* Theo Buehler wrote:
> On Tue, Jan 28, 2025 at 01:43:47PM +0100, Matthias Schmidt wrote:
> > * Theo Buehler wrote:
> > > On Mon, Jan 27, 2025 at 08:26:28PM +0000, Stuart Henderson wrote:
> > > > On 2025/01/27 20:09, Matthias Schmidt wrote:
> > > > > * Stuart Henderson wrote:
> > > > > >
> > > > > > Not perfect but this will probably work and it can be removed again
> > > > > > with a later update if things are improved in the aws-lc-* crates.
> > > > > >
> > > > > > any test reports, oks?
> > > > >
> > > > > With your patch I can compile and start ncspot. It shows me a link to
> > > > > Spotify's OAuth page and after successful authentication it crashes
> > > > > with
> > > > > a segfault.
> > > > >
> > > > > Thread 1 received signal SIGSEGV, Segmentation fault.
> > > > > 0x00000ef3c58ea5a3 in curve25519_x25519base_byte ()
> > > > > (gdb) bt
> > > > > #0 0x00000ef3c58ea5a3 in curve25519_x25519base_byte ()
> > > > > #1 0xad889b2f844e08e0 in ?? ()
> > > > > #2 0xc438665a13e05496 in ?? ()
> > > > > #3 0x37a5a35e7b1de8ea in ?? ()
> > > > > #4 0x3bbce3858af31749 in ?? ()
> > > > > #5 0x0000000000000000 in ?? ()
> > > > >
> > > > > Sorry no useable backtrace here. If someone has an idea how to
> > > > > compile
> > > > > the code with debug symbols, I can rebuild and provide a useable
> > > > > backtrace.
> > > >
> > > > hmmm, I don't think this is BTI then - check to make sure it linked
> > > > correctly with readelf -e /usr/local/bin/ncspot|grep OPENBSD and you
> > > > should have an OPENBSD_NOBTCFI - but I'd expect SIGILL not SIGSEGV
> > > > if you were hitting a BTI prpblem.
> >
> > $ readelf -e /usr/local/bin/ncspot|grep OPENBSD
> > OPENBSD_RANDOM 0x000000000139c6f8 0x000000000139e6f8 0x000000000139e6f8
> > OPENBSD_NOBTCF 0x0000000000000000 0x0000000000000000 0x0000000000000000
> >
> > > > Sorry no idea about debug symbols in rust, though that seems more
> > > > like a scrambled stack than just due to lacking symbols to me.
> > > >
> > > > I don't suppose there's a way to trigger this without an account
> > > > is there?
> >
> > No, IMP you need also a paid account to use ncspot.
> >
> > > A ktrace might shed some light on the matter.
> >
> > I uploaded a gzipped ktrace to https://xosc.org/misc/ncspot.trace.gz
>
> Don't do that: it may leak secrets. The tail -100 of the kdump output
> is usually enough:
I tried to clear the dump from the obvious secrets before uploading it
:)
> this is almost certainly the xonly violation I hinted at. Did you try
> with
>
> USE_NOEXECONLY=Yes
>
> next to the USE_NOBTCFI
Now I did. This, together, with the fix from sthen@ made ncspot compile
and functional again.
Thanks a lot and cheers
Matthias
