NetBSD Problem Report #56280
From gson@gson.org Sun Jun 27 18:34:47 2021
Return-Path: <gson@gson.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 4E5991A921F
for <gnats-bugs@gnats.NetBSD.org>; Sun, 27 Jun 2021 18:34:47 +0000 (UTC)
Message-Id: <20210627183433.84B6A2541D3@guava.gson.org>
Date: Sun, 27 Jun 2021 21:34:33 +0300 (EEST)
From: gson@gson.org (Andreas Gustafsson)
Reply-To: gson@gson.org (Andreas Gustafsson)
To: gnats-bugs@NetBSD.org
Subject: Many asan tests are failing on i386
X-Send-Pr-Version: 3.95
>Number: 56280
>Category: port-i386
>Synopsis: Many asan tests are failing on i386
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: mrg
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Jun 27 18:35:00 +0000 2021
>Closed-Date: Mon Jul 12 06:49:11 +0000 2021
>Last-Modified: Mon Jul 12 06:49:11 +0000 2021
>Originator: Andreas Gustafsson
>Release: NetBSD-current, source date >= 2020.09.12.12.11.19
>Organization:
>Environment:
System: NetBSD
Architecture: i386
Machine: i386
>Description:
On Sep 12, 2020, an automated notice was sent to current-users about
new test failures on i386, including the following:
usr.bin/c++/t_asan_global_buffer_overflow:global_buffer_overflow
usr.bin/c++/t_asan_global_buffer_overflow:global_buffer_overflow_pic
usr.bin/c++/t_asan_global_buffer_overflow:global_buffer_overflow_pie
usr.bin/c++/t_asan_heap_overflow:heap_overflow
usr.bin/c++/t_asan_heap_overflow:heap_overflow_pic
usr.bin/c++/t_asan_heap_overflow:heap_overflow_pie
usr.bin/c++/t_asan_off_by_one:off_by_one
usr.bin/c++/t_asan_off_by_one:off_by_one_pic
usr.bin/c++/t_asan_off_by_one:off_by_one_pie
usr.bin/c++/t_asan_poison:poison
usr.bin/c++/t_asan_poison:poison_pic
usr.bin/c++/t_asan_poison:poison_pie
usr.bin/c++/t_asan_uaf:uaf
usr.bin/c++/t_asan_uaf:uaf_pic
usr.bin/c++/t_asan_uaf:uaf_pie
usr.bin/cc/t_asan_global_buffer_overflow:global_buffer_overflow
usr.bin/cc/t_asan_global_buffer_overflow:global_buffer_overflow_pic
usr.bin/cc/t_asan_global_buffer_overflow:global_buffer_overflow_pie
usr.bin/cc/t_asan_heap_overflow:heap_overflow
usr.bin/cc/t_asan_heap_overflow:heap_overflow_pic
usr.bin/cc/t_asan_heap_overflow:heap_overflow_pie
usr.bin/cc/t_asan_off_by_one:off_by_one
usr.bin/cc/t_asan_off_by_one:off_by_one_pic
usr.bin/cc/t_asan_off_by_one:off_by_one_pie
usr.bin/cc/t_asan_poison:poison
usr.bin/cc/t_asan_poison:poison_pic
usr.bin/cc/t_asan_poison:poison_pie
usr.bin/cc/t_asan_uaf:uaf
usr.bin/cc/t_asan_uaf:uaf_pic
usr.bin/cc/t_asan_uaf:uaf_pie
These are all still failing as of source date 2021.06.27.13.59.29:
http://releng.netbsd.org/b5reports/i386/2021/2021.06.27.13.59.29/test.html#failed-tcs-summary
The failures started during the period of build breakage between
2020.09.11.06.08.10 and 2020.09.12.12.39.28, which included the commit
whereby i386 was switched to use gcc 9:
2020.09.12.08.31.39 mrg src/share/mk/bsd.own.mk,v 1.1209
>How-To-Repeat:
Run the ATF tests on i386.
>Fix:
--
Andreas Gustafsson, gson@gson.org
>Release-Note:
>Audit-Trail:
From: matthew green <mrg@eterna.com.au>
To: gnats-bugs@netbsd.org
Cc: port-i386-maintainer@netbsd.org, gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org
Subject: re: port-i386/56280: Many asan tests are failing on i386
Date: Mon, 28 Jun 2021 18:07:26 +1000
this is odd. the test tries to write beyond the length
of an array, but it gets a segv while trying to load
stuff from the shadow i guess:
Dump of assembler code for function foo:
0x08048a08 <+0>: push %ebp
0x08048a09 <+1>: mov %esp,%ebp
0x08048a0b <+3>: push %ebx
0x08048a0c <+4>: sub $0x4,%esp
0x08048a0f <+7>: mov 0x8(%ebp),%eax
0x08048a12 <+10>: shl $0x2,%eax
0x08048a15 <+13>: add $0x8049180,%eax
0x08048a1a <+18>: mov %eax,%edx
0x08048a1c <+20>: shr $0x3,%edx
0x08048a1f <+23>: add $0x20000000,%edx
=> 0x08048a25 <+29>: movzbl (%edx),%edx
so the segv occurs before asan is able to detect the
the write and complain normally.
this occurs on amd64 with cc -m32 too. the minimal
version of the test is:
#include <stdio.h>
int arr[5] = {-1};
void foo(int index) { arr[index] = 0; }
int main(int argc, char **argv) {foo(argc + 5); printf("CHECK\n"); return 0;}
and compile with -fsanitize=address on i386, or with
-m32 on amd64.
.mrg.
From: matthew green <mrg@eterna.com.au>
To: gnats-bugs@netbsd.org
Cc: port-i386-maintainer@netbsd.org, gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org
Subject: re: port-i386/56280: Many asan tests are failing on i386
Date: Mon, 28 Jun 2021 18:43:44 +1000
surprisingly simple to "fix" below. probably, this needs
to be made configureable by the platform code, rather than
assuming 0x2000000 is right (we use 0x40000000 mostly for
32 bit ports), or perhaps adjusting the asan code to use
0x20000000 for netbsd/i386.
.mrg.
Index: gcc/config/i386/i386.c
===================================================================
RCS file: /cvsroot/src/external/gpl3/gcc/dist/gcc/config/i386/i386.c,v
retrieving revision 1.24
diff -p -u -r1.24 i386.c
--- gcc/config/i386/i386.c 11 Apr 2021 00:02:13 -0000 1.24
+++ gcc/config/i386/i386.c 28 Jun 2021 08:41:44 -0000
@@ -1399,7 +1399,7 @@ ix86_asan_shadow_offset (void)
{
return TARGET_LP64 ? (TARGET_MACHO ? (HOST_WIDE_INT_1 << 44)
: HOST_WIDE_INT_C (0x7fff8000))
- : (HOST_WIDE_INT_1 << 29);
+ : (HOST_WIDE_INT_1 << 30);
}
/* Argument support functions. */
From: "matthew green" <mrg@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/56280 CVS commit: src/external/gpl3/gcc/dist/gcc/config/i386
Date: Sun, 11 Jul 2021 22:41:39 +0000
Module Name: src
Committed By: mrg
Date: Sun Jul 11 22:41:39 UTC 2021
Modified Files:
src/external/gpl3/gcc/dist/gcc/config/i386: i386.c i386.h netbsd-elf.h
netbsd64.h
Log Message:
define a X86_32_ASAN_BIT_OFFSET macro that defaults differently on
netbsd/i386 than other x86-32 targets.
fixes PR#56280.
To generate a diff of this commit:
cvs rdiff -u -r1.24 -r1.25 src/external/gpl3/gcc/dist/gcc/config/i386/i386.c
cvs rdiff -u -r1.14 -r1.15 src/external/gpl3/gcc/dist/gcc/config/i386/i386.h \
src/external/gpl3/gcc/dist/gcc/config/i386/netbsd-elf.h \
src/external/gpl3/gcc/dist/gcc/config/i386/netbsd64.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Responsible-Changed-From-To: port-i386-maintainer->mrg
Responsible-Changed-By: mrg@NetBSD.org
Responsible-Changed-When: Sun, 11 Jul 2021 23:02:17 +0000
Responsible-Changed-Why:
i probably fixed it.
State-Changed-From-To: open->feedback
State-Changed-By: mrg@NetBSD.org
State-Changed-When: Sun, 11 Jul 2021 23:02:17 +0000
State-Changed-Why:
probably fixed.
State-Changed-From-To: feedback->closed
State-Changed-By: gson@NetBSD.org
State-Changed-When: Mon, 12 Jul 2021 06:49:11 +0000
State-Changed-Why:
Confirmed fixed, thanks!
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.