Bug 259187 - Use of thumb NEON instructions in thread causes SIGILL
Summary: Use of thumb NEON instructions in thread causes SIGILL
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: arm (show other bugs)
Version: 13.0-RELEASE
Hardware: arm Any
: --- Affects Only Me
Assignee: Michal Meloun
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-10-15 14:57 UTC by Robert Clausecker
Modified: 2021-11-18 13:22 UTC (History)
2 users (show)

See Also:
fuz: mfc-stable13?
fuz: mfc-stable12?


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Clausecker 2021-10-15 14:57:22 UTC
The following program crashes with a SIGILL on armv7 FreeBSD 13.0-RELEASE.  It does not crash in an armv7 jail on arm64 FreeBSD and does not crash when compiled without -mthumb.

#include <pthread.h>
#include <stddef.h>

void *a(void *x) {
  (void)x;

  struct {
    int b[4];
  } c = c;

  return (NULL);
}

int main() {
  pthread_t d;
  pthread_create(&d, NULL, a, NULL);
  pthread_join(d, NULL);
}

Save the program in a file name min.c, then type

    cc -mthumb min.c -lpthread && ./a.out

to reproduce.  The assembly code for function a() looks as follows:

00020754 <a>:
   20754:       b086            sub     sp, #24
   20756:       9005            str     r0, [sp, #20]
   20758:       4668            mov     r0, sp
   2075a:       f960 0a8f       vld1.32 {d16-d17}, [r0]
   2075e:       f940 0acf       vst1.64 {d16-d17}, [r0]
   20762:       2000            movs    r0, #0
   20764:       b006            add     sp, #24
   20766:       4770            bx      lr

The program crashes at address 2075a at the vld1.32 instruction.

When compiled for ARM mode, the same instruction is used but no crash occurs.  I do not understand what causes this issue.

It also does not seem to happen when executing the function a() without using a separate thread.

I've used a Raspberry Pi 3B (Cortex-A7) to find this issue.
Comment 1 Robert Clausecker 2021-11-02 10:07:28 UTC
Hi Michal,

I think cognet@ already developed a patch for this one but didn't follow up on the PR.  Please ask on #bsdmips for the current state of things.
Comment 2 commit-hook freebsd_committer 2021-11-02 10:35:33 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=a670e1c13a522df4fb8c63bb023b88b1d65de797

commit a670e1c13a522df4fb8c63bb023b88b1d65de797
Author:     Michal Meloun <mmel@FreeBSD.org>
AuthorDate: 2021-10-17 17:36:33 +0000
Commit:     Michal Meloun <mmel@FreeBSD.org>
CommitDate: 2021-11-02 10:11:44 +0000

    arm: Fix handling of undefined instruction aborts in THUMB2 mode.

    Correctly recognize NEON/SIMD and VFP instructions in THUMB2 mode and pass
    these to the appropriate handler. Note that it is not necessary to filter
    all undefined instruction variant or register combinations, this is a job
    for given handler.

    Reported by:    Robert Clausecker <fuz@fuz.su>
    PR:             259187
    MFC after:      2 weks

 sys/arm/arm/undefined.c | 39 +++++++++++++++++++++++----------------
 1 file changed, 23 insertions(+), 16 deletions(-)
Comment 3 Robert Clausecker 2021-11-18 13:22:20 UTC
Hi,

Unfortunately the 12.3 release window was missed for this patch.  Can you still MFC it?