NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kern/54523: struct in6_addr alignment change breaks things

>Number:         54523
>Category:       kern
>Synopsis:       struct in6_addr alignment change breaks things
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Sep 04 08:50:00 +0000 2019
>Originator:     Andreas Gustafsson
>Release:        NetBSD-current, source date >= 2019.

System: NetBSD
Architecture: x86_64
Machine: amd64

After I upgraded an amd64 system to the -9 branch, I found that qemu's
user-mode networking no longer worked.

A rather lengthy bisection identified the following commit as the

  2019. kamil src/sys/netinet6/in6.h 1.95

  Decorate struct in6_addr with the __packed attribute
  This avoids undefined behavior when accessing misaligned pointers.
  Detected by kUBSan.
  Patch by Akul Pillai.

Specifically, the bug affects qemu binaries built on a system having
this version of in6.h (as opposed to hosts or guests built with this

I don't know how this change breaks qemu specifically, but it is
clearly incorrect in general because it can cause structs compiled
with different versions of in6.h to be laid out differently, breaking
binary compatibility.  For example, in

  struct {
      char c;
      struct in6_addr a;

the "a" field was previously stored at offset 4, but is now at offset 1.

The obvious fix is to revert the commit in case.  I would revert it
myself, but since the NetBSD commit guidelines specifically prohibit
me from doing that, I hereby ask kamil to revert it.

As for the issue the commit was supposed to fix, please file a
separate PR documenting it in detail so that a correct fix can be
properly discussed.


On a NetBSD-current or -9 system, install emulators/qemu and
misc/py-anita from pkgsrc (building at least qemu from source),
and run:

  anita interact

Log in to the guest as root and run:

  ftp -4

If your system is suffering from the bug, the ftp command will fail
with a timeout.


Home | Main Index | Thread Index | Old Index