port of some software with inline assembly because we took a few bug reports from a Debian maintainer under X32. The code is fine under both X86 and X64.

We're catching a bus error on the emms instruction:

   ...
   0x005520fd <+3885>:  pop    %rsp
   0x005520fe <+3886>:  emms   
=> 0x00552100 <+3888>:  pop    %rbx
   0x00552101 <+3889>:  jmpq   0x5519e3
   0x00552106 <+3894>:  nopw   %cs:0x0(%rax,%rax,1)
   ...

According to the manual, the following exceptions are raised:

Exceptions:

    RM PM VM SMM Description
    #UD #UD #UD #UD If CR0.EM = 1
    #NM #NM #NM #NM If CR0.TS = 1
    #MF #MF #MF #MF If pending FPU Exception

Here is the mask used in the MMX status register:

mxcsr    0x1f80    [ IM DM ZM OM UM PM ]

I don't believe I have access to the control registers to determine what actually caused the exception, so I'm having trouble locating the cause of the bus error.

What are some of the potential causes of the bus error? Or how can I trouble shoot this further?

Here's info float:

(gdb) info float
  R7: Empty   0xffffffffffffffffffff
  R6: Empty   0xffffa5a5a5a5a5a5a5a5
  R5: Empty   0xfffffedcba9876543210
  R4: Empty   0xffffb182db48cf349120
  R3: Empty   0xffff926cd0b6a839b535
  R2: Empty   0xfffff373de2d49584e7a
  R1: Empty   0xffff16166e76b1bb925f
=>R0: Empty   0xffff24f0130c63ac9332

Status Word:         0x0000                                            
                       TOP: 0
Control Word:        0x037f   IM DM ZM OM UM PM
                       PC: Extended Precision (64-bits)
                       RC: Round to nearest
Tag Word:            0xffff
Instruction Pointer: 0x00:0x00000000
Operand Pointer:     0x00:0x00000000
Opcode:              0x0000

And here's from info registers:

(gdb) info registers
rax            0xffffcb58   0xffffcb58
rbx            0x30 0x30
rcx            0x14f3   0x14f3
rdx            0x61d560 0x61d560
rsi            0xffffcb08   0xffffcb08
rdi            0x14 0x14
rbp            0xffffcb58   0xffffcb58
rsp            0xb62f7cbfffffc8d8   0xb62f7cbfffffc8d8
r8             0x0  0x0
r9             0x40 0x40
r10            0x2e676e696e6e7572   0x2e676e696e6e7572
r11            0x246    0x246
r12            0x9028a0 0x9028a0
r13            0xffffcaf0   0xffffcaf0
r14            0x8f6120 0x8f6120
r15            0xffffca6c   0xffffca6c
rip            0x552100 0x552100
eflags         0x10246  [ PF ZF IF RF ]
cs             0x33 0x33
ss             0x2b 0x2b
ds             0x2b 0x2b
es             0x2b 0x2b
fs             0x63 0x63
gs             0x0  0x0

Here's a breakout of the MMX status register bits:

  IM - Invalid Operation Mask
  DM - Denormalized Mask
  ZM - Divide By Zero Mask
  OM - Overflow Mask
  UM - Underflow Mask
  PM - Precision Mask
jww
  • 97,681
  • 90
  • 411
  • 885
  • Can you include the section of source code that corresponds to this chunk of generated code, so that we can see which intrinsics are being used, etc ? – Paul R Sep 22 '15 at 14:00

1 Answers1

0

EMMS is executing without problem, as shown the arrow and the value of rip the fault is with the following pop because rsp points to invalid memory. The correct value of rsp is something less than 0x100000000.

Timothy Baldwin
  • 3,551
  • 1
  • 14
  • 23