From guyyur@gmail.com  Tue Dec 24 19:05:54 2013
Return-Path: <guyyur@gmail.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTPS id 0E85F780
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 24 Dec 2013 19:05:54 +0000 (UTC)
Received: from mail-ee0-x22d.google.com (mail-ee0-x22d.google.com [IPv6:2a00:1450:4013:c00::22d])
	(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id 9A6D0187D
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 24 Dec 2013 19:05:53 +0000 (UTC)
Received: by mail-ee0-f45.google.com with SMTP id d49so3024098eek.4
        for <FreeBSD-gnats-submit@freebsd.org>; Tue, 24 Dec 2013 11:05:52 -0800 (PST)
Received: from vm8.localdomain ([37.46.46.133])
        by mx.google.com with ESMTPSA id j46sm57381005eew.18.2013.12.24.11.05.49
        for <FreeBSD-gnats-submit@freebsd.org>
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Tue, 24 Dec 2013 11:05:51 -0800 (PST)
Received: by vm8.localdomain (sSMTP sendmail emulation); Tue, 24 Dec 2013 21:05:38 +0200
Message-Id: <52b9db0f.c6310f0a.32b1.ffffd436@mx.google.com>
Date: Tue, 24 Dec 2013 21:05:38 +0200
From: Guy Yur <guyyur@gmail.com>
Reply-To: Guy Yur <guyyur@gmail.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: net/mpd5 crashes in NgMkSockNode due to stack alignment on ARM EABI
X-Send-Pr-Version: 3.114
X-GNATS-Notify:

>Number:         185165
>Category:       arm
>Synopsis:       [patch] net/mpd5 crashes in NgMkSockNode due to stack alignment on ARM EABI
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    jmg
>State:          patched
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 24 19:10:00 UTC 2013
>Closed-Date:    
>Last-Modified:  Tue Jan  7 23:10:05 UTC 2014
>Originator:     Guy Yur
>Release:        FreeBSD 10.0-RC1 arm
>Organization:
>Environment:
System: FreeBSD bbb.localdomain 10.0-RC1 FreeBSD 10.0-RC1 #1 r259250M: Thu Dec 12 22:54:08 IST 2013     root@vm8.localdomain:/usr/obj/arm.armv6/usr/src/sys/BBB  arm


>Description:
I am running 10.0-RC1 on the BeagleBone Black and the net/mpd5 port is
crashing in libnetgraph NgMkSockNode due to stack alignment.

10.0-RC1 World and kernel were compiled in a VirtualBox VM
running 9.2-RELEASE-p2 i386.
clang and ARM_EABI used as the default make options.

Added prints in NgMkSockNode show rbuf is aligned on 2-byte and not 4-byte which is needed to access ni->id (a uint32_t).

ni = 0xbfffe87a
rbuf = 0xbfffe842
sizeof(resp->header) = 56


(gdb) bt
#0  0x201529a0 in NgMkSockNode (name=<value optimized out>, csp=0xbfffe95c,
    dsp=0xbfffe958) at /usr/src/lib/libnetgraph/sock.c:134
#1  0x00037b9c in MppcTestCap () at ccp_mppc.c:754
#2  0x0007c1f4 in main (ac=4, av=0xbfffeb90) at main.c:248
#3  0x0000d1b0 in __start (argc=4, argv=0xbfffeb90, env=0xbfffeba4,
    ps_strings=<value optimized out>, obj=<value optimized out>,
    cleanup=<value optimized out>) at /usr/src/lib/csu/arm/crt1.c:115
#4  0x203e9dc0 in _thr_ast (curthread=0x200fd000)
    at /usr/src/lib/libthr/thread/thr_sig.c:265


Putting rbuf in a union with struct ng_mesg sorted the alignment to 4-byte and mpd5 didn't crash.
I attached the changes I used to test mpd5 doesn't crash with correct alignment.

>How-To-Repeat:
Install and run the net/mpd5 port on arm using ARM EABI.

>Fix:

	

--- sock-NgMkSockNode.patch begins here ---
Index: lib/libnetgraph/sock.c
===================================================================
--- lib/libnetgraph/sock.c	(revision 259250)
+++ lib/libnetgraph/sock.c	(working copy)
@@ -111,9 +111,12 @@
 		/* Save node name */
 		strlcpy(namebuf, name, sizeof(namebuf));
 	} else if (dsp != NULL) {
-		u_char rbuf[sizeof(struct ng_mesg) + sizeof(struct nodeinfo)];
-		struct ng_mesg *const resp = (struct ng_mesg *) rbuf;
-		struct nodeinfo *const ni = (struct nodeinfo *) resp->data;
+		union {
+			u_char rbuf[sizeof(struct ng_mesg) +
+			    sizeof(struct nodeinfo)];
+			struct ng_mesg res;
+		} res;
+		struct nodeinfo *const ni = (struct nodeinfo *) res.res.data;
 
 		/* Find out the node ID */
 		if (NgSendMsg(cs, ".", NGM_GENERIC_COOKIE,
@@ -123,7 +126,7 @@
 				NGLOG("send nodeinfo");
 			goto errout;
 		}
-		if (NgRecvMsg(cs, resp, sizeof(rbuf), NULL) < 0) {
+		if (NgRecvMsg(cs, &res.res, sizeof(res.rbuf), NULL) < 0) {
 			errnosv = errno;
 			if (_gNgDebugLevel >= 1)
 				NGLOG("recv nodeinfo");
--- sock-NgMkSockNode.patch ends here ---


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-arm->jmg 
Responsible-Changed-By: jmg 
Responsible-Changed-When: Tue Dec 24 19:21:25 UTC 2013 
Responsible-Changed-Why:  
I'll commit this patch shortly... 

http://www.freebsd.org/cgi/query-pr.cgi?pr=185165 
State-Changed-From-To: open->patched 
State-Changed-By: jmg 
State-Changed-When: Tue Jan 7 23:01:12 UTC 2014 
State-Changed-Why:  
patched in HEAD as r260418...  Will close once MFC'd... 

http://www.freebsd.org/cgi/query-pr.cgi?pr=185165 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: arm/185165: commit references a PR
Date: Tue,  7 Jan 2014 23:01:16 +0000 (UTC)

 Author: jmg
 Date: Tue Jan  7 23:01:05 2014
 New Revision: 260418
 URL: http://svnweb.freebsd.org/changeset/base/260418
 
 Log:
   make sure that rbuf is aligned by making a union w/ the structure we
   need to access...  access the struct through the union too...
   
   PR:		185165
   Submitted by:	Guy Yur
   MFC after:	1 week
 
 Modified:
   head/lib/libnetgraph/sock.c
 
 Modified: head/lib/libnetgraph/sock.c
 ==============================================================================
 --- head/lib/libnetgraph/sock.c	Tue Jan  7 23:00:58 2014	(r260417)
 +++ head/lib/libnetgraph/sock.c	Tue Jan  7 23:01:05 2014	(r260418)
 @@ -111,9 +111,12 @@ gotNode:
  		/* Save node name */
  		strlcpy(namebuf, name, sizeof(namebuf));
  	} else if (dsp != NULL) {
 -		u_char rbuf[sizeof(struct ng_mesg) + sizeof(struct nodeinfo)];
 -		struct ng_mesg *const resp = (struct ng_mesg *) rbuf;
 -		struct nodeinfo *const ni = (struct nodeinfo *) resp->data;
 +		union {
 +			u_char rbuf[sizeof(struct ng_mesg) +
 +			    sizeof(struct nodeinfo)];
 +			struct ng_mesg res;
 +		} res;
 +		struct nodeinfo *const ni = (struct nodeinfo *) res.res.data;
  
  		/* Find out the node ID */
  		if (NgSendMsg(cs, ".", NGM_GENERIC_COOKIE,
 @@ -123,7 +126,7 @@ gotNode:
  				NGLOG("send nodeinfo");
  			goto errout;
  		}
 -		if (NgRecvMsg(cs, resp, sizeof(rbuf), NULL) < 0) {
 +		if (NgRecvMsg(cs, &res.res, sizeof(res.rbuf), NULL) < 0) {
  			errnosv = errno;
  			if (_gNgDebugLevel >= 1)
  				NGLOG("recv nodeinfo");
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
