9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed
* [9fans] Fwd: NFS suicide on RPi3 and RPi4 9front, but works on RMiller's Plan9.
       [not found] <FE4D07EC-A08F-454D-B1EA-A81B4AD88B84@gmail.com>
@ 2021-03-10 20:14 ` Shiro
  2021-03-11 15:07   ` ori
  0 siblings, 1 reply; 4+ messages in thread
From: Shiro @ 2021-03-10 20:14 UTC (permalink / raw)
  To: 9fans

[-- Attachment #1: Type: text/plain, Size: 1385 bytes --]

Hello,

I’m not sure I’m reporting to the appropriate place.  Please advise.  And apologies in advance if I’m spamming this group.

Regards,
-Shiro

> Begin forwarded message:
> 
> From: Shiro <rt9f.3141@gmail.com>
> Subject: NFS suicide on RPi3 and RPi4, but works on RMiller's Plan9.
> Date: March 7, 2021 at 9:50:44 PM PST
> To: 9front@9front.org
> 
> Hello,
> 
> nfs dies on RPi3 and RPi4 on 9front but not with Richard Miller’s Plan9 RPi3/RPi4; and not with amd64 9front.
> 
> Photo 1: PID is 451
> 
> 
> 
> 
> 
> Photo 2: poking around the stack and regs.  Note: n is a rather large number.
> 
> 
> 
> 
> 
> Photo 3: acid is pointing to line 431.  From above, n is too large to be a strlen.  I suspect it actually failed in memmove(), but I’m not sure — I’ve only got 2 months on Plan9/9front and this is the first time I do acid.
> 
> 
> 
> 
> I’ve traced back a few calls, but haven’t found the problem yet.  the libsunrpc files are the same between RMiller’s Plan9 and 9front.
> 
> Any advice on how to further debug this would be much appreciated.
> 
> Cheers,
> -Shiro
> 
> 
> 
> 

------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/T995ec2230d16bd0b-M08ad1bc2067fb619758c52f5
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription

[-- Attachment #2.1: Type: text/html, Size: 6571 bytes --]

[-- Attachment #2.2: IMG_3581.jpeg --]
[-- Type: image/jpeg, Size: 40629 bytes --]

[-- Attachment #2.3: IMG_3582.jpeg --]
[-- Type: image/jpeg, Size: 140439 bytes --]

[-- Attachment #2.4: IMG_3583.jpeg --]
[-- Type: image/jpeg, Size: 68699 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [9fans] Fwd: NFS suicide on RPi3 and RPi4 9front, but works on RMiller's Plan9.
  2021-03-10 20:14 ` [9fans] Fwd: NFS suicide on RPi3 and RPi4 9front, but works on RMiller's Plan9 Shiro
@ 2021-03-11 15:07   ` ori
  2021-03-24 23:18     ` [9fans] " Shiro
  0 siblings, 1 reply; 4+ messages in thread
From: ori @ 2021-03-11 15:07 UTC (permalink / raw)
  To: 9fans

Quoth Shiro <rt9f.3141@gmail.com>:
> Hello,
> 
> I’m not sure I’m reporting to the appropriate place.  Please advise.  And apologies in advance if I’m spamming this group.
> 

This is fine, but 9front@9front.org is probably
better for 9front specific questions.

As far as uploading information -- 9front ships
with webpaste, so it's easy to get text uploaded,
which would let people copy values.

> Photo 3: acid is pointing to line 431.  From above, n is too large
> to be a strlen.  I suspect it actually failed in memmove(), but
> I’m not sure — I’ve only got 2 months on Plan9/9front and this is
> the first time I do acid.

Acid just shows whole words, so you're seeing 64
bits of a 32 bit value.  If you look closely,
you'll actually notice that the top bits in 'n'
are also the bottom bits of 'dat'

It's a bit unfortunate, you either have to tell
acid how to format the type, or you have to know
that you just need to ignore the top bits.

Anyawys, the faulting address is

        addr=0x100061fa0 pc=37930

Which shows up in R4. Given that *almost* the same
addresses (0x61fa0) in the other registers.  It
looks like it could be stack corruption.

Is this easy to reproduce?  Are you using the
binary from the last release, or is it your own
build?


------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/T995ec2230d16bd0b-M13cd1034eae8ce315d7a78eb
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [9fans] NFS suicide on RPi3 and RPi4 9front, but works on RMiller's Plan9.
  2021-03-11 15:07   ` ori
@ 2021-03-24 23:18     ` Shiro
  2021-03-29 15:19       ` cinap_lenrek
  0 siblings, 1 reply; 4+ messages in thread
From: Shiro @ 2021-03-24 23:18 UTC (permalink / raw)
  To: 9fans

[-- Attachment #1: Type: text/plain, Size: 2441 bytes --]



> On Mar 11, 2021, at 7:07 AM, ori@eigenstate.org wrote:
> 
> Quoth Shiro <rt9f.3141@gmail.com>:
>> Hello,
>> 
>> I’m not sure I’m reporting to the appropriate place.  Please advise.  And apologies in advance if I’m spamming this group.
>> 
> 
> This is fine, but 9front@9front.org is probably
> better for 9front specific questions.

thx.
> 
> As far as uploading information -- 9front ships
> with webpaste, so it's easy to get text uploaded,
> which would let people copy values.

Noted, I’ll use this next time.

>> Photo 3: acid is pointing to line 431.  From above, n is too large
>> to be a strlen.  I suspect it actually failed in memmove(), but
>> I’m not sure — I’ve only got 2 months on Plan9/9front and this is
>> the first time I do acid.
> 
> Acid just shows whole words, so you're seeing 64
> bits of a 32 bit value.  If you look closely,
> you'll actually notice that the top bits in 'n'
> are also the bottom bits of 'dat'
> 
> It's a bit unfortunate, you either have to tell
> acid how to format the type, or you have to know
> that you just need to ignore the top bits.

OK, better than nothing.  Hmm, maybe enhancing Acid to correctly format the type would be a nice GSOC project?


> 
> Anyawys, the faulting address is
> 
>        addr=0x100061fa0 pc=37930
> 
> Which shows up in R4. Given that *almost* the same
> addresses (0x61fa0) in the other registers.  It
> looks like it could be stack corruption.
> 
> Is this easy to reproduce?  Are you using the
> binary from the last release, or is it your own
> build?

Yes, this is very easy to reproduce.  It happens immediately on the first “ls”.  I’m using the released bin image:
        9front-8013.d9e940a768d1.pi3.img.gz

Steps to reproduce:

1: Create and export a dir on Linux.  Add the dir to /etc/exports for NFSv3:

/srv/l9p                    192.168.1.0/24(rw,insecure,sync,no_subtree_check,no_root_squash)

Then on Plan9:

2: start the NFS server:

nfs -p 775 -s i7 192.168.1.7

3: mount the NFS export:

mount -c /srv/i7 /n/i7 /srv/l9p

4: attempt to use it:

ls /n/i7

and the NFS server will crash on RPi3 and RPi4.




> 

------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/T995ec2230d16bd0b-M6a0852eddb29724f9f1088b1
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription

[-- Attachment #2: Type: text/html, Size: 6716 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [9fans] NFS suicide on RPi3 and RPi4 9front, but works on RMiller's Plan9.
  2021-03-24 23:18     ` [9fans] " Shiro
@ 2021-03-29 15:19       ` cinap_lenrek
  0 siblings, 0 replies; 4+ messages in thread
From: cinap_lenrek @ 2021-03-29 15:19 UTC (permalink / raw)
  To: 9fans

> 
> Anyawys, the faulting address is
> 
>        addr=0x100061fa0 pc=37930

sorry to reply here as i never got the original mail.

i could reproduce this and it turns out to be a arm64 compiler bug expanding
the -1 offset in the array index to a 32 bit unsigned constant but instruction
issued is a 64 bit addition.

i commited a work around for libsunrpc avoiding this case.

changeset:   8382:fbff57e70e76
tag:         tip
user:        cinap_lenrek@felloff.net
date:        Mon Mar 29 17:13:50 2021 +0200
summary:     libsunrpc: work around arm64 compiler bug in sunStringUnpack()

diff -r 87d8e72ffb5c -r fbff57e70e76 sys/src/libsunrpc/rpc.c
--- a/sys/src/libsunrpc/rpc.c   Tue Mar 23 16:33:32 2021 -0700
+++ b/sys/src/libsunrpc/rpc.c   Mon Mar 29 17:13:50 2021 +0200
@@ -428,8 +428,9 @@
                goto Err;
        /* slide string down over length to make room for NUL */
        memmove(dat-1, dat, n);
-       dat[-1+n] = 0;
-       *s = (char*)(dat-1);
+       dat--;
+       dat[n] = 0;
+       *s = (char*)dat;
        return 0;
 Err:
        return -1;

--
cinap

------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/T995ec2230d16bd0b-M7a648db117dd9b3b65e26b9b
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-03-29 15:20 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <FE4D07EC-A08F-454D-B1EA-A81B4AD88B84@gmail.com>
2021-03-10 20:14 ` [9fans] Fwd: NFS suicide on RPi3 and RPi4 9front, but works on RMiller's Plan9 Shiro
2021-03-11 15:07   ` ori
2021-03-24 23:18     ` [9fans] " Shiro
2021-03-29 15:19       ` cinap_lenrek

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).