Date: Tue, 24 Dec 2013 21:05:38 +0200 From: Guy Yur <guyyur@gmail.com> To: FreeBSD-gnats-submit@freebsd.org Subject: arm/185165: net/mpd5 crashes in NgMkSockNode due to stack alignment on ARM EABI Message-ID: <52b9db0f.c6310f0a.32b1.ffffd436@mx.google.com> Resent-Message-ID: <201312241910.rBOJA0FO077076@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 185165
>Category: arm
>Synopsis: net/mpd5 crashes in NgMkSockNode due to stack alignment on ARM EABI
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-arm
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Dec 24 19:10:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Guy Yur
>Release: FreeBSD 10.0-RC1 arm
>Organization:
>Environment:
System: FreeBSD bbb.localdomain 10.0-RC1 FreeBSD 10.0-RC1 #1 r259250M: Thu Dec 12 22:54:08 IST 2013 root@vm8.localdomain:/usr/obj/arm.armv6/usr/src/sys/BBB arm
>Description:
I am running 10.0-RC1 on the BeagleBone Black and the net/mpd5 port is
crashing in libnetgraph NgMkSockNode due to stack alignment.
10.0-RC1 World and kernel were compiled in a VirtualBox VM
running 9.2-RELEASE-p2 i386.
clang and ARM_EABI used as the default make options.
Added prints in NgMkSockNode show rbuf is aligned on 2-byte and not 4-byte which is needed to access ni->id (a uint32_t).
ni = 0xbfffe87a
rbuf = 0xbfffe842
sizeof(resp->header) = 56
(gdb) bt
#0 0x201529a0 in NgMkSockNode (name=<value optimized out>, csp=0xbfffe95c,
dsp=0xbfffe958) at /usr/src/lib/libnetgraph/sock.c:134
#1 0x00037b9c in MppcTestCap () at ccp_mppc.c:754
#2 0x0007c1f4 in main (ac=4, av=0xbfffeb90) at main.c:248
#3 0x0000d1b0 in __start (argc=4, argv=0xbfffeb90, env=0xbfffeba4,
ps_strings=<value optimized out>, obj=<value optimized out>,
cleanup=<value optimized out>) at /usr/src/lib/csu/arm/crt1.c:115
#4 0x203e9dc0 in _thr_ast (curthread=0x200fd000)
at /usr/src/lib/libthr/thread/thr_sig.c:265
Putting rbuf in a union with struct ng_mesg sorted the alignment to 4-byte and mpd5 didn't crash.
I attached the changes I used to test mpd5 doesn't crash with correct alignment.
>How-To-Repeat:
Install and run the net/mpd5 port on arm using ARM EABI.
>Fix:
--- sock-NgMkSockNode.patch begins here ---
Index: lib/libnetgraph/sock.c
===================================================================
--- lib/libnetgraph/sock.c (revision 259250)
+++ lib/libnetgraph/sock.c (working copy)
@@ -111,9 +111,12 @@
/* Save node name */
strlcpy(namebuf, name, sizeof(namebuf));
} else if (dsp != NULL) {
- u_char rbuf[sizeof(struct ng_mesg) + sizeof(struct nodeinfo)];
- struct ng_mesg *const resp = (struct ng_mesg *) rbuf;
- struct nodeinfo *const ni = (struct nodeinfo *) resp->data;
+ union {
+ u_char rbuf[sizeof(struct ng_mesg) +
+ sizeof(struct nodeinfo)];
+ struct ng_mesg res;
+ } res;
+ struct nodeinfo *const ni = (struct nodeinfo *) res.res.data;
/* Find out the node ID */
if (NgSendMsg(cs, ".", NGM_GENERIC_COOKIE,
@@ -123,7 +126,7 @@
NGLOG("send nodeinfo");
goto errout;
}
- if (NgRecvMsg(cs, resp, sizeof(rbuf), NULL) < 0) {
+ if (NgRecvMsg(cs, &res.res, sizeof(res.rbuf), NULL) < 0) {
errnosv = errno;
if (_gNgDebugLevel >= 1)
NGLOG("recv nodeinfo");
--- sock-NgMkSockNode.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52b9db0f.c6310f0a.32b1.ffffd436>