Bug 249937

Summary: armv7 with PIE/ASLR enabled: buildworld fail on jemalloc
Product: Base System Reporter: mw <mw>
Component: armAssignee: freebsd-arm (Nobody) <freebsd-arm>
Status: Closed FIXED    
Severity: Affects Some People CC: emaste, kib, markj, mw
Priority: ---    
Version: CURRENT   
Hardware: arm   
OS: Any   
Bug Depends on:    
Bug Blocks: 259968    

Description mw 2020-09-27 13:12:27 UTC
Contrary to the amd64/arm64 architectures, which prove to work fine when enabling the PIE/ASLR, armv7 consistently fail the native buildworld test on jemalloc assertion. Example log snippet:

```
===> gnu/lib/libdialog (cleandir)
--- cleandir_subdir_lib ---
--- clean ---
rm -f  strfmon_test.full.bc strfmon_test.full.ll strfmon_test strfmon_test.bc strfmon_test.ll strfmon_test.full strfmon_test.debug strfmon_test.o strfmon_test.bco strfmon_test.llo
--- cleanobj ---
--- tsearch_test.cleandir ---
(cd /usr/src/lib/libc/tests/stdlib &&  DEPENDFILE=.depend.tsearch_test  NO_SUBDIR=1 make -f Makefile _RECURSING_PROGS=t  CLEANDEPENDFILES= CLEANDEPENDDIRS= PROG=tsearch_test  cleandir)
--- cleandir_subdir_gnu ---
<jemalloc>: /usr/home/pf/fbsd/contrib/jemalloc/include/jemalloc/internal/rtree.h:329: Failed assertion: "key != 0"
--- cleandir_subdir_lib ---
--- clean ---
rm -f  tsearch_test.full.bc tsearch_test.full.ll tsearch_test tsearch_test.bc tsearch_test.ll tsearch_test.full tsearch_test.debug tsearch_test.o tsearch_test.bco tsearch_test.llo
--- cleanobj ---
--- abs_test.cleandir ---
(cd /usr/src/lib/libc/tests/stdlib &&  DEPENDFILE=.depend.abs_test  NO_SUBDIR=1 make -f Makefile _RECURSING_PROGS=t  CLEANDEPENDFILES= CLEANDEPENDDIRS= PROG=abs_test  cleandir)
--- cleandir_subdir_gnu ---
Abort trap (core dumped)
--- cleandir_subdir_lib ---
```

1. FreeBSD revision: r366150

2. Platform: Solid-Run Clearfog-Pro (dual-CA9 Marvell Armada-388 SoC)

3. Steps to reproduce:
  * FreeBSD world built with -DWITH_PIE flag and place it on the SATA/SSD
    (on the DUT connected via USB3.0 port), e.g.
  ```
  ~ # file /usr/sbin/sshd 
  /usr/sbin/sshd: ELF 32-bit LSB pie executable, ARM, EABI5 version 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, FreeBSD-style, for FreeBSD 13.0 (1300113), stripped
  ```
  * Boot kernel with the following sysctls set:
  ```
  kern.elf32.aslr.pie_enable: 1
  kern.elf32.aslr.enable: 1
  ```
  * make buildworld -j<X> TARGET=arm TARGET_ARCH=armv7

4. Additional data points:
  * Consistent behavior and the same jemalloc assert observed when building with -j1 / -j2 / -j3.
  * With the same rootfs built with -DWITH\_PIE flag and the sysctls disabled:
  ```
  kern.elf32.aslr.pie_enable: 0
  kern.elf32.aslr.enable: 0
  ```
  The buildworld passes in all cases and job count.
Comment 1 commit-hook freebsd_committer freebsd_triage 2020-12-18 10:10:09 UTC
A commit references this bug:

Author: mw
Date: Fri Dec 18 10:09:21 UTC 2020
New revision: 368756
URL: https://svnweb.freebsd.org/changeset/base/368756

Log:
  Fix abort in jemalloc extent coalescing.

  Fix error in extent_try_coalesce_impl(), which could cause abort
  to happen when trying to coalesce extents backwards. The error could
  happen because of how extent_before_get() function works. This function
  gets address of previous extent, by subtracting page size from current
  extent address. If current extent is located at PAGE_SIZE offset, this
  address resolved to 0x0000. An assertion in rtree_leaf_elm_lookup
  then caused the running program to abort.

  This problem was discovered when trying to build world on 32-bit
  machines with ASLR and PIE enabled. The problem was encountered
  on armv7 and i386 machines, but most likely other 32-bit
  architectures are affected as well.

  While this patch fixes one problem with buildworld on 32-bit platforms
  with ASLR, the build still fails, however it happens much later
  and due to lack of memory.

  The change is aligned with accepted fix in the upstream Jemalloc
  repository (https://github.com/jemalloc/jemalloc/pull/1973).
  As it doesn't apply on top of Jemalloc tree, its updated version
  was eventually merged: https://github.com/jemalloc/jemalloc/pull/2003

  PR: 249937
  Submitted by: Dawid Gorecki <dgr@semihalf.com>
  Obtained from: Semihalf
  Sponsored by: Stormshield
  Differential Revision: https://reviews.freebsd.org/D27025

Changes:
  head/contrib/jemalloc/src/extent.c
Comment 2 Mark Johnston freebsd_committer freebsd_triage 2022-01-14 14:02:58 UTC
I think this PR can be closed?  The jemalloc change is in 13.0.
Comment 3 Ed Maste freebsd_committer freebsd_triage 2022-01-14 14:20:45 UTC
I agree. As mw@ reported in the commit message the build still failed, but due to an OOM condition and not related to jemalloc specifically.