Bug#1043238: libpfm4: crashes on initialization on 32bit arm in autopkgtest CI

Samuel Thibault Mon, 07 Aug 2023 12:33:19 -0700

Package: libpfm4
Version: 4.13.0-1
Severity: important
Tags: patch

Hello,


We are seeing a crash at libpfm initialization in the starpu autopkgtest
CI testsuite. This can be easily reproduced in the autopkgtest CI
environment with:

#include <perfmon/pfmlib.h>

int main(void) {
        pfm_initialize();
}

gcc test.c -o test -lpfm



(gdb) r
Starting program: /root/test
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/arm-linux-gnueabi/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0xf7f8f4e0 in pfmlib_getl (buffer=buffer@entry=0xfffefab0,
    len=len@entry=0xfffefaac, fp=fp@entry=0x403190) at pfmlib_common.c:794
 794            b[i] = '\0';
(gdb) bt
#0  0xf7f8f4e0 in pfmlib_getl (buffer=buffer@entry=0xfffefab0,
    len=len@entry=0xfffefaac, fp=fp@entry=0x403190) at pfmlib_common.c:794
#1  0xf7f94124 in pfmlib_getcpuinfo_attr (attr=0xf7f977fc "CPU implementer",
    ret_buf=0xf7f94124 <pfmlib_getcpuinfo_attr+120> "\020\260\235\345\001",
    ret_buf@entry=0xfffefae4 "\304\373\376\367\001", maxlen=128)
    at pfmlib_arm.c:78
#2  0xf7f94240 in pfm_arm_detect (this=<optimized out>) at pfmlib_arm.c:156
#3  0xf7f94980 in pfm_arm_detect_cortex_a7 (this=<optimized out>)
    at pfmlib_arm_armv7_pmuv1.c:48
#4  0xf7f8fbf4 in pfmlib_init_pmus () at pfmlib_common.c:1139
#5  pfm_initialize () at pfmlib_common.c:1239
#6  0x00400588 in main ()

(gdb) bt full
#0  0xf7f8f4e0 in pfmlib_getl (buffer=buffer@entry=0xfffefac0,
    len=len@entry=0xfffefabc, fp=fp@entry=0x403190) at pfmlib_common.c:794
        b = 0x0
        c = <optimized out>
        maxsz = 0
        maxi = 4294967294
        d = <optimized out>
        i = 0
#1  0xf7f94124 in pfmlib_getcpuinfo_attr (attr=0xf7f977fc "CPU implementer",
    ret_buf=0xf7f94124 <pfmlib_getcpuinfo_attr+120> "\020\260\235\345\001",
    ret_buf@entry=0xfffefaf4 "\304\373\376\367\001", maxlen=128)
    at pfmlib_arm.c:78
        fp = 0x403190
        ret = -1
        attr_len = 15
        buf_len = 0
        p = <optimized out>
        value = <optimized out>
        buffer = 0x0
#2  0xf7f94240 in pfm_arm_detect (this=<optimized out>) at pfmlib_arm.c:156
        ret = <optimized out>
        buffer = 
"\304\373\376\367\001\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\001\000\000\000X\372\376\367\000\000\000\000\360#\374\367(\374\376\3678\360\376\367",
 '\000' <repeats 28 times>, "\377\377\377\377HE\370\367\360#\374\367", '\000' 
<repeats 20 times>, 
"X\372\376\367\001\377\376\377p\375\376\377LI\000\000x\322\343\367\300\242\373",
 <incomplete sequence \367>
#3  0xf7f94980 in pfm_arm_detect_cortex_a7 (this=<optimized out>)
    at pfmlib_arm_armv7_pmuv1.c:48
        ret = <optimized out>
#4  0xf7f8fbf4 in pfmlib_init_pmus () at pfmlib_common.c:1139
        p = 0xf7fb75a4 <arm_cortex_a7_support>
        i = <optimized out>
        ret = 0
        nsuccess = -66220
        p = <optimized out>
        i = <optimized out>
        ret = <optimized out>
        nsuccess = <optimized out>
        __func__ = "pfmlib_init_pmus"
#5  pfm_initialize () at pfmlib_common.c:1239
        ret = <optimized out>
        __func__ = <optimized out>
#6  0x00400588 in main ()


It seems that it is crashing because /proc/cpuinfo is empty, and thus
pfmlib_getl never allocates a buffer, and the trailing b[i] = '\0' thus
becomes bogus. The attached patch fixes this in my tests.

Samuel

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'stable-security'), (500, 'stable-debug'), (500, 
'oldstable-proposed-updates-debug'), (500, 'oldstable-proposed-updates'), (500, 
'oldoldstable-proposed-updates'), (500, 'oldoldstable'), (500, 
'buildd-unstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 
'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64

Kernel: Linux 6.4.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libpfm4 depends on:
ii  libc6  2.37-6

libpfm4 recommends no packages.

libpfm4 suggests no packages.

-- no debconf information

Cope with empty /proc/cpuinfo file

--- a/lib/pfmlib_common.c
+++ b/lib/pfmlib_common.c
@@ -791,7 +791,8 @@ pfmlib_getl(char **buffer, size_t *len,
                if (c == '\n')
                        break;
        }
-       b[i] = '\0';
+       if (c != EOF)
+               b[i] = '\0';
        return c != EOF ? 0 : -1;
 }
 
--- a/lib/pfmlib_arm.c
+++ b/lib/pfmlib_arm.c
@@ -97,6 +97,8 @@ pfmlib_getcpuinfo_attr(const char *attr,
                if (!strncmp(attr, buffer, attr_len))
                        break;
        }
+       if (!value)
+               goto error;
        strncpy(ret_buf, value, maxlen-1);
        ret_buf[maxlen-1] = '\0';
        ret = 0;

Bug#1043238: libpfm4: crashes on initialization on 32bit arm in autopkgtest CI

Reply via email to