Bug#865343: linux-image-4.9.0-3-amd64: On latest kernel java exits with SIGSEGV

2017-06-20 Thread Rene Engelhard 
Hi,

On Wed, Jun 21, 2017 at 12:34:28AM +0100, Ben Hutchings wrote:
> > LibreOffice isn't and is also affected (#865303)
> 
> Does LibreOffice run Java code in its main thread?  I think that might
> be a common factor that makes a difference.  It *appears* that the
> 'java' command doesn't run Java code in the main thread, but JNI users
> may do.  And new threads are created through glibc aren't affected by
> this kernel change.

Assume so, yes. It doesn't run "java" either but directly jumps into the
JVM via its libs (ttbomk)

Regards,

Rene

Bug#865343: linux-image-4.9.0-3-amd64: On latest kernel java exits with SIGSEGV

2017-06-20 Thread Ben Hutchings 
On Tue, 20 Jun 2017 23:45:03 +0200 Rene Engelhard 
wrote:
> Hi,
> 
> On Tue, Jun 20, 2017 at 09:52:05PM +0100, Ben Hutchings wrote:
> > On Tue, 2017-06-20 at 21:47 +0100, Ben Hutchings wrote:
> > > Control: tag -1 - moreinfo
> > > Control: notfound -1 4.9.30-2
> > > Control: found -1 4.9.30-2+deb9u1
> > > Control: found -1 3.16.43-2+deb8u1
> > > 
> > > Thanks for the extra information.
> > 
> > One more question: are these applications started using jsvc?
> 
> LibreOffice isn't and is also affected (#865303)

Does LibreOffice run Java code in its main thread?  I think that might
be a common factor that makes a difference.  It *appears* that the
'java' command doesn't run Java code in the main thread, but JNI users
may do.  And new threads are created through glibc aren't affected by
this kernel change.

Ben.
 
-- 
Ben Hutchings
The most exhausting thing in life is being insincere. - Anne Morrow
Lindberg



signature.asc
Description: This is a digitally signed message part

Bug#865343: linux-image-4.9.0-3-amd64: On latest kernel java exits with SIGSEGV

2017-06-20 Thread Sasa Skevin 
On Tue, 20 Jun 2017, 22:52 Ben Hutchings,  wrote:

> On Tue, 2017-06-20 at 21:47 +0100, Ben Hutchings wrote:
> > Control: tag -1 - moreinfo
> > Control: notfound -1 4.9.30-2
> > Control: found -1 4.9.30-2+deb9u1
> > Control: found -1 3.16.43-2+deb8u1
> >
> > Thanks for the extra information.
>
> One more question: are these applications started using jsvc?
>

Yes. Initially it was version 1.0.12 but later upgraded to latest 1.0.15
but still issue happened.

Sasa

Bug#865343: linux-image-4.9.0-3-amd64: On latest kernel java exits with SIGSEGV

2017-06-20 Thread Rene Engelhard 
Hi,

On Tue, Jun 20, 2017 at 09:52:05PM +0100, Ben Hutchings wrote:
> On Tue, 2017-06-20 at 21:47 +0100, Ben Hutchings wrote:
> > Control: tag -1 - moreinfo
> > Control: notfound -1 4.9.30-2
> > Control: found -1 4.9.30-2+deb9u1
> > Control: found -1 3.16.43-2+deb8u1
> > 
> > Thanks for the extra information.
> 
> One more question: are these applications started using jsvc?

LibreOffice isn't and is also affected (#865303)

Regards,

Rene

Bug#865343: linux-image-4.9.0-3-amd64: On latest kernel java exits with SIGSEGV

2017-06-20 Thread Ben Hutchings 
On Tue, 2017-06-20 at 21:47 +0100, Ben Hutchings wrote:
> Control: tag -1 - moreinfo
> Control: notfound -1 4.9.30-2
> Control: found -1 4.9.30-2+deb9u1
> Control: found -1 3.16.43-2+deb8u1
> 
> Thanks for the extra information.

One more question: are these applications started using jsvc?

Ben.

-- 
Ben Hutchings
Klipstein's 4th Law of Prototyping and Production:
   A fail-safe circuit will destroy others.



signature.asc
Description: This is a digitally signed message part

Bug#865343: linux-image-4.9.0-3-amd64: On latest kernel java exits with SIGSEGV

2017-06-20 Thread Ben Hutchings 
Control: tag -1 - moreinfo
Control: notfound -1 4.9.30-2
Control: found -1 4.9.30-2+deb9u1
Control: found -1 3.16.43-2+deb8u1

Thanks for the extra information.

Ben.

-- 
Ben Hutchings
Klipstein's 4th Law of Prototyping and Production:
   A fail-safe circuit will destroy others.



signature.asc
Description: This is a digitally signed message part

Bug#865343: linux-image-4.9.0-3-amd64: On latest kernel java exits with SIGSEGV

2017-06-20 Thread Sasa Skevin 
On Tue, Jun 20, 2017 at 9:01 PM Ben Hutchings  wrote:

> >
> > I'm administering several Debian servers of which some are Jessie and
> > some are Stretch. On both of them after upgrading to latest kernel that
> > was released yesterday (4.9 on Stretch and 3.16 on Jessie), Java web
> > applications do not work any more. They stop with SIGSEGV in the Java
> > startup process.
>
> So I think you meant to report this against versions 3.16.43-2+deb8u1
> and 4.9.30-2+deb9u1, not 4.9.30-2.  Is that right?
>

Correct.


> > Have tried more different Java web applications and while booting all of
> > them break with SIGSEGV while Java internaly loads rt.jar.
> >
> > Have tried with Oracle Java 1.8.0_130, Oracje Java 1.8.0_131 and latest
> > OpenJDK 8 and the same error happens.
> >
> > Even the servers on which this is tried are from different hosting
> > companies.
> [...]
>
> Does this go away if you add the kernel parameter "stack_guard_gap=1"?
> (That should effectively revert the fix for CVE-2017-1000364.)
>

Yes, it goes away with this kernel parameter.


> Has the stack limit for these applications been changed from the
> default (e.g. "ulimit -s unlimited" in a startup script)?
>

No, they are on default values.

Sasa

Bug#865343: linux-image-4.9.0-3-amd64: On latest kernel java exits with SIGSEGV

2017-06-20 Thread Ben Hutchings 
Control: tag -1 moreinfo

On Tue, 2017-06-20 at 17:37 +0200, Sasa Skevin wrote:
> Package: src:linux
> Version: 4.9.30-2
> Severity: important
> 
> Dear Maintainer,
> 
> I'm administering several Debian servers of which some are Jessie and
> some are Stretch. On both of them after upgrading to latest kernel that
> was released yesterday (4.9 on Stretch and 3.16 on Jessie), Java web
> applications do not work any more. They stop with SIGSEGV in the Java
> startup process.

So I think you meant to report this against versions 3.16.43-2+deb8u1
and 4.9.30-2+deb9u1, not 4.9.30-2.  Is that right?

> Have tried more different Java web applications and while booting all of
> them break with SIGSEGV while Java internaly loads rt.jar.
> 
> Have tried with Oracle Java 1.8.0_130, Oracje Java 1.8.0_131 and latest
> OpenJDK 8 and the same error happens.
> 
> Even the servers on which this is tried are from different hosting
> companies.
[...]

Does this go away if you add the kernel parameter "stack_guard_gap=1"?
(That should effectively revert the fix for CVE-2017-1000364.)

Has the stack limit for these applications been changed from the
default (e.g. "ulimit -s unlimited" in a startup script)?

Ben.

-- 
Ben Hutchings
Klipstein's 4th Law of Prototyping and Production:
A fail-safe circuit will destroy
others.


signature.asc
Description: This is a digitally signed message part

Bug#865343: linux-image-4.9.0-3-amd64: On latest kernel java exits with SIGSEGV

2017-06-20 Thread Sasa Skevin 
Package: src:linux
Version: 4.9.30-2
Severity: important

Dear Maintainer,

I'm administering several Debian servers of which some are Jessie and
some are Stretch. On both of them after upgrading to latest kernel that
was released yesterday (4.9 on Stretch and 3.16 on Jessie), Java web
applications do not work any more. They stop with SIGSEGV in the Java
startup process.

Have tried more different Java web applications and while booting all of
them break with SIGSEGV while Java internaly loads rt.jar.

Have tried with Oracle Java 1.8.0_130, Oracje Java 1.8.0_131 and latest
OpenJDK 8 and the same error happens.

Even the servers on which this is tried are from different hosting
companies.


-- Package-specific info:
** Version:
Linux version 4.9.0-3-amd64 (debian-ker...@lists.debian.org) (gcc version 6.3.0 
20170516 (Debian 6.3.0-18) ) #1 SMP Debian 4.9.30-2 (2017-06-12)

** Command line:
BOOT_IMAGE=/boot/vmlinuz-4.9.0-3-amd64 
root=UUID=ddab18d5-7316-4587-aed9-0d7a41b523c0 ro console=tty0 
console=ttyS0,115200

** Not tainted

** Kernel log:
[1.053416] ACPI: bus type USB registered
[1.054238] usbcore: registered new interface driver usbfs
[1.055229] usbcore: registered new interface driver hub
[1.056735] ACPI: PCI Interrupt Link [LNKC] enabled at IRQ 10
[1.056917] usbcore: registered new device driver usb
[1.059050] virtio-pci :00:03.0: virtio_pci: leaving for legacy driver
[1.060611] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[1.062255] virtio-pci :00:04.0: virtio_pci: leaving for legacy driver
[1.065479] libata version 3.00 loaded.
[1.065487] ACPI: PCI Interrupt Link [LNKA] enabled at IRQ 10
[1.066823] virtio-pci :00:05.0: virtio_pci: leaving for legacy driver
[1.070356] input: VirtualPS/2 VMware VMMouse as 
/devices/platform/i8042/serio1/input/input3
[1.073013] ACPI: PCI Interrupt Link [LNKB] enabled at IRQ 11
[1.074177] input: VirtualPS/2 VMware VMMouse as 
/devices/platform/i8042/serio1/input/input2
[1.074189] virtio-pci :00:06.0: virtio_pci: leaving for legacy driver
[1.077124] ata_piix :00:01.1: version 2.13
[1.081607] uhci_hcd: USB Universal Host Controller Interface driver
[1.083572] AVX version of gcm_enc/dec engaged.
[1.084441] AES CTR mode by8 optimization enabled
[1.085985] scsi host0: ata_piix
[1.087256] scsi host1: ata_piix
[1.088037] ata1: PATA max MWDMA2 cmd 0x1f0 ctl 0x3f6 bmdma 0xc000 irq 14
[1.089241] ata2: PATA max MWDMA2 cmd 0x170 ctl 0x376 bmdma 0xc008 irq 15
[1.092208] uhci_hcd :00:01.2: UHCI Host Controller
[1.093167] uhci_hcd :00:01.2: new USB bus registered, assigned bus 
number 1
[1.094600] uhci_hcd :00:01.2: detected 2 ports
[1.096131] uhci_hcd :00:01.2: irq 11, io base 0xc020
[1.097416] usb usb1: New USB device found, idVendor=1d6b, idProduct=0001
[1.098666] usb usb1: New USB device strings: Mfr=3, Product=2, 
SerialNumber=1
[1.100166] usb usb1: Product: UHCI Host Controller
[1.101121] usb usb1: Manufacturer: Linux 4.9.0-3-amd64 uhci_hcd
[1.102317] usb usb1: SerialNumber: :00:01.2
[1.103481] hub 1-0:1.0: USB hub found
[1.104550] hub 1-0:1.0: 2 ports detected
[1.117111]  vda: vda1
[1.123851] FDC 0 is a S82078B
[1.124191]  vdb: vdb1
[1.263787] ata2.01: NODEV after polling detection
[1.264085] ata2.00: ATAPI: QEMU DVD-ROM, 0.12.1, max UDMA/100
[1.265613] ata2.00: configured for MWDMA2
[1.267078] scsi 1:0:0:0: CD-ROMQEMU QEMU DVD-ROM 2.5+ 
PQ: 0 ANSI: 5
[1.295953] sr 1:0:0:0: [sr0] scsi3-mmc drive: 4x/4x cd/rw xa/form2 tray
[1.297218] cdrom: Uniform CD-ROM driver Revision: 3.20
[1.298475] sr 1:0:0:0: Attached scsi CD-ROM sr0
[1.435402] usb 1-1: new full-speed USB device number 2 using uhci_hcd
[1.476157] random: fast init done
[1.477288] PM: Starting manual resume from disk
[1.478190] PM: Hibernation image partition 254:17 present
[1.478191] PM: Looking for hibernation image.
[1.479256] PM: Image not found (code -22)
[1.479257] PM: Hibernation image not present or could not be loaded.
[1.608778] usb 1-1: New USB device found, idVendor=0627, idProduct=0001
[1.609969] usb 1-1: New USB device strings: Mfr=1, Product=3, SerialNumber=5
[1.611196] usb 1-1: Product: QEMU USB Tablet
[1.612025] usb 1-1: Manufacturer: QEMU
[1.612844] usb 1-1: SerialNumber: 42
[1.618124] hidraw: raw HID events driver (C) Jiri Kosina
[1.623191] usbcore: registered new interface driver usbhid
[1.624214] usbhid: USB HID core driver
[1.626175] input: QEMU QEMU USB Tablet as 
/devices/pci:00/:00:01.2/usb1/1-1/1-1:1.0/0003:0627:0001.0001/input/input4
[1.628688] hid-generic 0003:0627:0001.0001: input,hidraw0: USB HID v0.01 
Pointer [QEMU QEMU USB Tablet] on usb-:00:01.2-1/input0
[1.767175] EXT4-fs (vda1): mounting ext3 file system using the ext4 
subsystem
[1.907432] tsc: