kern/48490: Opera-12.16 segfaults on NetBSD-6.99.28/i386

[imre%vdsz.com@localhost]

>Number:         48490
>Category:       kern
>Synopsis:       Opera-12.16 segfaults on NetBSD-6.99.28/i386
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jan 02 18:55:00 +0000 2014
>Originator:     Imre Vadasz
>Release:        NetBSD 6.99.28
>Organization:
        
>Environment:
        
        
System: NetBSD deneb.fritz.box 6.99.28 NetBSD 6.99.28 (CF29MK3_GENFB) #6: Thu 
Jan 2 16:55:17 CET 2014 
root%deneb.fritz.box@localhost:/usr/obj/sys/arch/i386/compile/CF29MK3_GENFB i386
Architecture: i386
Machine: i386
>Description:
Opera-12.16 (linux binary) from pkgsrc segfaults on NetBSD-6.99.28/i386,
whereas the opera binary works fine when booting a 6.99.24/i386 kernel instead.
        
>How-To-Repeat:
Try to run opera-12.16 on NetBSD-6.99.28/i386.
        
>Fix:
With this patch opera works again (and other linux binaries still work).

The first part (regarding linux_exec.h) adds the 16 byte of the random numbers
to the LINUX_ELF_AUX_ARGSIZ, as is implicitly done in the corresponding code
for amd64 (in "sys/compat/linux/arch/amd64/linux_exec.h" line 62).

I'm not sure if the second part is really necessary. It's supposed to put the
random numbers for the LINUX_AT_RANDOM argument below (meaning at higher
addresses on x86) the arguments vector.

The code for 64bit architectures and amd64 specifically, that corresponds to
the i386/linux_exec.h and common/linux_exec_elf32.c files seems much more
organized, so it might make sense to copy some code from there.

--- sys/compat/linux/arch/i386/linux_exec.h.orig
+++ sys/compat/linux/arch/i386/linux_exec.h
@@ -35,9 +35,11 @@
 #define LINUX_M_I386           100
 #define LINUX_MID_MACHINE      LINUX_M_I386
 #define LINUX_USRSTACK         0xC0000000
+#define LINUX_RANDOM_BYTES     16
 
 #define LINUX_ELF_AUX_ARGSIZ   \
-       (howmany(LINUX_ELF_AUX_ENTRIES * sizeof(Aux32Info), sizeof(Elf32_Addr)))
+       (howmany(LINUX_ELF_AUX_ENTRIES * sizeof(Aux32Info) + \
+                LINUX_RANDOM_BYTES, sizeof(Elf32_Addr)))
 
 #define LINUX_DEBUGLINK_SIGNATURE
 
############################
--- sys/compat/linux/common/linux_exec_elf32.c.orig
+++ sys/compat/linux/common/linux_exec_elf32.c
@@ -475,8 +475,9 @@ ELFNAME2(linux,copyargs)(struct lwp *l, struct exec_package 
*pack,
                a->a_v = kauth_cred_getegid(l->l_cred);
        a++;
 
+       len = (a - ai) * sizeof(AuxInfo) + 2 * sizeof(AuxInfo);
        a->a_type = LINUX_AT_RANDOM;
-       a->a_v = (Elf_Addr)*stackp;
+       a->a_v = (Elf_Addr)((*stackp) + len);
        a++;
 
        a->a_type = AT_NULL;
@@ -488,13 +489,13 @@ ELFNAME2(linux,copyargs)(struct lwp *l, struct 
exec_package *pack,
        randbytes[2] = random();
        randbytes[3] = random();
 
-       len = sizeof(randbytes);
-       if ((error = copyout(randbytes, *stackp, len)) != 0)
+       len = (a - ai) * sizeof(AuxInfo);
+       if ((error = copyout(ai, *stackp, len)) != 0)
                return error;
        *stackp += len;
 
-       len = (a - ai) * sizeof(AuxInfo);
-       if ((error = copyout(ai, *stackp, len)) != 0)
+       len = sizeof(randbytes);
+       if ((error = copyout(randbytes, *stackp, len)) != 0)
                return error;
        *stackp += len;
 
############################

>Unformatted: