Re: bin/56471: ntpd dies at startup on macppc/current, sshd randomly dies

To: thorpej%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost, martin%NetBSD.org@localhost
Subject: Re: bin/56471: ntpd dies at startup on macppc/current, sshd randomly dies
From: Jason Thorpe <thorpej%me.com@localhost>
Date: Sat, 30 Oct 2021 12:45:02 +0000 (UTC)

The following reply was made to PR bin/56471; it has been noted by GNATS.

From: Jason Thorpe <thorpej%me.com@localhost>
To: Martin Husemann <martin%duskware.de@localhost>
Cc: gnats-bugs%netbsd.org@localhost,
 gnats-admin%netbsd.org@localhost,
 netbsd-bugs%netbsd.org@localhost
Subject: Re: bin/56471: ntpd dies at startup on macppc/current, sshd randomly
 dies
Date: Sat, 30 Oct 2021 05:42:16 -0700

 > On Oct 29, 2021, at 2:05 AM, Martin Husemann <martin%duskware.de@localhost> =
 wrote:
 >=20
 >  1213   1213 ntpd     CALL  compat_16___sigreturn14(0xffffe000)
 >  1213   1213 ntpd     RET   compat_16___sigreturn14 -1 errno 22 =
 Invalid argument
 >  1213   1213 ntpd     CALL  exit(0x16)
 
 I have attempted to reproduce this on NetBSD/alpha, which, like powerpc, =
 also has compat_16___sigreturn14, to see if it was some common logic =
 problem in libc or the kernel.  I used lots of debug logging to verify =
 the code paths being taken.  Alpha works fine.  So it would seem this is =
 a powerpc-specific problem.
 
 The powerpc compat_16_sys___sigreturn14() has the following block:
 
         /*
          * Make sure SRR1 hasn't been maliciously tampered with. =20
          */    =20
         if (!PSL_USEROK_P(sc.sc_frame.srr1))
                 return (EINVAL);
 
 I=E2=80=99m pretty sure this is what is tripping in the failure case.
 
 In the powerpc sendsig_sigcontext(), that field is initialized like so:
 
         utf->srr1 =3D tf->tf_srr1 & PSL_USERSRR1;
 
 For reference, those PSL_USER* macros are defined as:
 
 #define PSL_USERSRR1            ((PSL_USERSET|PSL_USERMOD) & =
 PSL_USERMASK)
 #define PSL_USEROK_P(psl)       (((psl) & ~PSL_USERMOD) =3D=3D =
 PSL_USERSET)
 
 ...and on OEA machines (such as macppc), those expand to:
 
 #define PSL_USERSET             cpu_psluserset
 #define PSL_USERMOD             cpu_pslusermod
 #define PSL_USERMASK            cpu_pslusermask
 
         /*
          * Configure a PSL user mask matching this processor.
          * Don't allow to set PSL_FP/PSL_VEC, since that will affect =
 PCU. =20
          */
         cpu_psluserset =3D PSL_EE | PSL_PR | PSL_ME | PSL_IR | PSL_DR | =
 PSL_RI;
         cpu_pslusermod =3D PSL_FE0 | PSL_FE1 | PSL_LE | PSL_SE | PSL_BE;
 #ifdef PPC_OEA601
         if (cpuvers =3D=3D MPC601) {
                 cpu_psluserset &=3D PSL_601_MASK;=20
                 cpu_pslusermod &=3D PSL_601_MASK;=20
         }
 #endif
 #ifdef PPC_HIGH_VEC
         cpu_psluserset |=3D PSL_IP;       /* XXX ok? */
 #endif
 
 (register_t cpu_pslusermask =3D 0xffff;)
 
 It would be really interesting to know what the value of =
 sc.sc_frame.srr1 that sigreturn is objecting to.  Like, is it complete =
 garbage?
 
 -- thorpej

Prev by Date: Re: bin/56471: ntpd dies at startup on macppc/current, sshd randomly dies
Next by Date: Re: bin/56471: ntpd dies at startup on macppc/current, sshd randomly dies
Previous by Thread: Re: bin/56471: ntpd dies at startup on macppc/current, sshd randomly dies
Next by Thread: Re: bin/56471: ntpd dies at startup on macppc/current, sshd randomly dies
Indexes:

Home | Main Index | Thread Index | Old Index