control: tag -1 + patch
On 2025-08-24 14:09, Aurelien Jarno wrote:
> > root@myhost:~# journalctl | tail -n 2
> > Aug 20 11:07:16 myhost kernel: show_signal: 93 callbacks suppressed
> > Aug 20 11:07:16 myhost kernel: traps: samhain[953] general protection fault
> > ip:7f07e46f58e0 sp:7fff7cbbce00 error:0 in
> > libc.so.6[ed8e0,7f07e4630000+165000]
>
> It seems to be an issue with dnmalloc. Indeed building dnmalloc.c with
> -O0 or with gcc-10 (the version in bookworm was built with gcc-9), is
> enough to get it working.
I found the issue to be a pointer aliasing issue in the rEALLOc
function:
|
| /* allocate, copy, free */
| else {
|
| newmem = mALLOc(nb - MALLOC_ALIGN_MASK);
Here newmem is allocated.
| if (newmem == 0)
| return 0; /* propagate failure */
|
| newp = hashtable_lookup(newmem);
It's transformed into a chunk id.
| newsize = chunksize(newp);
|
|
| /* next = next_chunkinfo(oldp); *//* 'next' never used rw 19.05.2008 */
| /*
| Avoid copy if newp is next chunk after oldp.
| */
| if (UNLIKELY(is_next_chunk(oldp, newp))) {
| newsize += oldsize;
| set_head_size(oldp, newsize);
| hashtable_skiprm(oldp, newp);
| freecilst_add(newp);
| newp = oldp;
| }
| else {
| /*
| Unroll copy of <= 40 bytes (80 if 8byte sizes)
| We know that contents have an even number of
| INTERNAL_SIZE_T-sized words; minimally 4 (2 on amd64).
| */
|
| VALGRIND_MALLOCLIKE_BLOCK(chunk(oldp), chunksize(oldp), 0, 0);
|
| copysize = oldsize;
| s = (INTERNAL_SIZE_T*)(oldmem);
| d = (INTERNAL_SIZE_T*)(newmem);
d points to newmem
| ncopies = copysize / sizeof(INTERNAL_SIZE_T);
| assert(ncopies >= 2);
|
| if (ncopies > 10)
| MALLOC_COPY(d, s, copysize);
and is used to the copy. But it is never used latter, so GCC optimizes
that out.
|
| else {
| *(d+0) = *(s+0);
| *(d+1) = *(s+1);
| if (ncopies > 2) {
| *(d+2) = *(s+2);
| *(d+3) = *(s+3);
| if (ncopies > 4) {
| *(d+4) = *(s+4);
| *(d+5) = *(s+5);
| if (ncopies > 6) {
| *(d+6) = *(s+6);
| *(d+7) = *(s+7);
| if (ncopies > 8) {
| *(d+8) = *(s+8);
| *(d+9) = *(s+9);
| }
| }
| }
| }
| }
|
| fREe(oldmem);
| check_inuse_chunk(newp);
| guard_set(av->guard_stored, newp, bytes, nb);
| return chunk(newp);
Here newmem is accessed again though the chunk id, not directly.
| }
| }
| }
Therefore the following patch fixes the issue:
--- samhain-4.1.4.orig/src/dnmalloc.c
+++ samhain-4.1.4/src/dnmalloc.c
@@ -4872,7 +4872,7 @@ DL_STATIC Void_t* rEALLOc(oldmem, bytes)
fREe(oldmem);
check_inuse_chunk(newp);
guard_set(av->guard_stored, newp, bytes, nb);
- return chunk(newp);
+ return newmem;
}
}
}
That said, it seems the dnmalloc code is old, unmaintained and subject
to similar issues in other locations. Therefore I would suggest to just
disable dnmalloc for all architectures. This is what the attached patch
does.
Sven, as you did the latest uploads, would it be possible to schedule an
upload with a fix? Thanks in advance
Regards
Aurelien
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
[email protected] http://aurel32.net
--- samhain-4.1.4/debian/changelog
+++ samhain-4.1.4/debian/changelog
@@ -1,3 +1,10 @@
+samhain (4.1.4-7) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Disable dnmalloc on all architectures (Closes: #1111631).
+
+ -- Aurelien Jarno <[email protected]> Tue, 26 Aug 2025 22:13:01 +0000
+
samhain (4.1.4-6) unstable; urgency=medium
* Team upload.
--- samhain-4.1.4/debian/rules
+++ samhain-4.1.4/debian/rules
@@ -10,27 +10,9 @@
include /usr/share/dpkg/architecture.mk
-# Disable dnmalloc for most architectures except for
-# those known to work (i386 and amd64).
-# For more information see:
-# http://www.la-samhna.de/samhain/manual/dnmalloc.html
-ifeq (linux,$(DEB_HOST_ARCH_OS))
-ifeq (amd64,$(DEB_HOST_ARCH))
-DNMALLOC = --enable-dnmalloc
-else ifeq (i386,$(DEB_HOST_ARCH))
-DNMALLOC = --enable-dnmalloc
-else
+# Disable dnmalloc for all architectures at it is unmaintained and has issues
+# with GCC >= 11 (see #1111631)
DNMALLOC = --disable-dnmalloc
-endif
-else
-ifeq (amd64,$(DEB_HOST_ARCH))
-DNMALLOC = --enable-dnmalloc
-else ifeq (i386,$(DEB_HOST_ARCH))
-DNMALLOC = --enable-dnmalloc
-else
-DNMALLOC = --disable-dnmalloc
-endif
-endif
ifeq (x86_64,$(DEB_HOST_GNU_CPU))
DISABLE_ASM = --disable-asm
