On Tue, Jan 28, 2025 at 01:43:47PM +0100, Matthias Schmidt wrote: > * Theo Buehler wrote: > > On Mon, Jan 27, 2025 at 08:26:28PM +0000, Stuart Henderson wrote: > > > On 2025/01/27 20:09, Matthias Schmidt wrote: > > > > * Stuart Henderson wrote: > > > > > > > > > > Not perfect but this will probably work and it can be removed again > > > > > with a later update if things are improved in the aws-lc-* crates. > > > > > > > > > > any test reports, oks? > > > > > > > > With your patch I can compile and start ncspot. It shows me a link to > > > > Spotify's OAuth page and after successful authentication it crashes with > > > > a segfault. > > > > > > > > Thread 1 received signal SIGSEGV, Segmentation fault. > > > > 0x00000ef3c58ea5a3 in curve25519_x25519base_byte () > > > > (gdb) bt > > > > #0 0x00000ef3c58ea5a3 in curve25519_x25519base_byte () > > > > #1 0xad889b2f844e08e0 in ?? () > > > > #2 0xc438665a13e05496 in ?? () > > > > #3 0x37a5a35e7b1de8ea in ?? () > > > > #4 0x3bbce3858af31749 in ?? () > > > > #5 0x0000000000000000 in ?? () > > > > > > > > Sorry no useable backtrace here. If someone has an idea how to compile > > > > the code with debug symbols, I can rebuild and provide a useable > > > > backtrace. > > > > > > hmmm, I don't think this is BTI then - check to make sure it linked > > > correctly with readelf -e /usr/local/bin/ncspot|grep OPENBSD and you > > > should have an OPENBSD_NOBTCFI - but I'd expect SIGILL not SIGSEGV > > > if you were hitting a BTI prpblem. > > $ readelf -e /usr/local/bin/ncspot|grep OPENBSD > OPENBSD_RANDOM 0x000000000139c6f8 0x000000000139e6f8 0x000000000139e6f8 > OPENBSD_NOBTCF 0x0000000000000000 0x0000000000000000 0x0000000000000000 > > > > Sorry no idea about debug symbols in rust, though that seems more > > > like a scrambled stack than just due to lacking symbols to me. > > > > > > I don't suppose there's a way to trigger this without an account > > > is there? > > No, IMP you need also a paid account to use ncspot. > > > A ktrace might shed some light on the matter. > > I uploaded a gzipped ktrace to https://xosc.org/misc/ncspot.trace.gz
Don't do that: it may leak secrets. The tail -100 of the kdump output is usually enough: 85927 ncspot PSIG SIGSEGV caught handler=0x5066d342590 mask=0<> code=SEGV_ACCERR addr=0x5066d1273bf trapno=6 this is almost certainly the xonly violation I hinted at. Did you try with USE_NOEXECONLY=Yes next to the USE_NOBTCFI > > Cheers > > Matthias > > > However, it's also not xonly clean, so adding USE_NOEXECONLY=Yes will > > be worth a try: > > > > // > > **************************************************************************** > > // The precomputed data (all read-only). This is currently part of the > > // same > > // text section, which gives position-independent code with simple > > // PC-relative > > // addressing. However it could be put in a separate section via > > // something like > > // > > // .section .rodata > > // > > ****************************************************************************
