kern/54523: struct in6_addr alignment change breaks things

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/54523: struct in6_addr alignment change breaks things
From: gson%gson.org@localhost (Andreas Gustafsson)
Date: Wed, 4 Sep 2019 08:50:01 +0000 (UTC)

>Number:         54523
>Category:       kern
>Synopsis:       struct in6_addr alignment change breaks things
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Sep 04 08:50:00 +0000 2019
>Originator:     Andreas Gustafsson
>Release:        NetBSD-current, source date >= 2019.05.28.03.56.46
>Organization:

>Environment:
System: NetBSD
Architecture: x86_64
Machine: amd64
>Description:

After I upgraded an amd64 system to the -9 branch, I found that qemu's
user-mode networking no longer worked.

A rather lengthy bisection identified the following commit as the
cause:

  2019.05.28.03.56.46 kamil src/sys/netinet6/in6.h 1.95

  http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/in6.h?only_with_tag=MAIN#rev1.95

  Decorate struct in6_addr with the __packed attribute
  This avoids undefined behavior when accessing misaligned pointers.
  Detected by kUBSan.
  Patch by Akul Pillai.

Specifically, the bug affects qemu binaries built on a system having
this version of in6.h (as opposed to hosts or guests built with this
version).

I don't know how this change breaks qemu specifically, but it is
clearly incorrect in general because it can cause structs compiled
with different versions of in6.h to be laid out differently, breaking
binary compatibility.  For example, in

  struct {
      char c;
      struct in6_addr a;
  };

the "a" field was previously stored at offset 4, but is now at offset 1.

The obvious fix is to revert the commit in case.  I would revert it
myself, but since the NetBSD commit guidelines specifically prohibit
me from doing that, I hereby ask kamil to revert it.

As for the issue the commit was supposed to fix, please file a
separate PR documenting it in detail so that a correct fix can be
properly discussed.

>How-To-Repeat:

On a NetBSD-current or -9 system, install emulators/qemu and
misc/py-anita from pkgsrc (building at least qemu from source),
and run:

  anita interact http://ftp.netbsd.org/pub/NetBSD/NetBSD-8.1/amd64/

Log in to the guest as root and run:

  dhcpcd
  ftp -4 http://www.netbsd.org/index.html

If your system is suffering from the bug, the ftp command will fail
with a timeout.

>Fix:

Prev by Date: NetBSD Nightly Trouble Ticket Report
Next by Date: Re: kern/54523 (struct in6_addr alignment change breaks things)
Previous by Thread: Re: port-prep/54394 (NetBSD 8.0 does not boot on an IBM RS/6000 43p)
Next by Thread: Re: kern/54523 (struct in6_addr alignment change breaks things)
Indexes:

Home | Main Index | Thread Index | Old Index