NetBSD Problem Report #53630
From martin@duskware.de Mon Sep 24 20:19:06 2018
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id D15BE7A1DC
for <gnats-bugs@gnats.NetBSD.org>; Mon, 24 Sep 2018 20:19:05 +0000 (UTC)
From: martin@NetBSD.org
Reply-To: martin@NetBSD.org
To: gnats-bugs@NetBSD.org
Subject: openssl fallout on arm
X-Send-Pr-Version: 3.95
>Number: 53630
>Category: kern
>Synopsis: openssl fallout on arm
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: skrll
>State: feedback
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Sep 24 20:20:01 +0000 2018
>Closed-Date:
>Last-Modified: Fri Nov 05 18:30:05 +0000 2021
>Originator: Martin Husemann
>Release: NetBSD 8.99.25
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD space-truckin.duskware.de 8.99.25 NetBSD 8.99.25 (SUNXI) #69: Mon Sep 24 15:56:45 CEST 2018 martin@night-owl.duskware.de:/usr/src/sys/arch/evbarm/compile/SUNXI evbarm
Architecture: earmv7hfeb
Machine: evbarm
>Description:
After the openssl update, ssh-agent fails on arm.
>How-To-Repeat:
> ssh-agent tcsh
> ssh-add
Error connecting to agent: Connection refused
>Fix:
n/a
>Release-Note:
>Audit-Trail:
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: lib/53630: openssl fallout on arm
Date: Sun, 30 Sep 2018 11:37:38 +0200
The SIGILL is not from the cpu features probe sequence (where it is
guarded by a sigsetjmp), but from:
Thread 2 received signal SIGILL, Illegal instruction.
0x72d39468 in _armv7_tick () from /usr/lib/libcrypto.so.14
(gdb) bt
#0 0x72d39468 in _armv7_tick () from /usr/lib/libcrypto.so.14
#1 0x72c6923c in get_timer_bits ()
at /usr/src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:647
#2 rand_pool_add_additional_data (pool=pool@entry=0x728321a0)
at /usr/src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:603
#3 0x72c69554 in rand_drbg_get_additional_data (pout=pout@entry=0x7fe2307c,
max_len=<optimized out>)
at /usr/src/crypto/external/bsd/openssl/dist/crypto/rand/rand_lib.c:291
#4 0x72c6adc8 in RAND_DRBG_bytes (drbg=0x7284a900, out=0x72818a00 "",
outlen=512)
at /usr/src/crypto/external/bsd/openssl/dist/crypto/rand/drbg_lib.c:652
#5 0x72ce14d8 in bnrand (flag=PRIVATE, rnd=0x72832158, bits=4096, top=-1,
bottom=0)
at /usr/src/crypto/external/bsd/openssl/dist/crypto/bn/bn_rand.c:46
#6 0x72ce1720 in bnrand_range (flag=PRIVATE, r=0x72832158, range=0x72832140)
at /usr/src/crypto/external/bsd/openssl/dist/crypto/bn/bn_rand.c:162
(gdb) info reg
r0 0x2 2
r1 0x0 0
r2 0x2914 10516
r3 0x72ded500 1927206144
r4 0x0 0
r5 0x7fe23008 2145529864
r6 0x0 0
r7 0x7284a900 1921296640
r8 0x728321a0 1921196448
r9 0x0 0
r10 0x2 2
r11 0x7fe2304c 2145529932
r12 0x72de8f30 1927188272
sp 0x7fe23008 0x7fe23008
lr 0x72c6923c 1925616188
pc 0x72d39468 0x72d39468 <_armv7_tick>
cpsr 0x20070210 537330192
(gdb) x/16i $pc
=> 0x72d39468 <_armv7_tick>: mrrc 15, 1, r0, r1, cr14
0x72d3946c <_armv7_tick+4>: mov pc, lr
IIUC this coprocessor access should be allowed by userland if some special
bit in the process status is set (which it obviously is during the constructor
run at library load time). Maybe we lose this bit for new threads?
Martin
Responsible-Changed-From-To: lib-bug-people->skrl
Responsible-Changed-By: martin@NetBSD.org
Responsible-Changed-When: Sun, 30 Sep 2018 10:28:44 +0000
Responsible-Changed-Why:
Turned out to be a kernel bug, Nick has a patch
State-Changed-From-To: open->analyzed
State-Changed-By: martin@NetBSD.org
State-Changed-When: Sun, 30 Sep 2018 10:28:44 +0000
State-Changed-Why:
Nothing wrong in userland, only happens on machines
with gtmr and multiple CPUs.
Responsible-Changed-From-To: skrl->skrll
Responsible-Changed-By: leot@NetBSD.org
Responsible-Changed-When: Sun, 30 Sep 2018 11:42:33 +0000
Responsible-Changed-Why:
(Fix a typo)
State-Changed-From-To: analyzed->feedback
State-Changed-By: martin@NetBSD.org
State-Changed-When: Fri, 05 Nov 2021 18:30:05 +0000
State-Changed-Why:
Nick, has this been fixed? I think so (and haven't seen any fallout "lately")
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.