wikisrc/users/leot/aarch64_problems.mdwn - diff

Return to aarch64_problems.mdwn CVS log

Up to [NetBSD Developer Wiki] / wikisrc / users / leot

Diff for /wikisrc/users/leot/aarch64_problems.mdwn between versions 1.4 and 1.11

-version 1.4, 2018/06/28 09:10:49
+version 1.11, 2018/07/31 22:22:28
  Line 4  Here a list of possible problems of NetB
  investigation in order to write proper PR or better yet to fix them!
- ## `mpv` and NetBSD crashes
+ ## `mpv` SIGSEGVs (strnlen(s, (size_t)-1) always returns -1)
  Just by invoking `mpv` via:
-     $ mpv
+     % mpv
- It is possible to completely crash NetBSD on aarch64. Investigate why and if
+ It SEGV as follows:
- possible get a complete backtrace.
- (Is it PaX MPROTECT related?)
+     % mpv
+     /usr/pkg/lib/ffmpeg4/libavcodec.so.58: text relocations
+     mpv 0.29.0 Copyright © 2000-2018 mpv/MPlayer/mplayer2 projects
+      built on Sat Jul 28 21:02:57 CEST 2018
+     ffmpeg library versions:
+        libavutil       56.14.100
+        libavcodec      58.18.100
+        libavformat     58.12.100
+        libswscale      5.1.100
+        libavfilter     7.16.100
+        libswresample   3.1.100
+     ffmpeg version: 4.0.2
+     Usage:   mpv [options] [url|path/]filename
+     Basic options:
+      --start=<time>    seek to given (percent, seconds, or hh:mm:ss) position
+      --no-audio        do not play sound
+      --no-video        do not play video
+      --fs              fullscreen playback
+      --sub-file=<file> specify subtitle file to use
+      --playlist=<file> specify playlist file
+      --list-options    list all mpv options
+      --h=<string>      print options which contain the given string in their name
+     [1]   Segmentation fault (core dumped) /usr/pkg/bin/mpv...
+     % gdb -core mpv.core /usr/pkg/bin/mpv
+     Reading symbols from /usr/pkg/bin/mpv...done.
+     [New process 5]
+     [New process 6]
+     [New process 4]
+     [New process 3]
+     [New process 2]
+     [New process 1]
+     Core was generated by `mpv'.
+     Program terminated with signal SIGSEGV, Segmentation fault.
+     #0  0x0000f96f727f40b0 in memcpy () from /usr/lib/libc.so.12
+     [Current thread is 1 (process 5)]
+     (gdb) bt
+     #0  0x0000f96f727f40b0 in memcpy () from /usr/lib/libc.so.12
+     #1  0x00000002001cba34 in __memcpy_ichk (len=18446744073709551615, src=0xf96f6e10fec0, dst=<optimized out>)
+         at /usr/include/ssp/string.h:82
+     #2  strndup_append_at (str=str@entry=0xf96f6f4ff348, at=0, append=0xf96f6e10fec0 "speed", append_len=<optimized out>,
+         append_len@entry=18446744073709551615) at ../ta/ta_utils.c:113
+     #3  0x00000002001cbea4 in ta_strdup_append_buffer (str=str@entry=0xf96f6f4ff348, a=<optimized out>) at ../ta/ta_utils.c:165
+     #4  0x00000002001cb7b8 in ta_talloc_strdup_append_buffer (s=<optimized out>, s@entry=0x0, a=<optimized out>) at ../ta/ta_talloc.c:31
+     #5  0x0000000200157eec in print_str_list (opt=<optimized out>, src=<optimized out>) at ../options/m_option.c:1477
+     [...]
+ This happens because `strnlen(s, (size_t)-1)`, always returns -1, e.g.:
+     % cat strnlen_size_max.c
+     #include <stdio.h>
+     #include <string.h>
+     int
+     main(int argc, char *argv[])
+     {
+         int i;
+         for (i = 1; i < argc; i++) {
+                 printf("strnlen(\"%s\", (size_t)-1) -> %ld\n",
+                     argv[i], strnlen(argv[i], ~(size_t)0));
+         }
+         return 0;
+     }
+     % gcc -Wall strnlen_size_max.c
+     % ./a.out foo
+     strnlen("foo", (size_t)-1) -> -1
+ (This should returns 3, not -1!)
+ The following patch workaround the mpv problem by avoiding all
+ `strnlen(s, (size_t)-1)` calls (and just using strlen() instead):
+     $NetBSD$
+     Avoid to directly call:
+      strnlen(s, (size_t)-1)
+     because on aarch64 ATM it (incorrectly) always returns -1 (also
+     when s is a string with less than SIZE_MAX characters).
+     Add a kludge in order to use strlen() in these cases.
+     --- ta/ta_utils.c.orig      2018-07-31 21:45:47.492269366 +0000
+     +++ ta/ta_utils.c
+     @@ -98,7 +98,11 @@ static bool strndup_append_at(char **str
+          if (!*str && !append)
+              return true; // stays NULL, but not an OOM condition
+     -    size_t real_len = append ? strnlen(append, append_len) : 0;
+     +    size_t real_len = append ?
+     +   append_len == (size_t)-1 ?
+     +      strlen(append) :
+     +      strnlen(append, append_len) :
+     +   0;
+          if (append_len > real_len)
+              append_len = real_len;
  ## Python `import requests` SIGILLs
  Doing a (please note that also `python36` is affected):
- Line 22  Doing a (please note that also `python36
+ Line 122  Doing a (please note that also `python36
      Illegal instruction (core dumped)
      Exit 132
- leads to a SIGILL. Trying to reduce the test case this also happens with just a:
+ ...where:
-     $ python2.7 -c 'import OpenSSL'
-     Illegal instruction (core dumped)
-     Exit 132
- Trying to debug this a bit further we can see:
-     % cat asi.py
-     import OpenSSL
-     % python2.7 -m trace --trace asi.py
-     [...]
-     binding.py(88):     for attr in dir(lib):
-     binding.py(89):         if attr not in excluded_names:
-     binding.py(90):             setattr(conditional_lib, attr, getattr(lib, attr))
-     binding.py(88):     for attr in dir(lib):
-     binding.py(89):         if attr not in excluded_names:
-     binding.py(90):             setattr(conditional_lib, attr, getattr(lib, attr))
-     binding.py(88):     for attr in dir(lib):
-     binding.py(89):         if attr not in excluded_names:
-     binding.py(90):             setattr(conditional_lib, attr, getattr(lib, attr))
-     binding.py(88):     for attr in dir(lib):
-     binding.py(92):     return conditional_lib
-     binding.py(126):                 cls._lib_loaded = True
-     binding.py(128):                 cls.lib.SSL_library_init()
-     Illegal instruction (core dumped)
-     Exit 132
- Please also note that this problem seems limited to `OpenSSL`, `ssl` module
+     % gdb -core python2.7.core `which python2.7`
- works.
+     Reading symbols from /usr/pkg/bin/python2.7...(no debugging symbols found)...done.
+     [New process 1]
+     Core was generated by `python2.7'.
+     Program terminated with signal SIGILL, Illegal instruction.
+     #0  0x0000f42f5fd00000 in ?? ()
+     (gdb) bt 5
+     #0  0x0000f42f5fd00000 in ?? ()
+     #1  0x0000f42f5fd0a3d0 in restore_errno_only () at c/misc_thread_common.h:43
+     #2  0x0000f42f5fbf0f90 in _cffi_f_SSL_library_init (self=<optimized out>, noarg=<optimized out>)
+         at build/temp.netbsd-8.99.22-evbarm-2.7/_openssl.c:51839
+     #3  0x0000f42f617606ac in PyEval_EvalFrameEx () from /usr/pkg/lib/libpython2.7.so.1.0
+     #4  0x0000f42f6175e5c0 in PyEval_EvalCodeEx () from /usr/pkg/lib/libpython2.7.so.1.0
+     (More stack frames follow...)
+     (gdb) f 2
+     #2  0x0000f42f5fbf0f90 in _cffi_f_SSL_library_init (self=<optimized out>, noarg=<optimized out>)
+         at build/temp.netbsd-8.99.22-evbarm-2.7/_openssl.c:51839
+     warning: Source file is more recent than executable.
+    _cffi_restore_errno();
+     (gdb) list
+  _cffi_f_SSL_library_init(PyObject *self, PyObject *noarg)
+  {
+    int result;
+    Py_BEGIN_ALLOW_THREADS
+    _cffi_restore_errno();
+    { result = SSL_library_init(); }
+    _cffi_save_errno();
+    Py_END_ALLOW_THREADS
+     (gdb) f 1
+     #1  0x0000f42f5fd0a3d0 in restore_errno_only () at c/misc_thread_common.h:43
+     static void restore_errno_only(void) { errno = cffi_saved_errno; }
+     (gdb) list
+        syntactically valid to use "__thread" with this C compiler. */
+     #ifdef USE__THREAD
+     static __thread int cffi_saved_errno = 0;
+     static void save_errno_only(void) { cffi_saved_errno = errno; }
+     static void restore_errno_only(void) { errno = cffi_saved_errno; }
+     #else
+     static void save_errno_only(void)
+     (gdb) disas
+     Dump of assembler code for function restore_errno_only:
+x0000f42f5fd0a3b0 <+0>:     str     x30, [sp, #-16]!
+x0000f42f5fd0a3b4 <+4>:     bl      0xf42f5fd075c0 <__errno@plt>
+x0000f42f5fd0a3b8 <+8>:     mov     x2, x0
+x0000f42f5fd0a3bc <+12>:    mrs     x1, tpidr_el0
+x0000f42f5fd0a3c0 <+16>:    adrp    x0, 0xf42f5fd34000
+x0000f42f5fd0a3c4 <+20>:    ldr     x3, [x0, #4088]
+x0000f42f5fd0a3c8 <+24>:    add     x0, x0, #0xff8
+x0000f42f5fd0a3cc <+28>:    blr     x3
+     => 0x0000f42f5fd0a3d0 <+32>:    ldr     w0, [x1, x0]
+x0000f42f5fd0a3d4 <+36>:    str     w0, [x2]
+x0000f42f5fd0a3d8 <+40>:    ldr     x30, [sp], #16
+x0000f42f5fd0a3dc <+44>:    ret
+     End of assembler dump.
+     (gdb) info reg
+     x0             0xf42f5fd34ff8   268484308324344
+     x1             0xf42f61875080   268484336898176
+     x2             0xf42f6186c848   268484336863304
+     x3             0xf42f5fd00000   268484308107264
+     x4             0xf42f5ff3c0b8   268484310450360
+     x5             0xf42f60000570   268484311254384
+     x6             0x65000000000000 28428972647776256
+     x7             0x65     101
+     x8             0xf42f6185e000   268484336803840
+     x9             0xf42f6185e668   268484336805480
+     x10            0xf42f6185e668   268484336805480
+     x11            0x1      1
+     x12            0x30     48
+     x13            0xffffff9264f0   281474969527536
+     x14            0x65     101
+     x15            0x3      3
+     x16            0xf42f615bd730   268484334049072
+     x17            0xf42f615ec2c8   268484334240456
+     x18            0xf42f615ca1a0   268484334100896
+     x19            0xf42f5fc9cea8   268484307701416
+     x20            0xf42f5fd9c3c0   268484308747200
+     x21            0xf42f61307090   268484331204752
+     x22            0xf42f5fcd38e8   268484307925224
+     x23            0xf42f5fcd10a0   268484307914912
+     x24            0xf42f5fb8c5a8   268484306585000
+     x25            0xf42f5fd9c3c0   268484308747200
+     x26            0xf42f5fbf0f70   268484306997104
+     x27            0xf42f5fdd467e   268484308977278
+     x28            0xf42f61307090   268484331204752
+     x29            0x0      0
+     x30            0xf42f5fd0a3d0   268484308149200
+     sp             0xffffff926760   0xffffff926760
+     pc             0xf42f5fd0a3d0   0xf42f5fd0a3d0 <restore_errno_only+32>
+     cpsr           0x60000000       [ EL=0 C Z ]
+     fpsr           0x3000000        50331648
+     fpcr           0x10     16
+     (gdb) quit
+ ...and `_cffi_restore_errno` and `_cffi_save_errno` are defined in
+ `cffi/_cffi_include.h` as follows:
+     #define _cffi_restore_errno                                              \
+         ((void(*)(void))_cffi_exports[13])
+     #define _cffi_save_errno                                                 \
+         ((void(*)(void))_cffi_exports[14])
+ Since py-cffi-1.11.5nb1 a kludge to workaround the issue is present (by
+ disabling __thread).
+ ## polkitd crashes
+     pinebook# /usr/pkg/lib/polkit-1/polkitd
+     Successfully changed to user polkitd
+     Error loading /var/run/ConsoleKit/database: Error statting file /var/run/ConsoleKit/database: No such file or directory[1]   Segmentation fault      /usr/pkg/lib/polkit-1/polkitd

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb

Removed from v.1.4
changed lines
	Added in v.1.11