Bug#699692: [Pkg-openssl-devel] Bug#699692: Illegal instruction when installing (creating certificate) with Wheezy's version 1.0.1c-4 of openssl on a system with Cyrix MII / IBM 6x86
On Mon, Mar 11, 2013 at 01:18:10AM +0100, Hans-Juergen Mauser wrote: Hello Kurt, thanks for your support and for providing the packages! This made testing for me very easy - and I can tell you that it works perfectly. Setting the environment variable was NOT a full workaround as there are processes like postgresql which use the libssl internally and from a non-interactive shell, which prevented postgresql even from starting as it calculates a key at each startup. By the way, the internal capability flags have the following values: OPENSSL_ia32cap_P[0] = 0x0080A535 (same as before) OPENSSL_ia32cap_P[1] = 0x0 Was the value of OPENSSL_ia32cap_P[1] a random value previously due to wrong assumptions when reading? What I understand was that OPENSSL_ia32cap_P[1] comes from ecx, and that was unititialised and not set by your processor. And they now ititialised it to 0. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#699692: [Pkg-openssl-devel] Bug#699692: Illegal instruction when installing (creating certificate) with Wheezy's version 1.0.1c-4 of openssl on a system with Cyrix MII / IBM 6x86
Hello Kurt, thanks for your reply and the proposal of a fix! Is there a possibility to obtain a daily build of the library anywhere, or do I have to compile it myself? If possible, I'd like to keep efforts simple here... but if I have to, I will compile it. Thanks, Hans-Juergen Mauser -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#699692: [Pkg-openssl-devel] Bug#699692: Illegal instruction when installing (creating certificate) with Wheezy's version 1.0.1c-4 of openssl on a system with Cyrix MII / IBM 6x86
On Sun, Mar 10, 2013 at 09:06:41PM +0100, Hans-Juergen Mauser wrote: Hello Kurt, thanks for your reply and the proposal of a fix! Is there a possibility to obtain a daily build of the library anywhere, or do I have to compile it myself? If possible, I'd like to keep efforts simple here... but if I have to, I will compile it. I've put up a test package at: http://people.debian.org/~kroeckx/openssl/cpuid/ Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#699692: [Pkg-openssl-devel] Bug#699692: Illegal instruction when installing (creating certificate) with Wheezy's version 1.0.1c-4 of openssl on a system with Cyrix MII / IBM 6x86
Hello Kurt, thanks for your support and for providing the packages! This made testing for me very easy - and I can tell you that it works perfectly. Setting the environment variable was NOT a full workaround as there are processes like postgresql which use the libssl internally and from a non-interactive shell, which prevented postgresql even from starting as it calculates a key at each startup. By the way, the internal capability flags have the following values: OPENSSL_ia32cap_P[0] = 0x0080A535 (same as before) OPENSSL_ia32cap_P[1] = 0x0 Was the value of OPENSSL_ia32cap_P[1] a random value previously due to wrong assumptions when reading? Best regards, Hans-Juergen Mauser -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#699692: [Pkg-openssl-devel] Bug#699692: Illegal instruction when installing (creating certificate) with Wheezy's version 1.0.1c-4 of openssl on a system with Cyrix MII / IBM 6x86
On Sat, Mar 02, 2013 at 06:25:15PM +0100, Hans-Juergen Mauser wrote: Hello Kurt, thanks for your hint - by disabling this capability flag (bit 62) for RDRAND, it works perfectly! The _unmodified_ content (without env-var override) of the capability variables look like this: OPENSSL_ia32cap_P[0] = 0x0080A535 OPENSSL_ia32cap_P[1] = 0x64616574 Upstream posted a patch: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5702e965d759dde8a098d8108660721ba2b93a7d Can you confirm that that fixes the problem? Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#699692: [Pkg-openssl-devel] Bug#699692: Illegal instruction when installing (creating certificate) with Wheezy's version 1.0.1c-4 of openssl on a system with Cyrix MII / IBM 6x86
On Sat, Mar 02, 2013 at 01:17:46AM +0100, Hans-Juergen Mauser wrote: Hello Kurt, see the required information attached to this mail. If I can provide further information, don't hesitate to ask me. So for some reason it seems to think your CPU supports the RDRAND instructions, which is only available on intel as far as I know. Can you see what OPENSSL_ia32cap_P[0] and OPENSSL_ia32cap_P[1] contain? It's stored in bit 30 of OPENSSL_ia32cap_P[1] Can you try export OPENSSL_ia32cap=~0x4000 and see if you can still reproduce it? Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#699692: [Pkg-openssl-devel] Bug#699692: Illegal instruction when installing (creating certificate) with Wheezy's version 1.0.1c-4 of openssl on a system with Cyrix MII / IBM 6x86
Hello Kurt, thanks for your hint - by disabling this capability flag (bit 62) for RDRAND, it works perfectly! The _unmodified_ content (without env-var override) of the capability variables look like this: OPENSSL_ia32cap_P[0] = 0x0080A535 OPENSSL_ia32cap_P[1] = 0x64616574 As a workaround, I will set the override variable globally to be compatible to the most recent versions - however, it would be good if a fix can be integrated into the code itself as former versions are working. If no fix is possible, documentation would be an alternative as I think that even for advanced users, these control variables are very special, internal details of openssl which are anything but obvious. Thanks and best regards, Hans-Juergen Mauser -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#699692: [Pkg-openssl-devel] Bug#699692: Illegal instruction when installing (creating certificate) with Wheezy's version 1.0.1c-4 of openssl on a system with Cyrix MII / IBM 6x86
Hello Kurt, see the required information attached to this mail. If I can provide further information, don't hesitate to ask me. Thanks and best regards, Hans-Juergen Mauser Starting program: /usr/bin/openssl req -new -x509 -out cert.pem -days 3650 Generating a 2048 bit RSA private key Program received signal SIGILL, Illegal instruction. 0xb7dfa3f5 in OPENSSL_ia32_rdrand () at x86cpuid.s:333 333 x86cpuid.s: Datei oder Verzeichnis nicht gefunden. (gdb) bt #0 0xb7dfa3f5 in OPENSSL_ia32_rdrand () at x86cpuid.s:333 (gdb) frame #0 0xb7dfa3f5 in OPENSSL_ia32_rdrand () at x86cpuid.s:333 333 in x86cpuid.s (gdb) disas Dump of assembler code for function OPENSSL_ia32_rdrand: 0xb7dfa3f0 +0: mov$0x8,%ecx = 0xb7dfa3f5 +5: rdrand %eax 0xb7dfa3f8 +8: jb 0xb7dfa3fc OPENSSL_ia32_rdrand+12 0xb7dfa3fa +10:loop 0xb7dfa3f5 OPENSSL_ia32_rdrand+5 0xb7dfa3fc +12:cmp$0x0,%eax 0xb7dfa3ff +15:cmove %ecx,%eax 0xb7dfa402 +18:ret End of assembler dump. (gdb)
Bug#699692: [Pkg-openssl-devel] Bug#699692: Illegal instruction when installing (creating certificate) with Wheezy's version 1.0.1c-4 of openssl on a system with Cyrix MII / IBM 6x86
On Sun, Feb 03, 2013 at 09:52:48PM +0100, Hans-Juergen Mauser wrote: Hello Kurt, thanks for your reply. Of course I like to help, see the required information (and a little bit more) attached to this mail. The cmov instruction by itself should not be the problem as this CPU supports it - but maybe the presence of cmov suggests using other instructions which are missing? Hope my information helps you a bit - if I can provide further details, don't hesitate to ask! Program received signal SIGILL, Illegal instruction. 0xb7e032b5 in OPENSSL_ia32_rdrand () at x86cpuid.s:333 333 x86cpuid.s: Datei oder Verzeichnis nicht gefunden. (gdb) bt #0 0xb7e032b5 in OPENSSL_ia32_rdrand () at x86cpuid.s:333 (gdb) frame #0 0xb7e032b5 in OPENSSL_ia32_rdrand () at x86cpuid.s:333 333 in x86cpuid.s (gdb) info frame Stack level 0, frame at 0x0: eip = 0xb7e032b5 in OPENSSL_ia32_rdrand (x86cpuid.s:333); saved eip 0xb7e032b5 Outermost frame: outermost source language asm. Arglist at unknown address. Locals at unknown address, Previous frame's sp in esp (gdb) Line 333 seems to be: .section.init callOPENSSL_cpuid_setup So I doubt that it's the correct line. Just before that, there is the OPENSSL_ia32_rdrand function, that looks like: .globl OPENSSL_ia32_rdrand .type OPENSSL_ia32_rdrand,@function .align 16 OPENSSL_ia32_rdrand: .L_OPENSSL_ia32_rdrand_begin: movl$8,%ecx .L019loop: .byte 15,199,240 jc .L020break loop.L019loop .L020break: cmpl$0,%eax cmovel %ecx,%eax ret .size OPENSSL_ia32_rdrand,.-.L_OPENSSL_ia32_rdrand_begin Note that is has a cmovel in there. Can you run disas in gdb and see at which instruction is actually points? Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#699692: [Pkg-openssl-devel] Bug#699692: Illegal instruction when installing (creating certificate) with Wheezy's version 1.0.1c-4 of openssl on a system with Cyrix MII / IBM 6x86
On Sun, Feb 03, 2013 at 05:47:35PM +0100, Hans-Juergen Mauser wrote: Package: openssl Version: 1.0.1c-4 Hello! When trying a new Wheezy install on a machine with Cyrix MII / IBM 6x86 CPU, openssl cannot complete it's install routine because the creation of the default certificate fails reproducibly ith the result illegal instruction. It seems as if the package is compiled with some optimisation not suitable for regular Pentium machine. libssl is actually compiled 3 times. Ones for the default architecture which is i486, once for i586, and once for i686 with cmov. The dynamic linker should pick up the correct one. Can you verify that which version you pick up? You can see this with: ldd /usr/bin/openssl Can you also show /proc/cpuinfo? openssl also contains hand written assembler, which detects cpu capabilities as well. Maybe something is broken there. In any case would it be useful if you could give information about which function it was that has the problem. Can you install libssl1.0.0-dbg and run whatever you wanted to do from gdb and give me a backtrace? Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#699692: [Pkg-openssl-devel] Bug#699692: Illegal instruction when installing (creating certificate) with Wheezy's version 1.0.1c-4 of openssl on a system with Cyrix MII / IBM 6x86
Hello Kurt, thanks for your reply. Of course I like to help, see the required information (and a little bit more) attached to this mail. The cmov instruction by itself should not be the problem as this CPU supports it - but maybe the presence of cmov suggests using other instructions which are missing? Hope my information helps you a bit - if I can provide further details, don't hesitate to ask! Best regards, Hans-Juergen Mauser Kurt Roeckx schrieb: On Sun, Feb 03, 2013 at 05:47:35PM +0100, Hans-Juergen Mauser wrote: Package: openssl Version: 1.0.1c-4 Hello! When trying a new Wheezy install on a machine with Cyrix MII / IBM 6x86 CPU, openssl cannot complete it's install routine because the creation of the default certificate fails reproducibly ith the result illegal instruction. It seems as if the package is compiled with some optimisation not suitable for regular Pentium machine. libssl is actually compiled 3 times. Ones for the default architecture which is i486, once for i586, and once for i686 with cmov. The dynamic linker should pick up the correct one. Can you verify that which version you pick up? You can see this with: ldd /usr/bin/openssl Can you also show /proc/cpuinfo? openssl also contains hand written assembler, which detects cpu capabilities as well. Maybe something is broken there. In any case would it be useful if you could give information about which function it was that has the problem. Can you install libssl1.0.0-dbg and run whatever you wanted to do from gdb and give me a backtrace? Kurt processor : 0 vendor_id : CyrixInstead cpu family : 6 model : 2 model name : M II 3.5x Core/Bus Clock stepping: 8 cpu MHz : 233.895 fdiv_bug: no hlt_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 1 wp : yes flags : fpu de tsc msr cx8 pge cmov mmx cyrix_arr bogomips: 467.79 clflush size: 32 cache_alignment : 32 address sizes : 32 bits physical, 32 bits virtual power management: [0.00] Initializing cgroup subsys cpuset [0.00] Initializing cgroup subsys cpu [0.00] Linux version 3.2.0-4-486 (debian-ker...@lists.debian.org) (gcc version 4.6.3 (Debian 4.6.3-14) ) #1 Debian 3.2.35-2 [0.00] BIOS-provided physical RAM map: [0.00] BIOS-e820: - 000a (usable) [0.00] BIOS-e820: 000f - 0010 (reserved) [0.00] BIOS-e820: 0010 - 2000 (usable) [0.00] BIOS-e820: - 0001 (reserved) [0.00] Notice: NX (Execute Disable) protection missing in CPU! [0.00] DMI 2.0 present. [0.00] DMI: System Manufacturer System Name/P/I-P55T2P4, BIOS #401A0-0207-204/28/99 [0.00] e820 update range: - 0001 (usable) == (reserved) [0.00] e820 remove range: 000a - 0010 (usable) [0.00] last_pfn = 0x2 max_arch_pfn = 0x10 [0.00] initial memory mapped : 0 - 0180 [0.00] Base memory trampoline at [c009c000] 9c000 size 12288 [0.00] init_memory_mapping: -2000 [0.00] 00 - 002000 page 4k [0.00] kernel direct mapping tables up to 2000 @ 177d000-180 [0.00] RAMDISK: 1f68 - 2000 [0.00] ACPI Error: A valid RSDP was not found (20110623/tbxfroot-219) [0.00] 0MB HIGHMEM available. [0.00] 512MB LOWMEM available. [0.00] mapped low ram: 0 - 2000 [0.00] low ram: 0 - 2000 [0.00] Zone PFN ranges: [0.00] DMA 0x0010 - 0x1000 [0.00] Normal 0x1000 - 0x0002 [0.00] HighMem empty [0.00] Movable zone start PFN for each node [0.00] early_node_map[2] active PFN ranges [0.00] 0: 0x0010 - 0x00a0 [0.00] 0: 0x0100 - 0x0002 [0.00] On node 0 totalpages: 130960 [0.00] free_area_init_node: node 0, pgdat c13c5488, node_mem_map df27f200 [0.00] DMA zone: 32 pages used for memmap [0.00] DMA zone: 0 pages reserved [0.00] DMA zone: 3952 pages, LIFO batch:0 [0.00] Normal zone: 992 pages used for memmap [0.00] Normal zone: 125984 pages, LIFO batch:31 [0.00] Using APIC driver default [0.00] SFI: Simple Firmware Interface v0.81 http://simplefirmware.org [0.00] No local APIC present or hardware disabled [0.00] APIC: disable apic facility [0.00] APIC: switched to apic NOOP [0.00] nr_irqs_gsi: 16 [0.00] PM: Registered nosave memory: 000a - 000f [0.00] PM: Registered nosave memory: 000f - 0010 [0.00] Allocating PCI
Bug#699692: [Pkg-openssl-devel] Bug#699692: Illegal instruction when installing (creating certificate) with Wheezy's version 1.0.1c-4 of openssl on a system with Cyrix MII / IBM 6x86
A little amendment: openssl 0.9.8 also uses the cmov library version, I cross-checked this after generating the debug information for you. est regards, Hans-Juergen Mauser linux-gate.so.1 = (0xb778) libssl.so.0.9.8 = /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb7721000) libcrypto.so.0.9.8 = /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb75c9000) libdl.so.2 = /lib/i386-linux-gnu/i686/cmov/libdl.so.2 (0xb75c5000) libz.so.1 = /lib/i386-linux-gnu/libz.so.1 (0xb75ac000) libc.so.6 = /lib/i386-linux-gnu/i686/cmov/libc.so.6 (0xb7449000) /lib/ld-linux.so.2 (0xb7781000)