Bug 188510
| Summary: | rtadvd(8): "rtadvctl show" crashes on BeagleBone Black due to unaligned access | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Base System | Reporter: | guyyur | ||||||
| Component: | bin | Assignee: | freebsd-bugs (Nobody) <bugs> | ||||||
| Status: | Closed Unable to Reproduce | ||||||||
| Severity: | Affects Only Me | Keywords: | needs-qa | ||||||
| Priority: | --- | ||||||||
| Version: | CURRENT | ||||||||
| Hardware: | Any | ||||||||
| OS: | Any | ||||||||
| Attachments: |
|
||||||||
Responsible Changed From-To: freebsd-arm->freebsd-bugs Although the problem is arm-specific, the patch is not. Reclassify. For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped Keyword:
patch
or patch-ready
– in lieu of summary line prefix:
[patch]
* bulk change for the keyword
* summary lines may be edited manually (not in bulk).
Keyword descriptions and search interface:
<https://bugs.freebsd.org/bugzilla/describekeywords.cgi>
With 14.0-CURRENT, is this still an issue? It should not be an issue on BeagleBone since support for unaligned access in hardware on armv7 is enabled since 2016 (commit 40cb6df5f3ae8aa0c9839dda49dd5a6357d3c69a) Might be relevant for RISC-V (I wasn't able to find out if it allows unaligned access without trapping in hardware and I don't have RISC-V hardware) If you want to close this bug, I can open a new bug if I verify this is still relevant for RISC-V. Closing as bug is not reproducible since support for unaligned access in hardware on armv7 was enabled (commit 40cb6df5f3ae8aa0c9839dda49dd5a6357d3c69a from 2016) A new bug can be opened if there are other hardware architectures supported by FreeBSD that don't have unaligned access support |
"rtadvctl show" core dumps on Bus error when run on BeagleBone Black. (gdb) bt #0 cm_pl2bin (str=<value optimized out>, cp=<value optimized out>) at /usr/src/usr.sbin/rtadvctl/../rtadvd/control.c:458 #1 0x0000a59c in action_plgeneric (action=<value optimized out>, plstr=<value optimized out>, buf=0xbfffcd6c "\001") at /usr/src/usr.sbin/rtadvctl/rtadvctl.c:264 #2 0x0000a3c8 in action_propget (argv=0xbffff2d1 "", cp=0xbfffedf0) at /usr/src/usr.sbin/rtadvctl/rtadvctl.c:285 #3 0x00009354 in action_show (argc=<value optimized out>, argv=<value optimized out>) at /usr/src/usr.sbin/rtadvctl/rtadvctl.c:432 #4 0x00009184 in main (argc=<value optimized out>, argv=0xbffff2d1) at /usr/src/usr.sbin/rtadvctl/rtadvctl.c:187 #5 0x00008fdc in __start (argc=2, argv=0xbffffb98, env=0xbffffba4, ps_strings=<value optimized out>, obj=0x2003c000, cleanup=<value optimized out>) at /usr/src/lib/csu/arm/crt1.c:115 #6 0x2001fd3c in _rtld_get_stack_prot () from /libexec/ld-elf.so.1 #7 0x2001fd3c in _rtld_get_stack_prot () from /libexec/ld-elf.so.1 Current language: auto; currently minimal disassembly: 0x0000b0c4 <cm_pl2bin+368>: str r0, [r8] info registers: ... r8 0xbfffcd87 -1073754745 ... pc 0xb0c4 45252 The protocol between rtadvd and rtadvctl writes a size_t len followed by a string for each of ifname, key and value. When ifname or key is supplied and their length is not a multiple of 4 the write of the next field size_t len will be to an unaligned address and a trap will be generated on the BeagleBone Black. Fix: Attached two patches with different ways to resolve the problem. 1. rtadvd_control_align.patch Round up the strings to align on sizeof(size_t). Is there a round up macro that can be used instead of explicit calculation? Requires using matching rtadvd and rtadvctl since the protocol changed. 2. rtadvd_control_packed.patch Use __packed structure access for the size_t len so byte instructions will be used to read/write the len on arm. Protocol doesn't change so compatibility between old and fixed rtadvd and rtadvctl is kept. How-To-Repeat: Run "rtadvctl show" on an arm machine with trapping for unaligned access enabled.