Segfault on ARM

[ocurero]

Env: ARMv7 Processor (v7l) Version: 1.1.7

Compiled with ffdecsa_mode=PARALLEL_64_LONG and --compiletype=debug ffdecsawrapper crash with a segfault:

Feb 1 20:19:33.763 CAM(cardclient.cccam2): got CW, current shareid 0014f577 (pending 0, EMM 0, maxecmcount=0) Feb 1 20:19:33.764 CAM(cardclient.cccam2extra): wait returned after 1079 Feb 1 20:19:33.764 CAM(cardclient.cccam2shares): added shareid 0014f577 for 0bc5/88c0/1b4b5 status 1 Feb 1 20:19:33.764 CAM(cardclient.cccam2): got CW Feb 1 20:19:33.765 CSA: Got command(0): E idx: 1 pid: 0 key: cf29...7a Feb 1 20:19:33.765 CSA: Got command(0): O idx: 1 pid: 0 key: 623f...fe Feb 1 20:19:33.765 CSA: Creating csa for rb: 0 Feb 1 20:19:33.765 CAM(core.ecm): cache add prgId=6303 source=88c0 transponder=1b4b5 ecm=bc5/80 Feb 1 20:19:33.766 CAM(core.ecm): 2.1: correct key found Feb 1 20:19:33.766 CAM(cardclient.cccam2): 2: ECM caid 0100 prov 3311 sid 6303 pid 0bc5 Feb 1 20:19:33.767 CAM(cardclient.cccam2shares): shareid 0014f577 for 0bc5/88c0/1b4b5 status 1 Feb 1 20:19:33.767 CAM(cardclient.cccam2shares): share try list for caid 0100 prov 003311 pid 0bc5 Feb 1 20:19:33.767 CAM(cardclient.cccam2shares): shareid 0014f579 hops 2 lag 1000 Feb 1 20:19:33.768 CAM(cardclient.cccam2shares): shareid 001570d9 hops 4 lag 1000 Feb 1 20:19:33.768 CAM(cardclient.cccam2shares): shareid 001570da hops 4 lag 1000 Feb 1 20:19:33.768 CAM(cardclient.cccam2shares): shareid 001570db hops 4 lag 1000 Feb 1 20:19:33.768 CAM(cardclient.cccam2shares): shareid 001570dc hops 4 lag 1000 Feb 1 20:19:33.768 CAM(cardclient.cccam2shares): shareid 001570d8 hops 4 lag 1000 Feb 1 20:19:33.769 CAM(cardclient.cccam2shares): shareid 00156da0 hops 4 lag 1000 Feb 1 20:19:33.769 CAM(cardclient.cccam2shares): shareid 00157163 hops 4 lag 1000 Feb 1 20:19:33.769 CAM(cardclient.cccam2shares): shareid 00157164 hops 4 lag 1000 Feb 1 20:19:33.769 CAM(cardclient.cccam2shares): shareid 0014f577 hops 2 + lag 1039 Feb 1 20:19:33.770 CAM(cardclient.cccam2extra): now try shareid 0014f579 Segmentation fault (core dumped)

This is the backtrace of the core dumped using gdb:

Core was generated by `ffdecsawrapper -j 2:0 -b 8M --sid-allpid --cam-budget --cam-dir /etc/ffdecsawra'. Program terminated with signal 11, Segmentation fault.

0 0x000a4778 in block_decyphergroup(unsigned long long, unsigned char_, unsigned char*, int) ()

(gdb) bt

0 0x000a4778 in block_decyphergroup(unsigned long long, unsigned char_, unsigned char*, int) ()

1 0x000beac4 in decryptpackets(void, unsigned char_*) ()

2 0x00085268 in process_ts (csa=0x11f86e0,

buffer=0xb63c1c08 "G\002w\027\360\236\003n\211\344\343\353\275\320J\206\210\237\357\020\262s\317\360'\232\324qtb_m\361[\345|\330{\006\372aM$S;\266\206\342N\356\341\236\313\371\f\255\202\334Pf|\033\211\062\261\234\060pravy\237\217\357e\251\267\350\334\336\266\ri\030\266o\335Eghs@\024\034\300u\346'\321@5\035\266\371\062\236~\272ȋu\267\301n\306\302v\016\257\235\372\062=g.\322)\312\313p\224\265\364\022\372\270\300\257\221\062\243\322Q+\212\202\272\222\340\214\340\021\367\201َ\371", <incomplete sequence \343\262>, end=13160, force=0) at dvblb_plugins/plugin_ffdecsa.c:321

3 0x00085d10 in process_ffd (msg=0x11f25c8, priority=1) at dvblb_plugins/plugin_ffdecsa.c:506

4 0x00079900 in msg_loop (arg=0x1) at dvbloopback/src/msg_passing.c:118

5 0xb6ed4e2c in start_thread () from /lib/libpthread.so.0

6 0xb6b4da28 in ?? () from /lib/libc.so.6

7 0xb6b4da28 in ?? () from /lib/libc.so.6

Backtrace stopped: previous frame identical to this frame (corrupt stack?)

[bas-t]

I don't own arm hardware. What happens when you omit ffdecsa_mode=PARALLEL_64_LONG?

[ocurero]

Without the explicit mode oesn't even compile:

./configure

CPU-INFO

Vendor-ID: NotFound CPU-Family: -1 CPU-Model: -1 Flags:

FFdeCSA TEST

Using compiler: g++ Flags: -fexpensive-optimizations -fomit-frame-pointer -funroll-loops

Testing optimization levels 2 and 3

This may take a while, please be patient...

Level -O2: PARALLEL_64_MMX make: Entering directory /tmp/FFdecsa' g++ -O2 -fexpensive-optimizations -fomit-frame-pointer -funroll-loops -DPARALLEL_MODE=PARALLEL_64_MMX -c FFdecsa_test.c g++ -O2 -fexpensive-optimizations -fomit-frame-pointer -funroll-loops -DPARALLEL_MODE=PARALLEL_64_MMX -c FFdecsa.c In file included from parallel_064_mmx.h:21:0, from FFdecsa.c:80: /usr/lib/gcc/armv7hl-suse-linux-gnueabi/4.7/include/mmintrin.h: In function '__m64 _mm_packs_pi16(__m64, __m64)': /usr/lib/gcc/armv7hl-suse-linux-gnueabi/4.7/include/mmintrin.h:66:68: error: '__builtin_arm_wpackhss' was not declared in this scope /usr/lib/gcc/armv7hl-suse-linux-gnueabi/4.7/include/mmintrin.h: In function '__m64 _mm_packs_pi32(__m64, __m64)': /usr/lib/gcc/armv7hl-suse-linux-gnueabi/4.7/include/mmintrin.h:75:68: error: '__builtin_arm_wpackwss' was not declared in this scope /usr/lib/gcc/armv7hl-suse-linux-gnueabi/4.7/include/mmintrin.h: In function '__m64 _mm_packs_pi64(__m64, __m64)' FFdecsa.c: In function 'int decrypt_packets(void*, unsigned char**)': FFdecsa.c:908:3: error: '_mm_empty' was not declared in this scope make: *** [FFdecsa.o] Error 1 make: Leaving directory/tmp/FFdecsa' PARALLEL_64_MMX: build1 failed PARALLEL_128_2MMX make: Entering directory `/tmp/FFdecsa' g++ -O2 -fexpensive-optimizations -fomit-frame-pointer -funroll-loops -DPARALLEL_MODE=PARALLEL_128_2MMX -c FFdecsa_test.c g++ -O2 -fexpensive-optimizations -fomit-frame-pointer -funroll-loops -DPARALLEL_MODE=PARALLEL_128_2MMX -c FFdecsa.c

Tested all the other modes:

• PARALLEL_32_4CHAR: compile OK, no segfault, works as usual
• PARALLEL_32_4CHARA: compile OK, no segfault, works as usual
• PARALLEL_32_INT: compile OK, segfault
• PARALLEL_64_8CHAR: compile OK, segfault
• PARALLEL_64_8CHARA: compile OK, segfault
• PARALLEL_64_2INT: compile OK, segfault
• PARALLEL_64_LONG: compile OK, segfault
• PARALLEL_64_MMX: compile NOK
• PARALLEL_128_16CHAR: compile OK, segfault
• PARALLEL_128_16CHARA: compile OK, segfault
• PARALLEL_128_4INT: compile OK, segfault
• PARALLEL_128_2LONG: compile OK, segfault
• PARALLEL_128_2MMX: compile NOK
• PARALLEL_128_SSE: compile NOK
• PARALLEL_128_SSE2: compile NOK

[bas-t]

Looks to me that your cpu capabilities are not detected, so you are compiling without the proper flags.

What version of GCC/G++ are you using? What is the output of "cat /proc/cpuinfo"? (without the quotes)

[bas-t]

To debug your issue, it might be handy to post the content of 'config.mak'

It should look like this:

http://pastebin.com/k2MXGk7z

[ocurero]

gcc version: 4.7.2 cat /proc/cpu: Processor : ARMv7 Processor rev 4 (v7l) processor : 0 BogoMIPS : 766.11

processor : 1 BogoMIPS : 766.11

Features : swp half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt CPU implementer : 0x41 CPU architecture: 7 CPU variant : 0x0 CPU part : 0xc07 CPU revision : 4

Hardware : sun7i Revision : 0000 Serial : 0000000000000000

config.mak: http://pastebin.com/wzFPRimJ

Thanks!

[bas-t]

Can you please try: make update && ./configure --optimize=long Then don't compile yet, but first add -march=native to config.mak like this: FFDECSA_OPTS = "FLAGS=-O3 -march=native -fexpensive-optimizations -fomit-frame-pointer -funroll-loops"

Also, it might be a cccam issue. Please try newcamd

[ocurero]

Changing config.mak from:

Automatically generated by configure - do not modify

FFDECSA_OPTS = "FLAGS=-O3 -march= -fexpensive-optimizations -fomit-frame-pointer -funroll-loops" PARALLEL_MODE=PARALLEL_64_MMX COMPILER=g++ RELEASE=1 SC_FLAGS = "-O2 -fPIC -Wall -Woverloaded-virtual -fno-strict-aliasing" CXX=g++ CC=gcc

to:

Automatically generated by configure - do not modify

FFDECSA_OPTS = "FLAGS=-O3 -march=native -fexpensive-optimizations -fomit-frame-pointer -funroll-loops" COMPILER=g++ RELEASE=1 SC_FLAGS = "-O2 -fPIC -Wall -Woverloaded-virtual -fno-strict-aliasing" CXX=g++ CC=gcc

doesn't work: linux:/usr/src/packages/SOURCES/ffdecsawrapper-1.1.8 # make make -C FFdecsa "FLAGS=-O3 -march=native -fexpensive-optimizations -fomit-frame-pointer -funroll-loops" COMPILER=g++ make[1]: Entering directory /usr/src/packages/SOURCES/ffdecsawrapper-1.1.8/FFdecsa' g++ -O3 -march=native -fexpensive-optimizations -fomit-frame-pointer -funroll-loops -DPARALLEL_MODE= -c FFdecsa.c *** Error ing++': double free or corruption (top): 0x020709c0 *** ======= Backtrace: ========= /lib/libc.so.6(+0x6fb1c)[0xb6e69b1c] /lib/libc.so.6(+0x709c8)[0xb6e6a9c8] /lib/libc.so.6(fclose+0x1a4)[0xb6e583cc] g++[0x1641c] g++[0x13c14] g++[0x143b8] g++[0x1281c] g++[0x13e68] g++[0x14c90] g++[0xa800] /lib/libc.so.6(__libc_start_main+0x110)[0xb6e120d8]

All my clients in oscam are cccam protocol. Will it work if I use newcamd between ffdecsa and oscam? Or since I don't have any newcamd clients I won't be able to see anything?

Thanks,

[bas-t]

FFdecsa and oscam talk newcamd protocol perfectly between the two. I always use it.

As for config.mak: there is no line like this one in it:

PARALLEL_MODE=PARALLEL_128_SSE2 COMPILER=g++

Of course, your cpu does not do mmx or sse, so it has to be something else, like

PARALLEL_MODE=PARALLEL_64_LONG COMPILER=g++

That was something that worked for you, untill cccam had problems (see your first post)

I use this in oscam.conf to use newcamd:

[newcamd] port = 15050@0604:000000 key = 0102030405060708091011121314 allowed = keepalive = 1 mgclient = 0

And for ffdesawrapper, the corresponding line in cardclient.conf is:

newcamd:192.168.1.3:15050:1/0604/ffff:username:pasword:0102030405060708091011121314

You will have to adjust this to match your situation of course.

I think that oscam has no problem with talking more then one protocol at the same time, so just adding newcamd should not mess with your setup.