Re: toolchain/51237: $TOOLDIR/bin/...-install crashes

[christos%zoulas.com@localhost (Christos Zoulas)]

On Jun 13,  1:15pm, martin%NetBSD.org@localhost (martin%NetBSD.org@localhost) wrote:
-- Subject: toolchain/51237: $TOOLDIR/bin/...-install crashes

| >Number:         51237
| >Category:       toolchain
| >Synopsis:       $TOOLDIR/bin/...-install crashes
| >Confidential:   no
| >Severity:       critical
| >Priority:       high
| >Responsible:    toolchain-manager
| >State:          open
| >Class:          sw-bug
| >Submitter-Id:   net
| >Arrival-Date:   Mon Jun 13 13:15:00 +0000 2016
| >Originator:     Martin Husemann
| >Release:        NetBSD 7.99.30
| >Organization:
| The NetBSD Foundation, Inc.
| >Environment:
| System: NetBSD thirdstage.duskware.de 7.99.30 NetBSD 7.99.30 (MODULAR) #521: Wed Jun 8 18:15:20 CEST 2016 martin%thirdstage.duskware.de@localhost:/usr/src/sys/arch/sparc64/compile/MODULAR sparc64
| Architecture: sparc64
| Machine: sparc64
| >Description:
| 
| When building natively on sparc64 with ASLR enabled, I get random crashes
| from install:

You should be able to isolate it by using the ASLR debug flags. Once you
get a command line that occasionally crashes, you can set the pax aslr
flags to "fixed":

sysctl -w security.pax.aslr.flags=0x20

Then try a loop like:

set +e
for i in f ff fff ffff fffff ffffff fffffff ffffffff
do
    sysctl -w security.pax.aslr.flags=0x$i
    echo $i
    run-command
done

After that once you find the value that crashes it you can determine
which part of the ASLR is at fault by or-ing in the following flags to
the flags sysctl to disable the particular ASLR feature:

#define PAX_ASLR_STACK          0x01
#define PAX_ASLR_STACK_GAP      0x02
#define PAX_ASLR_MMAP           0x04
#define PAX_ASLR_EXEC_OFFSET    0x08
#define PAX_ASLR_RTLD_OFFSET    0x10

For example:

sysctl -w security.pax.aslr.flags=0x21

Will keep the "fixed" random number, but not play with the stack.

christos