Re: (maybe) crash your VAX from userspace

To: Mouse <mouse%rodents-montreal.org@localhost>
Subject: Re: (maybe) crash your VAX from userspace
From: Alexander Schreiber <als%thangorodrim.ch@localhost>
Date: Sat, 23 Mar 2024 16:23:40 +0100

On Sat, Mar 23, 2024 at 10:41:51AM -0400, Mouse wrote:
> > I think the point was that he wanted confirmation on real hardware.
> > He also already observed this in simh. :)
> 
> Yes...after seeing simh itself segfault, which leads to doubt that simh
> is to be entirely trusted here.

Observed behaviour:
 - network traffic with small packets (ping, DNS, NTP) is fine
 - TCP traffic with small packets (e.g. "telnet osgiliath.yauz.de 666")
   is also fine
 - TCP traffic with large packets, such as fetching pkgsrc via ftp
   or via https reliably crash the simulator
 - the backtrace always runs through the pcap library (not a surprise,
   given that it is network traffic triggering the asplosion)
 - on host=aarch64 I just get a crash inside glibc (Debian Bookworm)
 - on host=amd64, I also get a crash inside glibc (Debian Bookworm),
   but with more details: inside an assembly helper module that uses
   AVX code for memory copying

working theory:
 - SIMH allocates a memory buffer for copying network packets
 - the copy call runs over the boundaries of that buffer because of
   either wrong buffer size or wrong parameters of the copy call
 - I would expect such a fault in libpcap to have been found and
   fixed already, so I suspect SIMH
 - this is 3.8.1 as packaged by Debian, so somewhat old
 - I need to build SIMH from last release or HEAD and test again
 - this is also why I tried setting a silly small paket size on the
   interface ... which led to this
 - this might be specific to the simulation of the qe device, as I've
   gotten "failed to repliced" reports with e.g. the qt device


> I've fetched the 10.0_RC6 VAX sets and am in the process of setting it
> up on my emulator.  It's not real iron, but it is a completely
> independent emulator implementation.

Thanks!


Kind regards,
           Alex.
-- 
"Opportunity is missed by most people because it is dressed in overalls and
 looks like work."                                      -- Thomas A. Edison

Follow-Ups:
- Re: (maybe) crash your VAX from userspace
  - From: Alexander Schreiber
- Re: (maybe) crash your VAX from userspace
  - From: Johnny Billquist

References:
- re: (maybe) crash your VAX from userspace
  - From: matthew green
- Re: (maybe) crash your VAX from userspace
  - From: Johnny Billquist
- Re: (maybe) crash your VAX from userspace
  - From: Mouse

Prev by Date: Re: (maybe) crash your VAX from userspace
Next by Date: Re: (maybe) crash your VAX from userspace
Previous by Thread: Re: (maybe) crash your VAX from userspace
Next by Thread: Re: (maybe) crash your VAX from userspace
Indexes:

Home | Main Index | Thread Index | Old Index