NetBSD Problem Report #56380

From www@netbsd.org  Mon Aug 30 01:11:08 2021
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 020D01A9239
	for <gnats-bugs@gnats.NetBSD.org>; Mon, 30 Aug 2021 01:11:08 +0000 (UTC)
Message-Id: <20210830011106.5F1CE1A923A@mollari.NetBSD.org>
Date: Mon, 30 Aug 2021 01:11:06 +0000 (UTC)
From: rokuyama.rk@gmail.com
Reply-To: rokuyama.rk@gmail.com
To: gnats-bugs@NetBSD.org
Subject: Userland process randomly crashes with PAX_ASLR=0 on arm926ej-s
X-Send-Pr-Version: www-1.0

>Number:         56380
>Category:       port-arm
>Synopsis:       Userland process randomly crashes with PAX_ASLR=0 on arm926ej-s
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-arm-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Aug 30 01:15:00 +0000 2021
>Last-Modified:  Mon Aug 30 01:30:03 +0000 2021
>Originator:     Rin Okuyama
>Release:        9.99.88
>Organization:
Department of Physics, Meiji University
>Environment:
NetBSD kbpro 9.99.88 NetBSD 9.99.88 (KBPRO_EB) #26: Sat Aug 28 11:01:35 JST 2021  rin@latipes:/sys/arch/evbarm/compile/KBPRO_EB evbarm
>Description:
Userland processes sometimes crash due to SIGSEGV on arm926ej-s (v5TEJ),
if PAX_ASLR=0 option is enabled for kernel. When and which process crashes
seems almost random. And where (in the text) it crashes also seems random.
This occurs both in little- and big-endian modes.

If PAX_ASLR is disabled, or set to 1, everything works just fine (at least
for ~ one week of uptime).

Also, for i80219 (xscale/v5TE), crashes have never been observed even if
PAX_ASLR=0 is specified.

dmesg's of these machines are uploaded:

* arm926ej-s (affected) https://dmesgd.nycbug.org/index.cgi?do=view&id=6246

| cpu0 at mainbus0 core 0: ARM926EJ-S rev 0 (ARM9EJ-S V5TEJ core)
| cpu0: DC enabled IC enabled WB enabled LABT
| cpu0: 32KB/32B 1-way L1 VIVT Instruction cache
| cpu0: 32KB/32B 1-way write-back-locking-C L1 VIVT Data cache

* i80219 (NOT affected) https://dmesgd.nycbug.org/index.cgi?do=view&id=6139

| cpu0 at mainbus0 core 0: i80219 400MHz step A-0 (XScale V5TE core)
| cpu0: DC enabled IC enabled WB enabled LABT branch prediction enabled
| cpu0: 32KB/32B 32-way L1 VIVT Instruction cache
| cpu0: 32KB/32B 32-way write-back-locking L1 VIVT Data cache

I've found an MI bug for PAX_ASLR=0 (will be committed soon), but
unfortunately, fixing it is not suffice.
>How-To-Repeat:
Boot kernel with PAX_ASLR=0 on KUROBOX_PRO.

Userland process sometimes crashes during multi-user boot, sometimes
building some pkgsrc.
>Fix:
N/A

>Audit-Trail:
From: "Rin Okuyama" <rin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/56380 CVS commit: src/sys/kern
Date: Mon, 30 Aug 2021 01:25:10 +0000

 Module Name:	src
 Committed By:	rin
 Date:		Mon Aug 30 01:25:10 UTC 2021

 Modified Files:
 	src/sys/kern: kern_pax.c

 Log Message:
 Respect alignment requests of executable when PAX_ASLR is enabled on
 kernel, but disabled for the process, as in the same manner as PAX_ASLR
 is disabled; see pax_aslr_exec_offset() for !PAX_ASLR in sys/sys/pax.h.

 This is a regression introduced in kern_pax.c rev 1.58:
 http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/kern/kern_pax.c#rev1.58

 Part of PR port-arm/56380 but unfortunately this does not fix the
 problem described in the PR...


 To generate a diff of this commit:
 cvs rdiff -u -r1.61 -r1.62 src/sys/kern/kern_pax.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: "Rin Okuyama" <rin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/56380 CVS commit: src/sys/arch/evbarm/conf
Date: Mon, 30 Aug 2021 01:29:41 +0000

 Module Name:	src
 Committed By:	rin
 Date:		Mon Aug 30 01:29:41 UTC 2021

 Modified Files:
 	src/sys/arch/evbarm/conf: KUROBOX_PRO

 Log Message:
 PR port-arm/56380

 Disable PAX_ASLR for now, until the problem is fixed.


 To generate a diff of this commit:
 cvs rdiff -u -r1.14 -r1.15 src/sys/arch/evbarm/conf/KUROBOX_PRO

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.