Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 24 Dec 2013 21:05:38 +0200
From:      Guy Yur <guyyur@gmail.com>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   arm/185165: net/mpd5 crashes in NgMkSockNode due to stack alignment on ARM EABI
Message-ID:  <52b9db0f.c6310f0a.32b1.ffffd436@mx.google.com>
Resent-Message-ID: <201312241910.rBOJA0FO077076@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         185165
>Category:       arm
>Synopsis:       net/mpd5 crashes in NgMkSockNode due to stack alignment on ARM EABI
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-arm
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 24 19:10:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Guy Yur
>Release:        FreeBSD 10.0-RC1 arm
>Organization:
>Environment:
System: FreeBSD bbb.localdomain 10.0-RC1 FreeBSD 10.0-RC1 #1 r259250M: Thu Dec 12 22:54:08 IST 2013     root@vm8.localdomain:/usr/obj/arm.armv6/usr/src/sys/BBB  arm


>Description:
I am running 10.0-RC1 on the BeagleBone Black and the net/mpd5 port is
crashing in libnetgraph NgMkSockNode due to stack alignment.

10.0-RC1 World and kernel were compiled in a VirtualBox VM
running 9.2-RELEASE-p2 i386.
clang and ARM_EABI used as the default make options.

Added prints in NgMkSockNode show rbuf is aligned on 2-byte and not 4-byte which is needed to access ni->id (a uint32_t).

ni = 0xbfffe87a
rbuf = 0xbfffe842
sizeof(resp->header) = 56


(gdb) bt
#0  0x201529a0 in NgMkSockNode (name=<value optimized out>, csp=0xbfffe95c,
    dsp=0xbfffe958) at /usr/src/lib/libnetgraph/sock.c:134
#1  0x00037b9c in MppcTestCap () at ccp_mppc.c:754
#2  0x0007c1f4 in main (ac=4, av=0xbfffeb90) at main.c:248
#3  0x0000d1b0 in __start (argc=4, argv=0xbfffeb90, env=0xbfffeba4,
    ps_strings=<value optimized out>, obj=<value optimized out>,
    cleanup=<value optimized out>) at /usr/src/lib/csu/arm/crt1.c:115
#4  0x203e9dc0 in _thr_ast (curthread=0x200fd000)
    at /usr/src/lib/libthr/thread/thr_sig.c:265


Putting rbuf in a union with struct ng_mesg sorted the alignment to 4-byte and mpd5 didn't crash.
I attached the changes I used to test mpd5 doesn't crash with correct alignment.

>How-To-Repeat:
Install and run the net/mpd5 port on arm using ARM EABI.

>Fix:

	

--- sock-NgMkSockNode.patch begins here ---
Index: lib/libnetgraph/sock.c
===================================================================
--- lib/libnetgraph/sock.c	(revision 259250)
+++ lib/libnetgraph/sock.c	(working copy)
@@ -111,9 +111,12 @@
 		/* Save node name */
 		strlcpy(namebuf, name, sizeof(namebuf));
 	} else if (dsp != NULL) {
-		u_char rbuf[sizeof(struct ng_mesg) + sizeof(struct nodeinfo)];
-		struct ng_mesg *const resp = (struct ng_mesg *) rbuf;
-		struct nodeinfo *const ni = (struct nodeinfo *) resp->data;
+		union {
+			u_char rbuf[sizeof(struct ng_mesg) +
+			    sizeof(struct nodeinfo)];
+			struct ng_mesg res;
+		} res;
+		struct nodeinfo *const ni = (struct nodeinfo *) res.res.data;
 
 		/* Find out the node ID */
 		if (NgSendMsg(cs, ".", NGM_GENERIC_COOKIE,
@@ -123,7 +126,7 @@
 				NGLOG("send nodeinfo");
 			goto errout;
 		}
-		if (NgRecvMsg(cs, resp, sizeof(rbuf), NULL) < 0) {
+		if (NgRecvMsg(cs, &res.res, sizeof(res.rbuf), NULL) < 0) {
 			errnosv = errno;
 			if (_gNgDebugLevel >= 1)
 				NGLOG("recv nodeinfo");
--- sock-NgMkSockNode.patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52b9db0f.c6310f0a.32b1.ffffd436>