"Theo de Raadt" <dera...@openbsd.org> wrote:
> So I'd like to recruit some help from those of you capable of building
> your own kernels. Can you apply the following kernel diff, and try the
> applications you are used to. A list of applications that fail on some
> way would be handy. Be sure to ktrace -di then, and check there is a
> SIGSEGV near the end, and include a snippet of that information.
Gave this a shot. In the test program, I get the same results as
> userland kernel
> ld.so 0x59bd652920 readable readable
> mmap xz 0x5a08e6d000 unreadable unreadable
> mmap x 0x5a33152000 readable readable
> mmap nrx 0x597c8af000 readable readable
> mmap nwx 0x5988309000 readable readable
> mmap xnwx 0x59e6118000 readable readable
> main 0x5773dfe390 readable readable
> libc 0x5a2ec49b00 readable readable
for both before and after.
I added a printf in amd64/pmap.c:pmap_bootstrap which doesn't get
triggered
+ if (cpuid_level >= 0x7) {
+ uint32_t ecx, dummy;
+ CPUID_LEAF(0x7, 0, dummy, dummy, ecx, dummy);
+ if (ecx & SEFF0ECX_PKU) {
+ lcr4(rcr4() | CR4_PKE);
+ pmap_pke = 1;
+ }
+ }
+ printf("XXX pmap_pke=%d\n", pmap_pke);
Doubting myself, I also added a printf in amd64/cpu.c:cpu_init
lcr4(cr4);
+ printf("XXX cr4=0x%08u\n", cr4);
which yields the following in dmesg:
XXX cr4=0x01312504
XXX cr4=0x01312432
CR4_PKE is defined as 0x00400000, so I understand that I don't have
the right bits in my processor to use this. Is that correct?
Nevertheless, I compiled LLVM and then ld.so, and after reboot, some of
my daemons fail to start: i2pd, tor, iked, sshd, unbound_t{1,2} (the
last two being unbound on rdomains 1 and 2). Also, ssh (not sshd)
segfaulted on start, making it impossible for me to write this email,
reason why I'm back on a GENERIC.MP kernel + LLVM + ld.so patches.
For sshd, I got both a ktrace -di and a coredump. I can share both on
request. For a small kdump of sshd,
46155 sshd CALL close(3)
46155 sshd RET close 0
46155 sshd CALL
mmap(0,0x5000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
46155 sshd RET mmap 12759024181248/0xb9ab11aa000
46155 sshd CALL mprotect(0xb9ab11ae000,0x1000,0<PROT_NONE>)
46155 sshd RET mprotect 0
46155 sshd CALL kbind(0x7f7ffffe88e8,24,0x9215016ab2963bb4)
46155 sshd RET kbind 0
46155 sshd CALL kbind(0x7f7ffffe88a8,24,0x9215016ab2963bb4)
46155 sshd RET kbind 0
46155 sshd CALL kbind(0x7f7ffffe8828,24,0x9215016ab2963bb4)
46155 sshd RET kbind 0
46155 sshd CALL kbind(0x7f7ffffe8828,24,0x9215016ab2963bb4)
46155 sshd RET kbind 0
46155 sshd CALL kbind(0x7f7ffffe87f8,24,0x9215016ab2963bb4)
46155 sshd RET kbind 0
46155 sshd CALL kbind(0x7f7ffffe87f8,24,0x9215016ab2963bb4)
46155 sshd RET kbind 0
46155 sshd CALL kbind(0x7f7ffffe87f8,24,0x9215016ab2963bb4)
46155 sshd RET kbind 0
46155 sshd CALL kbind(0x7f7ffffe8828,24,0x9215016ab2963bb4)
46155 sshd RET kbind 0
46155 sshd CALL kbind(0x7f7ffffe8828,24,0x9215016ab2963bb4)
46155 sshd RET kbind 0
46155 sshd PSIG SIGSEGV SIG_DFL code=SEGV_ACCERR addr=0xb9b416debc0
trapno=6
46155 sshd NAMI "sshd.core"
For iked, I also have a ktrace -di, but no coredump. Also died from a
SIGSEGV, with the same pattern: repeated kbind calls with the very same
parameters. Given the different subprocesses, it's a bit more noisy to
share directly in the email, but I can also share on request.
dmesg follows.
OpenBSD 7.2-current (XONLY) #2: Thu Jan 19 19:17:53 UTC 2023
lu...@oolong.home.arpa:/usr/src/sys/arch/amd64/compile/XONLY
real mem = 12534018048 (11953MB)
avail mem = 12134768640 (11572MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdae9d000 (70 entries)
bios0: vendor LENOVO version "G2ET33WW (1.13 )" date 07/24/2012
bios0: LENOVO 2325BG4
acpi0 at bios0: ACPI 4.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC TCPA SSDT SSDT SSDT HPET APIC MCFG ECDT FPDT ASF!
UEFI UEFI POAT SSDT SSDT DMAR UEFI
acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP3(S4) XHCI(S3) EHC1(S3)
EHC2(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 1197.34 MHz, 06-3a-09
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line
8-way L2 cache, 3MB 64b/line 12-way L3 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
XXX cr4=0x01312504
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 1197.32 MHz, 06-3a-09
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line
8-way L2 cache, 3MB 64b/line 12-way L3 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 24 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xf8000000, bus 0-63
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus 4 (EXP3)
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpipci0 at acpi0 PCI0: 0x00000000 0x00000011 0x00000001
acpicmos0 at acpi0
tpm0 at acpi0 TPM_ 1.2 (TIS) addr 0xfed40000/0x5000, device 0x0000104a rev 0x4e
acpibat0 at acpi0: BAT0 not present
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0: version 1.0
"PNP0C14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
acpicpu0 at acpi0: C2(350@80 mwait.1@0x20), C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C2(350@80 mwait.1@0x20), C1(1000@1 mwait.1), PSS
acpipwrres0 at acpi0: PUBS, resource for XHCI, EHC1, EHC2
acpitz0 at acpi0: critical temperature is 103 degC
acpidock0 at acpi0: GDCK not docked (0)
acpivideo0 at acpi0: VID_
acpivout0 at acpivideo0: LCD0
acpivideo1 at acpi0: VID_
cpu0: using VERW MDS workaround (except on vmm entry)
cpu0: Enhanced SpeedStep 1197 MHz: speeds: 2601, 2600, 2500, 2400, 2300, 2200,
2100, 2000, 1900, 1800, 1700, 1600, 1500, 1400, 1300, 1200 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 3G Host" rev 0x09
inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 4000" rev 0x09
drm0 at inteldrm0
inteldrm0: msi, IVYBRIDGE, gen 7
xhci0 at pci0 dev 20 function 0 "Intel 7 Series xHCI" rev 0x04: msi, xHCI 1.0
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev 3.00/1.00
addr 1
"Intel 7 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
em0 at pci0 dev 25 function 0 "Intel 82579LM" rev 0x04: msi, address
3c:97:0e:31:1f:fa
ehci0 at pci0 dev 26 function 0 "Intel 7 Series USB" rev 0x04: apic 2 int 16
usb1 at ehci0: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00
addr 1
azalia0 at pci0 dev 27 function 0 "Intel 7 Series HD Audio" rev 0x04: msi
azalia0: codecs: Realtek ALC269, Intel/0x2806, using Realtek ALC269
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 7 Series PCIE" rev 0xc4: msi
pci1 at ppb0 bus 2
sdhc0 at pci1 dev 0 function 0 "Ricoh 5U822 SD/MMC" rev 0x07: apic 2 int 16
sdhc0: SDHC 3.0, 50 MHz base clock
sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma
ppb1 at pci0 dev 28 function 1 "Intel 7 Series PCIE" rev 0xc4: msi
pci2 at ppb1 bus 3
iwn0 at pci2 dev 0 function 0 "Intel Centrino Advanced-N 6205" rev 0x34: msi,
MIMO 2T2R, MoW, address 60:67:20:82:85:c0
ppb2 at pci0 dev 28 function 2 "Intel 7 Series PCIE" rev 0xc4: msi
pci3 at ppb2 bus 4
ehci1 at pci0 dev 29 function 0 "Intel 7 Series USB" rev 0x04: apic 2 int 23
usb2 at ehci1: USB revision 2.0
uhub2 at usb2 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00
addr 1
pcib0 at pci0 dev 31 function 0 "Intel QM77 LPC" rev 0x04
ahci0 at pci0 dev 31 function 2 "Intel 7 Series AHCI" rev 0x04: msi, AHCI 1.3
ahci0: port 0: 6.0Gb/s
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0: <ATA, Samsung SSD 870, SVT0> naa.5002538fc141203c
sd0: 476940MB, 512 bytes/sector, 976773168 sectors, thin
ichiic0 at pci0 dev 31 function 3 "Intel 7 Series SMBus" rev 0x04: apic 2 int 18
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 8GB DDR3 SDRAM PC3-12800 SO-DIMM
spdmem1 at iic0 addr 0x51: 4GB DDR3 SDRAM PC3-12800 SO-DIMM
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
vmm0 at mainbus0: VMX/EPT
uhub3 at uhub1 port 1 configuration 1 interface 0 "Intel Rate Matching Hub" rev
2.00/0.00 addr 2
uvideo0 at uhub3 port 6 configuration 1 interface 0 "Ricoh Company Ltd.
Integrated Camera" rev 2.00/0.11 addr 3
video0 at uvideo0
uhub4 at uhub2 port 1 configuration 1 interface 0 "Intel Rate Matching Hub" rev
2.00/0.00 addr 2
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
sd1 at scsibus3 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006>
sd1: 476937MB, 512 bytes/sector, 976767473 sectors
root on sd1a (943406fce1149cad.a) swap on sd1b dump on sd1b
XXX cr4=0x01312432
inteldrm0: 1366x768, 32bpp
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation), using wskbd0
wsdisplay0: screen 1-5 added (std, vt100 emulation)
syncing disks... done
rebooting...
