search

randombit / botan

Cryptography Toolkit
https://botan.randombit.net
BSD 2-Clause "Simplified" License
2.59k stars 570 forks source link

Illegal instruction crashes botan #4401

Closed SecTec closed 1 month ago

SecTec commented 1 month ago

General Info

OS: Arch Linux CPU: AMD FX(tm)-6300 Six-Core Processor Affected version: 3.6.0-1 KeepassXC version: 2.7.9-4

Issue

KeepassXC crashes after update of libbotan from v3.5.0-1 to v3.6.0-1.

Debug output (GDB):

> gdb --quiet --args keepassxc
…
(gdb) run
Starting program: /usr/bin/keepassxc
…
Thread 1 "keepassxc" received signal SIGILL, Illegal instruction.
0x00007ffff6fea869 in ?? () from /usr/lib/libbotan-3.so.6
…

Conclusion

Maybe some code was added to libbotan in the last update that uses some CPU instructions / features that are not present in my CPU.

CPU Info (lscpu):

> LANG=C lscpu
Architecture:             x86_64
  CPU op-mode(s):         32-bit, 64-bit
  Address sizes:          48 bits physical, 48 bits virtual
  Byte Order:             Little Endian
CPU(s):                   6
  On-line CPU(s) list:    0-5
Vendor ID:                AuthenticAMD
  Model name:             AMD FX(tm)-6300 Six-Core Processor
    CPU family:           21
    Model:                2
    Thread(s) per core:   1
    Core(s) per socket:   6
    Socket(s):            1
    Stepping:             0
    Frequency boost:      enabled
    CPU(s) scaling MHz:   81%
    CPU max MHz:          3500.0000
    CPU min MHz:          1400.0000
    BogoMIPS:             6988.40
    Flags:                fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm co
                          nstant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 popcnt aes xsave avx f16c lahf_
                          lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs xop skinit wdt fma4 tce nodeid_msr tbm topoext perfctr_core perfct
                          r_nb cpb hw_pstate pti ssbd ibpb vmmcall bmi1 arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshol
                          d
Virtualization features:  
  Virtualization:         AMD-V
Caches (sum of all):      
  L1d:                    96 KiB (6 instances)
  L1i:                    192 KiB (3 instances)
  L2:                     6 MiB (3 instances)
  L3:                     8 MiB (1 instance)
NUMA:                     
  NUMA node(s):           1
  NUMA node0 CPU(s):      0-5
…

Many thanks, best regards

randombit commented 1 month ago

Can you post the output of

botan cpuid

on your system?

randombit commented 1 month ago

Also from within gdb after the SIGILL is received can you run

disassemble /s

and post the first 30 or so instructions

randombit commented 1 month ago

Possible workaround to try: set env variable BOTAN_CLEAR_CPUID=sse2

randombit commented 1 month ago

Oh I think I see it now, try this

BOTAN_CLEAR_CPUID=bmi2

SecTec commented 1 month ago

Yay, the last one worked for me.

KeepassXC runs with:

> BOTAN_CLEAR_CPUID=bmi2 keepassxc

For the sake of completeness: 

> botan cpuid
CPUID flags: rdtsc sse2 ssse3 bmi2 aes_ni clmul

And GDB did not output anything with disassemble /s.

I hope someone with the same or related issue might find this useful.

Many thanks, you saved my day. Best regards.

randombit commented 4 weeks ago

@SecTec FYI this was fixed in 3.6.1 which is available on Arch now, so the workaround should no longer be required.