NetBSD Problem Report #56380
From www@netbsd.org Mon Aug 30 01:11:08 2021
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 020D01A9239
for <gnats-bugs@gnats.NetBSD.org>; Mon, 30 Aug 2021 01:11:08 +0000 (UTC)
Message-Id: <20210830011106.5F1CE1A923A@mollari.NetBSD.org>
Date: Mon, 30 Aug 2021 01:11:06 +0000 (UTC)
From: rokuyama.rk@gmail.com
Reply-To: rokuyama.rk@gmail.com
To: gnats-bugs@NetBSD.org
Subject: Userland process randomly crashes with PAX_ASLR=0 on arm926ej-s
X-Send-Pr-Version: www-1.0
>Number: 56380
>Category: port-arm
>Synopsis: Userland process randomly crashes with PAX_ASLR=0 on arm926ej-s
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: port-arm-maintainer
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Aug 30 01:15:00 +0000 2021
>Last-Modified: Mon Aug 30 01:30:03 +0000 2021
>Originator: Rin Okuyama
>Release: 9.99.88
>Organization:
Department of Physics, Meiji University
>Environment:
NetBSD kbpro 9.99.88 NetBSD 9.99.88 (KBPRO_EB) #26: Sat Aug 28 11:01:35 JST 2021 rin@latipes:/sys/arch/evbarm/compile/KBPRO_EB evbarm
>Description:
Userland processes sometimes crash due to SIGSEGV on arm926ej-s (v5TEJ),
if PAX_ASLR=0 option is enabled for kernel. When and which process crashes
seems almost random. And where (in the text) it crashes also seems random.
This occurs both in little- and big-endian modes.
If PAX_ASLR is disabled, or set to 1, everything works just fine (at least
for ~ one week of uptime).
Also, for i80219 (xscale/v5TE), crashes have never been observed even if
PAX_ASLR=0 is specified.
dmesg's of these machines are uploaded:
* arm926ej-s (affected) https://dmesgd.nycbug.org/index.cgi?do=view&id=6246
| cpu0 at mainbus0 core 0: ARM926EJ-S rev 0 (ARM9EJ-S V5TEJ core)
| cpu0: DC enabled IC enabled WB enabled LABT
| cpu0: 32KB/32B 1-way L1 VIVT Instruction cache
| cpu0: 32KB/32B 1-way write-back-locking-C L1 VIVT Data cache
* i80219 (NOT affected) https://dmesgd.nycbug.org/index.cgi?do=view&id=6139
| cpu0 at mainbus0 core 0: i80219 400MHz step A-0 (XScale V5TE core)
| cpu0: DC enabled IC enabled WB enabled LABT branch prediction enabled
| cpu0: 32KB/32B 32-way L1 VIVT Instruction cache
| cpu0: 32KB/32B 32-way write-back-locking L1 VIVT Data cache
I've found an MI bug for PAX_ASLR=0 (will be committed soon), but
unfortunately, fixing it is not suffice.
>How-To-Repeat:
Boot kernel with PAX_ASLR=0 on KUROBOX_PRO.
Userland process sometimes crashes during multi-user boot, sometimes
building some pkgsrc.
>Fix:
N/A
>Audit-Trail:
From: "Rin Okuyama" <rin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/56380 CVS commit: src/sys/kern
Date: Mon, 30 Aug 2021 01:25:10 +0000
Module Name: src
Committed By: rin
Date: Mon Aug 30 01:25:10 UTC 2021
Modified Files:
src/sys/kern: kern_pax.c
Log Message:
Respect alignment requests of executable when PAX_ASLR is enabled on
kernel, but disabled for the process, as in the same manner as PAX_ASLR
is disabled; see pax_aslr_exec_offset() for !PAX_ASLR in sys/sys/pax.h.
This is a regression introduced in kern_pax.c rev 1.58:
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/kern/kern_pax.c#rev1.58
Part of PR port-arm/56380 but unfortunately this does not fix the
problem described in the PR...
To generate a diff of this commit:
cvs rdiff -u -r1.61 -r1.62 src/sys/kern/kern_pax.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Rin Okuyama" <rin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/56380 CVS commit: src/sys/arch/evbarm/conf
Date: Mon, 30 Aug 2021 01:29:41 +0000
Module Name: src
Committed By: rin
Date: Mon Aug 30 01:29:41 UTC 2021
Modified Files:
src/sys/arch/evbarm/conf: KUROBOX_PRO
Log Message:
PR port-arm/56380
Disable PAX_ASLR for now, until the problem is fixed.
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/sys/arch/evbarm/conf/KUROBOX_PRO
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.