NetBSD Problem Report #59111

From mlelstv@arnold.1st.de  Fri Feb 28 07:37:58 2025
Return-Path: <mlelstv@arnold.1st.de>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits)
	 client-signature RSA-PSS (2048 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 357361A923A
	for <gnats-bugs@gnats.NetBSD.org>; Fri, 28 Feb 2025 07:37:58 +0000 (UTC)
Message-Id: <20250228073658.28DCFBC161@arnold.1st.de>
Date: Fri, 28 Feb 2025 08:36:58 +0100 (CET)
From: mlelstv@netbsd.org
Reply-To: mlelstv@netbsd.org
To: gnats-bugs@NetBSD.org
Subject: keepassxc segfaults on aarch64
X-Send-Pr-Version: 3.95

>Number:         59111
>Category:       pkg
>Synopsis:       keepassc segfaults on aarch64
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Feb 28 07:40:00 +0000 2025
>Last-Modified:  Fri Feb 28 10:40:02 +0000 2025
>Originator:     Michael van Elst
>Release:        NetBSD 10.99.12
>Organization:

>Environment:


System: NetBSD arnold 10.99.12 NetBSD 10.99.12 (EGGHED64) #0: Fri Feb 28 06:10:23 UTC 2025 mlelstv@slowpoke:/home/netbsd-current/obj.evbarm64-el/scratch/netbsd-current/src/sys/arch/evbarm/compile/EGGHED64 evbarm
Architecture: aarch64
Machine: evbarm
>Description:
Running keepassxc from pkgsrc-2024Q4 crashes immediately with a segfault.

Reading symbols from /usr/pkg/bin/keepassxc...
(No debugging symbols found in /usr/pkg/bin/keepassxc)
[New process 3889]
[New process 307]
[New process 306]
Core was generated by `keepassxc'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000f2d86370e638 in Botan::OS::get_auxval(unsigned long) ()
--Type <RET> for more, q to quit, c to continue without paging--c
   from /usr/pkg/lib/libbotan-3.so.6
[Current thread is 1 (process 3889)]
(gdb) bt
#0  0x0000f2d86370e638 in Botan::OS::get_auxval(unsigned long) ()
   from /usr/pkg/lib/libbotan-3.so.6
#1  0x0000f2d86370247c in Botan::CPUID::CPUID_Data::detect_cpu_features(unsigned int) () from /usr/pkg/lib/libbotan-3.so.6


This is caused by libbotan from botan3-3.6.1nb2. It tries to identify
CPU features by searching the auxinfo vector for AT_HWCAP (something
we do not provide) with this function:

unsigned long OS::get_auxval(unsigned long id) {
#if defined(BOTAN_TARGET_OS_HAS_GETAUXVAL)
   return ::getauxval(id);
#elif defined(BOTAN_TARGET_OS_HAS_ELF_AUX_INFO)
   unsigned long auxinfo = 0;
   ::elf_aux_info(static_cast<int>(id), &auxinfo, sizeof(auxinfo));
   return auxinfo;
#elif defined(BOTAN_TARGET_OS_HAS_AUXINFO)
   for(const AuxInfo* auxinfo = static_cast<AuxInfo*>(::_dlauxinfo()); auxinfo !
= AT_NULL; ++auxinfo) {
      if(id == auxinfo->a_type)
         return auxinfo->a_v;
   }

   return 0;
#else
   BOTAN_UNUSED(id);
   return 0;
#endif
}  

The build uses the BOTAN_TARGET_OS_HAS_AUXINFO case. You can see
that it scans the auxinfo vector for an entry and it runs over
the end and finally crashes when it reaches an unmapped page.

A fix here is not really sufficient. The detect_cpu_features
function relies on auxinfo data as soon as BOTAN_TARGET_OS_HAS_ELF_AUX_INFO
is defined:

bool OS::has_auxval() {
#if defined(BOTAN_TARGET_OS_HAS_GETAUXVAL)
   return true;
#elif defined(BOTAN_TARGET_OS_HAS_ELF_AUX_INFO)
   return true;
#elif defined(BOTAN_TARGET_OS_HAS_AUXINFO)
   return true;
#else
   return false;
#endif
}

It will then not enable any hardware acceleration when no
Linux compatible AT_HWCAP entry is found.

If botan is built without any auxval support, it will fall back
to code that probes various CPU instructions.

>How-To-Repeat:
Run keepassxc from pkgsrc-2024Q4 on aarch64.
>Fix:


>Audit-Trail:
From: Thomas Klausner <wiz@NetBSD.org>
To: NetBSD bugtracking <gnats-bugs@NetBSD.org>
Cc: 
Subject: Re: pkg/59111: keepassxc segfaults on aarch64
Date: Fri, 28 Feb 2025 11:38:21 +0100

 I wanted to forward this upstream, since that is (I think) the proper
 place to report this, but I noticed that they changed the code since
 3.6.1, see e.g. https://github.com/randombit/botan/pull/4471/files

 Can you please retry with wip/botan3-git, which packages the current
 HEAD of botan3 upstream, and if it's still broken, file a bug report
 upstream?

 When you want to try a newer version, updating the git hash in
 botan3-git/Makefile.common and 'make mdi' should be all you need to
 do.

 Thank you,
  Thomas

>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2025 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.