[gnutls-devel] ccm segv

James Cloos cloos at jhcloos.com
Thu Apr 16 19:05:45 CEST 2015


>>>>> "NM" == Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:

NM> Thanks. Are you sure it is the benchmark-tls-ciphers, and not the
NM> benchmark-ciphers option? If yes, could you please send the output
NM> of running the command with valgrind?

Sorry, you are right.

CPU is a Kavari APU.

The backtrace shows:

#0  0x0000000000000000 in ?? ()
No symbol table info available.
#1  0x00007fe37f66656d in _gnutls_cipher_init (handle=handle at entry=0x1229a10, e=e at entry=0x7fe37f953620 <algorithms+160>, key=key at entry=0x7ffd0e7647e0, iv=iv at entry=0x7ffd0e7647f0, enc=enc at entry=1) at /usr/src/debug/net-libs/gnutls-3.4.0/gnutls-3.4.0/lib/gnutls_cipher_int.c:101
        ret = <optimized out>
        cc = 0x7fe37f955fa0 <_gnutls_aes_ccm_x86_aesni>

Line 101 is still line 101 in master (1e4df17a4687).

Valgrind says:

:; valgrind gnutls-cli --benchmark-ciphers
==3053== Memcheck, a memory error detector
==3053== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==3053== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==3053== Command: gnutls-cli --benchmark-ciphers
==3053== 
vex amd64->IR: unhandled instruction bytes: 0x8F 0xEA 0xF8 0x10 0xCE 0x3 0x1D 0x0
vex amd64->IR:   REX=0 REX.W=0 REX.R=0 REX.X=0 REX.B=0
vex amd64->IR:   VEX=0 VEX.L=0 VEX.nVVVV=0x0 ESC=NONE
vex amd64->IR:   PFX.66=0 PFX.F2=0 PFX.F3=0
==3053== valgrind: Unrecognised instruction at address 0x4011436.
==3053==    at 0x4011436: _dl_allocate_tls_storage (dl-tls.c:380)
==3053==    by 0x4000EA1: init_tls (rtld.c:623)
==3053==    by 0x4003526: dl_main (rtld.c:1687)
==3053==    by 0x40157EB: _dl_sysdep_start (dl-sysdep.c:249)
==3053==    by 0x4004968: _dl_start_final (rtld.c:308)
==3053==    by 0x4004968: _dl_start (rtld.c:414)
==3053==    by 0x40010A7: ??? (in /lib64/ld-2.20.so)
==3053==    by 0x1: ???
==3053==    by 0xFFEFFD0EA: ???
==3053==    by 0xFFEFFD0F5: ???
==3053== Your program just tried to execute an instruction that Valgrind
==3053== did not recognise.  There are two possible reasons for this.
==3053== 1. Your program has a bug and erroneously jumped to a non-code
==3053==    location.  If you are running Memcheck and you just saw a
==3053==    warning about a bad jump, it's probably your program's fault.
==3053== 2. The instruction is legitimate but Valgrind doesn't handle it,
==3053==    i.e. it's Valgrind's fault.  If you think this is the case or
==3053==    you are not sure, please let us know and we'll try to fix it.
==3053== Either way, Valgrind will now raise a SIGILL signal which will
==3053== probably kill your program.
==3053== 
==3053== Process terminating with default action of signal 4 (SIGILL): dumping core
==3053==  Illegal opcode at address 0x4011436
==3053==    at 0x4011436: _dl_allocate_tls_storage (dl-tls.c:380)
==3053==    by 0x4000EA1: init_tls (rtld.c:623)
==3053==    by 0x4003526: dl_main (rtld.c:1687)
==3053==    by 0x40157EB: _dl_sysdep_start (dl-sysdep.c:249)
==3053==    by 0x4004968: _dl_start_final (rtld.c:308)
==3053==    by 0x4004968: _dl_start (rtld.c:414)
==3053==    by 0x40010A7: ??? (in /lib64/ld-2.20.so)
==3053==    by 0x1: ???
==3053==    by 0xFFEFFD0EA: ???
==3053==    by 0xFFEFFD0F5: ???
==3053== Jump to the invalid address stated on the next line
==3053==    at 0x566: ???
==3053==    by 0x1: ???
==3053==    by 0xFFEFFC5AF: ???
==3053==    by 0x1: ???
==3053==    by 0x1: ???
==3053==    by 0xFFEFFC5AF: ???
==3053==    by 0x4000EA1: init_tls (rtld.c:623)
==3053==    by 0x4003526: dl_main (rtld.c:1687)
==3053==  Address 0x566 is not stack'd, malloc'd or (recently) free'd
==3053== 
==3053== 
==3053== Process terminating with default action of signal 11 (SIGSEGV)
==3053==  Bad permissions for mapped region at address 0x566
==3053==    at 0x566: ???
==3053==    by 0x1: ???
==3053==    by 0xFFEFFC5AF: ???
==3053==    by 0x1: ???
==3053==    by 0x1: ???
==3053==    by 0xFFEFFC5AF: ???
==3053==    by 0x4000EA1: init_tls (rtld.c:623)
==3053==    by 0x4003526: dl_main (rtld.c:1687)
==3053== 
==3053== HEAP SUMMARY:
==3053==     in use at exit: 0 bytes in 0 blocks
==3053==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==3053== 
==3053== All heap blocks were freed -- no leaks are possible
==3053== 
==3053== For counts of detected and suppressed errors, rerun with: -v
==3053== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault

-JimC
-- 
James Cloos <cloos at jhcloos.com>         OpenPGP: 0x997A9F17ED7DAEA6



More information about the Gnutls-devel mailing list