Bug 259187

Summary: Use of thumb NEON instructions in thread causes SIGILL
Product: Base System Reporter: Robert Clausecker <fuz>
Component: armAssignee: Michal Meloun <mmel>
Status: Closed FIXED    
Severity: Affects Only Me CC: cognet, mmel
Priority: --- Flags: fuz: mfc-stable13?
fuz: mfc-stable12?
Version: 13.0-RELEASE   
Hardware: arm   
OS: Any   

Description Robert Clausecker freebsd_committer freebsd_triage 2021-10-15 14:57:22 UTC 
The following program crashes with a SIGILL on armv7 FreeBSD 13.0-RELEASE.  It does not crash in an armv7 jail on arm64 FreeBSD and does not crash when compiled without -mthumb.

#include <pthread.h>
#include <stddef.h>

void *a(void *x) {
  (void)x;

  struct {
    int b[4];
  } c = c;

  return (NULL);
}

int main() {
  pthread_t d;
  pthread_create(&d, NULL, a, NULL);
  pthread_join(d, NULL);
}

Save the program in a file name min.c, then type

    cc -mthumb min.c -lpthread && ./a.out

to reproduce.  The assembly code for function a() looks as follows:

00020754 <a>:
   20754:       b086            sub     sp, #24
   20756:       9005            str     r0, [sp, #20]
   20758:       4668            mov     r0, sp
   2075a:       f960 0a8f       vld1.32 {d16-d17}, [r0]
   2075e:       f940 0acf       vst1.64 {d16-d17}, [r0]
   20762:       2000            movs    r0, #0
   20764:       b006            add     sp, #24
   20766:       4770            bx      lr

The program crashes at address 2075a at the vld1.32 instruction.

When compiled for ARM mode, the same instruction is used but no crash occurs.  I do not understand what causes this issue.

It also does not seem to happen when executing the function a() without using a separate thread.

I've used a Raspberry Pi 3B (Cortex-A7) to find this issue.
Comment 1 Robert Clausecker freebsd_committer freebsd_triage 2021-11-02 10:07:28 UTC 
Hi Michal,

I think cognet@ already developed a patch for this one but didn't follow up on the PR.  Please ask on #bsdmips for the current state of things.
Comment 2 commit-hook freebsd_committer freebsd_triage 2021-11-02 10:35:33 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=a670e1c13a522df4fb8c63bb023b88b1d65de797

commit a670e1c13a522df4fb8c63bb023b88b1d65de797
Author:     Michal Meloun <mmel@FreeBSD.org>
AuthorDate: 2021-10-17 17:36:33 +0000
Commit:     Michal Meloun <mmel@FreeBSD.org>
CommitDate: 2021-11-02 10:11:44 +0000

    arm: Fix handling of undefined instruction aborts in THUMB2 mode.

    Correctly recognize NEON/SIMD and VFP instructions in THUMB2 mode and pass
    these to the appropriate handler. Note that it is not necessary to filter
    all undefined instruction variant or register combinations, this is a job
    for given handler.

    Reported by:    Robert Clausecker <fuz@fuz.su>
    PR:             259187
    MFC after:      2 weks

 sys/arm/arm/undefined.c | 39 +++++++++++++++++++++++----------------
 1 file changed, 23 insertions(+), 16 deletions(-)
Comment 3 Robert Clausecker freebsd_committer freebsd_triage 2021-11-18 13:22:20 UTC 
Hi,

Unfortunately the 12.3 release window was missed for this patch.  Can you still MFC it?
Comment 4 commit-hook freebsd_committer freebsd_triage 2022-01-20 10:13:35 UTC 
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=79631b49eeda47d90f6ceba9ad574e6625f1f2f1

commit 79631b49eeda47d90f6ceba9ad574e6625f1f2f1
Author:     Michal Meloun <mmel@FreeBSD.org>
AuthorDate: 2021-10-17 17:36:33 +0000
Commit:     Michal Meloun <mmel@FreeBSD.org>
CommitDate: 2022-01-20 10:12:36 +0000

    arm: Fix handling of undefined instruction aborts in THUMB2 mode.

    Correctly recognize NEON/SIMD and VFP instructions in THUMB2 mode and pass
    these to the appropriate handler. Note that it is not necessary to filter
    all undefined instruction variant or register combinations, this is a job
    for given handler.

    Reported by:    Robert Clausecker <fuz@fuz.su>
    PR:             259187
    MFC after:      2 weks

    (cherry picked from commit a670e1c13a522df4fb8c63bb023b88b1d65de797)

 sys/arm/arm/undefined.c | 39 +++++++++++++++++++++++----------------
 1 file changed, 23 insertions(+), 16 deletions(-)
Comment 5 Robert Clausecker freebsd_committer freebsd_triage 2022-11-12 12:53:50 UTC 
Can we get this patch in for 12.4?
Comment 6 commit-hook freebsd_committer freebsd_triage 2022-11-18 10:03:00 UTC 
A commit in branch stable/12 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=e5c0e6d7810cbfc57b80f123ca48b485bdcd48d1

commit e5c0e6d7810cbfc57b80f123ca48b485bdcd48d1
Author:     Michal Meloun <mmel@FreeBSD.org>
AuthorDate: 2021-10-17 17:36:33 +0000
Commit:     Olivier Houchard <cognet@FreeBSD.org>
CommitDate: 2022-11-18 09:45:31 +0000

    arm: Fix handling of undefined instruction aborts in THUMB2 mode.

    Correctly recognize NEON/SIMD and VFP instructions in THUMB2 mode and pass
    these to the appropriate handler. Note that it is not necessary to filter
    all undefined instruction variant or register combinations, this is a job
    for given handler.

    Reported by:    Robert Clausecker <fuz@fuz.su>
    PR:             259187
    MFC after:      2 weks

    (cherry picked from commit a670e1c13a522df4fb8c63bb023b88b1d65de797)
    Signed-off-by: Olivier Houchard <cognet@FreeBSD.org>

 sys/arm/arm/undefined.c | 39 +++++++++++++++++++++++----------------
 1 file changed, 23 insertions(+), 16 deletions(-)
Comment 7 Robert Clausecker freebsd_committer freebsd_triage 2023-01-05 01:00:28 UTC 
Is there any work left to do on this one?
Comment 8 Robert Clausecker freebsd_committer freebsd_triage 2023-04-23 16:03:22 UTC 
Seems like we are done here.