NetBSD Problem Report #53630

From martin@duskware.de  Mon Sep 24 20:19:06 2018
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id D15BE7A1DC
	for <gnats-bugs@gnats.NetBSD.org>; Mon, 24 Sep 2018 20:19:05 +0000 (UTC)
From: martin@NetBSD.org
Reply-To: martin@NetBSD.org
To: gnats-bugs@NetBSD.org
Subject: openssl fallout on arm
X-Send-Pr-Version: 3.95

>Number:         53630
>Category:       kern
>Synopsis:       openssl fallout on arm
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    skrll
>State:          feedback
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Sep 24 20:20:01 +0000 2018
>Closed-Date:    
>Last-Modified:  Fri Nov 05 18:30:05 +0000 2021
>Originator:     Martin Husemann
>Release:        NetBSD 8.99.25
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD space-truckin.duskware.de 8.99.25 NetBSD 8.99.25 (SUNXI) #69: Mon Sep 24 15:56:45 CEST 2018 martin@night-owl.duskware.de:/usr/src/sys/arch/evbarm/compile/SUNXI evbarm
Architecture: earmv7hfeb
Machine: evbarm
>Description:

After the openssl update, ssh-agent fails on arm.

>How-To-Repeat:

 >  ssh-agent tcsh
 >  ssh-add
 Error connecting to agent: Connection refused


>Fix:
n/a

>Release-Note:

>Audit-Trail:
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: lib/53630: openssl fallout on arm
Date: Sun, 30 Sep 2018 11:37:38 +0200

 The SIGILL is not from the cpu features probe sequence (where it is
 guarded by a sigsetjmp), but from:

 Thread 2 received signal SIGILL, Illegal instruction.
 0x72d39468 in _armv7_tick () from /usr/lib/libcrypto.so.14
 (gdb) bt
 #0  0x72d39468 in _armv7_tick () from /usr/lib/libcrypto.so.14
 #1  0x72c6923c in get_timer_bits ()
     at /usr/src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:647
 #2  rand_pool_add_additional_data (pool=pool@entry=0x728321a0)
     at /usr/src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:603
 #3  0x72c69554 in rand_drbg_get_additional_data (pout=pout@entry=0x7fe2307c, 
     max_len=<optimized out>)
     at /usr/src/crypto/external/bsd/openssl/dist/crypto/rand/rand_lib.c:291
 #4  0x72c6adc8 in RAND_DRBG_bytes (drbg=0x7284a900, out=0x72818a00 "", 
     outlen=512)
     at /usr/src/crypto/external/bsd/openssl/dist/crypto/rand/drbg_lib.c:652
 #5  0x72ce14d8 in bnrand (flag=PRIVATE, rnd=0x72832158, bits=4096, top=-1, 
     bottom=0)
     at /usr/src/crypto/external/bsd/openssl/dist/crypto/bn/bn_rand.c:46
 #6  0x72ce1720 in bnrand_range (flag=PRIVATE, r=0x72832158, range=0x72832140)
     at /usr/src/crypto/external/bsd/openssl/dist/crypto/bn/bn_rand.c:162

 (gdb) info reg
 r0             0x2      2
 r1             0x0      0
 r2             0x2914   10516
 r3             0x72ded500       1927206144
 r4             0x0      0
 r5             0x7fe23008       2145529864
 r6             0x0      0
 r7             0x7284a900       1921296640
 r8             0x728321a0       1921196448
 r9             0x0      0
 r10            0x2      2
 r11            0x7fe2304c       2145529932
 r12            0x72de8f30       1927188272
 sp             0x7fe23008       0x7fe23008
 lr             0x72c6923c       1925616188
 pc             0x72d39468       0x72d39468 <_armv7_tick>
 cpsr           0x20070210       537330192

 (gdb) x/16i $pc
 => 0x72d39468 <_armv7_tick>:    mrrc    15, 1, r0, r1, cr14
    0x72d3946c <_armv7_tick+4>:  mov     pc, lr

 IIUC this coprocessor access should be allowed by userland if some special
 bit in the process status is set (which it obviously is during the constructor
 run at library load time). Maybe we lose this bit for new threads?

 Martin

Responsible-Changed-From-To: lib-bug-people->skrl
Responsible-Changed-By: martin@NetBSD.org
Responsible-Changed-When: Sun, 30 Sep 2018 10:28:44 +0000
Responsible-Changed-Why:
Turned out to be a kernel bug, Nick has a patch


State-Changed-From-To: open->analyzed
State-Changed-By: martin@NetBSD.org
State-Changed-When: Sun, 30 Sep 2018 10:28:44 +0000
State-Changed-Why:
Nothing wrong in userland, only happens on machines
with gtmr and multiple CPUs.


Responsible-Changed-From-To: skrl->skrll
Responsible-Changed-By: leot@NetBSD.org
Responsible-Changed-When: Sun, 30 Sep 2018 11:42:33 +0000
Responsible-Changed-Why:
(Fix a typo)


State-Changed-From-To: analyzed->feedback
State-Changed-By: martin@NetBSD.org
State-Changed-When: Fri, 05 Nov 2021 18:30:05 +0000
State-Changed-Why:
Nick, has this been fixed? I think so (and haven't seen any fallout "lately")


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.