From owner-freebsd-arm@FreeBSD.ORG Thu Jan 9 21:40:03 2014 Return-Path: Delivered-To: freebsd-arm@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 035EAFD3 for ; Thu, 9 Jan 2014 21:40:03 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id CED6611B3 for ; Thu, 9 Jan 2014 21:40:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id s09Le2SR037916 for ; Thu, 9 Jan 2014 21:40:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id s09Le2Iu037915; Thu, 9 Jan 2014 21:40:02 GMT (envelope-from gnats) Resent-Date: Thu, 9 Jan 2014 21:40:02 GMT Resent-Message-Id: <201401092140.s09Le2Iu037915@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-arm@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Guy Yur Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0E29AE8B for ; Thu, 9 Jan 2014 21:37:56 +0000 (UTC) Received: from mail-ea0-x230.google.com (mail-ea0-x230.google.com [IPv6:2a00:1450:4013:c01::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 9A5951191 for ; Thu, 9 Jan 2014 21:37:55 +0000 (UTC) Received: by mail-ea0-f176.google.com with SMTP id h14so1706578eaj.35 for ; Thu, 09 Jan 2014 13:37:54 -0800 (PST) Received: from vm8.localdomain ([188.120.155.236]) by mx.google.com with ESMTPSA id a45sm9126608eem.6.2014.01.09.13.37.51 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 09 Jan 2014 13:37:53 -0800 (PST) Received: by vm8.localdomain (sSMTP sendmail emulation); Thu, 09 Jan 2014 23:37:21 +0200 Message-Id: <52cf16b1.45b00e0a.3aa5.ffff8053@mx.google.com> Date: Thu, 09 Jan 2014 23:37:21 +0200 From: Guy Yur To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.114 Subject: arm/185617: 10.0-RC1, armv6: "pfctl -s state" crashes on BeagleBone Black due to unaligned access X-BeenThere: freebsd-arm@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: Guy Yur List-Id: "Porting FreeBSD to ARM processors." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jan 2014 21:40:03 -0000 >Number: 185617 >Category: arm >Synopsis: 10.0-RC1, armv6: "pfctl -s state" crashes on BeagleBone Black due to unaligned access >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-arm >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jan 09 21:40:02 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Guy Yur >Release: FreeBSD 10.0-RC1 arm >Organization: >Environment: System: FreeBSD bbb.localdomain 10.0-RC1 FreeBSD 10.0-RC1 #1 r259250M: Thu Dec 12 22:54:08 IST 2013 root@vm8.localdomain:/usr/obj/arm.armv6/usr/src/sys/BBB arm >Description: I am running 10.0-RC1 arm.armv6 on the BeagleBone Black. The "pfctl -s state" command is crashing when trying to print the second entry. struct pfsync_state has a size that is not divisiable by 4 leading to the second entry in the returned state array not being aligned. This is fine when accessing the entry as a struct pfsync_state pointer since the struct has the __packed attribute and on arm unaligned access will be used. When print_host is called it receives a pf_addr struct pointer &nk->addr[1] which is not aligned on 4 bytes for the second entry and since the struct is not __packed it will be accessed using word load instructions which will trigger an unaligned access fault and pfctl will exit with bus error. (gdb) bt #0 print_host (addr=0x2085a11a, port=7660, af=2 '\002', opts=1024) at /usr/src/sbin/pfctl/pf_print_state.c:178 #1 0x00021c4c in print_state (s=0x2085a0f2, opts=1024) at /usr/src/sbin/pfctl/pf_print_state.c:236 #2 0x0000c664 in pfctl_show_states (dev=, iface=0x0, opts=1024) at /usr/src/sbin/pfctl/pfctl.c:1095 sizeof(struct pfsync_state_key) is 36 sizeof(struct pfsync_state_peer) is 32 sizeof(struct pf_addr) is 16 sizeof(struct pfsync_state) is 242 >How-To-Repeat: pf running on an arm host, make sure there is more than one active connection. Run: pfctl -s state >Fix: A quick workaround is for print_state to copy the pf_addr in pfsync_state_key to a pf_addr struct on the stack and pass it to print_host. Another possibility is to make sure pfsync_state is aligned on at least 4 bytes (8 preferred for the u_int64_t id) or create a new aligned struct for the DIOCGETSTATE and DIOCGETSTATES ioctls to separate between the pfsync_state as protocol data and the info returned by the ioctls. Changing pfsync_state size will break KBI and the pfsync protocol. >Release-Note: >Audit-Trail: >Unformatted: