SRU justification for Lucid: Impact:
The ECRYPTFS_NEW_FILE crypt_stat flag is set upon creation of a new eCryptfs file. When the flag is set, eCryptfs reads directly from the lower filesystem when bringing a page up to date. This means that no offset translation (for the eCryptfs file metadata in the lower file) and no decryption is performed. The flag is cleared just before the first write is completed (at the beginning of ecryptfs_write_begin()). It was discovered that if a new file was created and then extended with truncate, the ECRYPTFS_NEW_FILE flag was not cleared. If pages corresponding to this file are ever reclaimed, any subsequent reads would result in userspace seeing eCryptfs file metadata and encrypted file contents instead of the expected decrypted file contents. Data corruption is possible if the file is written to before the eCryptfs directory is unmounted. The data written will be copied into pages which have been read directly from the lower file rather than zeroed pages, as would be expected after extending the file with truncate. Fix: Clear the ECRYPTFS_NEW_FILE flags if set. Fix was originally from Tyler Hicks and needed a little massaging to apply for the current Lucid, see https://launchpadlibrarian.net/82254993/0001-eCryptfs-Clear-ECRYPTFS_NEW_FILE-flag-during-truncat.patch Testcase: foo && truncate -s 4096 foo && sync && echo 1 | sudo tee /proc/sys/vm/drop_caches && hexdump -C foo and hexdump should show a file filled with zeroes. Without the fix the file is full of garbage, whereas with the fix the file is full of zeros as expected. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/745836 Title: encrypted swap corrupts application stack/heap [was: soffice.bin SIGSEGV cppu::throwException()] Status in LibreOffice Productivity Suite: Won't Fix Status in “ecryptfs-utils” package in Ubuntu: Invalid Status in “libreoffice” package in Ubuntu: Invalid Status in “linux” package in Ubuntu: Fix Released Status in “openoffice.org” package in Ubuntu: Won't Fix Status in “ecryptfs-utils” source package in Maverick: Invalid Status in “libreoffice” source package in Maverick: Invalid Status in “linux” source package in Maverick: Confirmed Status in “openoffice.org” source package in Maverick: Won't Fix Status in “ecryptfs-utils” source package in Natty: Invalid Status in “libreoffice” source package in Natty: Invalid Status in “linux” source package in Natty: Fix Released Status in “openoffice.org” source package in Natty: Won't Fix Status in “ecryptfs-utils” source package in Oneiric: Invalid Status in “libreoffice” source package in Oneiric: Invalid Status in “linux” source package in Oneiric: Fix Released Status in “openoffice.org” source package in Oneiric: Won't Fix Bug description: Binary package hint: libreoffice 1) lsb_release -rd Description: Ubuntu 11.04 Release: 11.04 2) apt-cache policy libreoffice-calc libreoffice-calc: Installed: 1:3.3.3-1ubuntu2 Candidate: 1:3.3.3-1ubuntu2 Version table: *** 1:3.3.3-1ubuntu2 0 100 /var/lib/dpkg/status 1:3.3.2-1ubuntu5 0 500 http://us.archive.ubuntu.com/ubuntu/ natty-updates/main i386 Packages 1:3.3.2-1ubuntu4 0 500 http://us.archive.ubuntu.com/ubuntu/ natty/main i386 Packages apt-cache policy libreoffice-writer libreoffice-writer: Installed: 1:3.3.3-1ubuntu2 Candidate: 1:3.3.3-1ubuntu2 Version table: *** 1:3.3.3-1ubuntu2 0 100 /var/lib/dpkg/status 1:3.3.2-1ubuntu5 0 500 http://us.archive.ubuntu.com/ubuntu/ natty-updates/main i386 Packages 1:3.3.2-1ubuntu4 0 500 http://us.archive.ubuntu.com/ubuntu/ natty/main i386 Packages 3) What is expected to happen in a KDE Natty in a KDE session with the KDE integration active or GNOME is a Writer or Calc file untouched for a long period of time (ex. 1 hour+) is when one tries to edit it, the application does not crash. 4) What happens instead is it crashes. This is highly correlated to both EcryptfsInUse and resource constrained (Memory & CPU >> 50%) environments. Occurs with: + Intel drivers, Compiz not enabled, Writer open only bug 745836 + binary ATI drivers, Compiz enabled, Calc open only bug 799047 ProblemType: Crash DistroRelease: Ubuntu 11.04 Package: libreoffice-core 1:3.3.2-1ubuntu2 ProcVersionSignature: Ubuntu 2.6.38-7.39-generic 2.6.38 Uname: Linux 2.6.38-7-generic i686 Architecture: i386 Date: Wed Mar 30 12:34:39 2011 Disassembly: => 0x100000: Cannot access memory at address 0x100000 EcryptfsInUse: Yes ExecutablePath: /usr/lib/libreoffice/program/soffice.bin ProcCmdline: /usr/lib/libreoffice/program/soffice.bin -writer -splash-pipe=5 ProcEnviron: LANG=en_US.UTF-8 SHELL=/bin/bash SegvAnalysis: Segfault happened at: 0x100000: Cannot access memory at address 0x100000 PC (0x00100000) not located in a known VMA region (needed executable region)! SegvReason: executing unknown VMA Signal: 11SourcePackage: libreoffice StacktraceTop: ?? () cppu::throwException(com::sun::star::uno::Any const&) () from /usr/lib/libreoffice/program/../basis-link/program/../ure-link/lib/libuno_cppuhelpergcc3.so.3 ucbhelper::cancelCommandExecution(com::sun::star::ucb::IOErrorCode, com::sun::star::uno::Sequence<com::sun::star::uno::Any> const&, com::sun::star::uno::Reference<com::sun::star::ucb::XCommandEnvironment> const&, rtl::OUString const&, com::sun::star::uno::Reference<com::sun::star::ucb::XCommandProcessor> const&) () from /usr/lib/libreoffice/program/../basis-link/program/libucbhelper4gcc3.so ?? () from /usr/lib/libreoffice/program/../basis-link/program/libucpfile1.so ?? () from /usr/lib/libreoffice/program/../basis-link/program/libucpfile1.so Title: soffice.bin crashed with SIGSEGV in cppu::throwException()UpgradeStatus: Upgraded to natty on 2011-03-29 (0 days ago) UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare To manage notifications about this bug go to: https://bugs.launchpad.net/df-libreoffice/+bug/745836/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
