[Bug 1699161] Re: lshw crashes with SEGV in unprivileged container

Stéphane Graber Sun, 25 Jun 2017 23:52:17 -0700

Unable to reproduce in a normal unprivileged container:
```
stgraber@castiana:~$ lxc launch ubuntu:16.04 unpriv
Creating unpriv
Starting unpriv
stgraber@castiana:~$ lxc exec unpriv bash
root@unpriv:~# ls -lh /sys/kernel/
total 0
drwxr-xr-x   2 nobody nogroup    0 Jun 26 06:32 boot_params
drwx------  38 nobody nogroup    0 Jun 24 14:56 debug
-r--r--r--   1 nobody nogroup 4.0K Jun 26 06:32 fscaps
drwxr-xr-x   2 nobody nogroup    0 Jun 26 06:32 iommu_groups
drwxr-xr-x  38 nobody nogroup    0 Jun 26 06:32 irq
-r--r--r--   1 nobody nogroup 4.0K Jun 26 06:32 kexec_crash_loaded
-rw-r--r--   1 nobody nogroup 4.0K Jun 26 06:32 kexec_crash_size
-r--r--r--   1 nobody nogroup 4.0K Jun 26 06:32 kexec_loaded
drwxr-xr-x   2 nobody nogroup    0 Jun 26 06:32 livepatch
drwxr-xr-x   6 nobody nogroup    0 Jun 26 06:32 mm
-r--r--r--   1 nobody nogroup  516 Jun 26 06:32 notes
-rw-r--r--   1 nobody nogroup 4.0K Jun 26 06:32 profiling
-rw-r--r--   1 nobody nogroup 4.0K Jun 26 06:32 rcu_expedited
-rw-r--r--   1 nobody nogroup 4.0K Jun 26 06:32 rcu_normal
drwxr-xr-x   4 nobody nogroup    0 Jun 24 14:55 security
drwxr-xr-x 140 nobody nogroup    0 Jun 26 06:32 slab
dr-xr-xr-x   2 nobody nogroup    0 Jun 26 06:33 tracing
-rw-r--r--   1 nobody nogroup 4.0K Jun 24 14:55 uevent_helper
-r--r--r--   1 nobody nogroup 4.0K Jun 26 06:32 uevent_seqnum
-r--r--r--   1 nobody nogroup 4.0K Jun 26 06:32 vmcoreinfo
root@unpriv:~# lshw >/dev/null
root@unpriv:~# echo $?    
0
root@unpriv:~# 
```


But I can reproduce it in a privileged container where lshw is seen
attempting to access /sys/kernel/debug/usb/devices and
/proc/bus/usb/devices. The former is denied as all debugfs access should
be in privileged containers, the latter doesn't exist.

So this is a lshw bug. It shouldn't just crash when the kernel denies it
access to a path. I'd instead expect it to skip the particular
subsystem.

** Package changed: lxd (Ubuntu) => lshw (Ubuntu)

** Summary changed:

- lshw crashes with SEGV in unprivileged container
+ lshw crashes with SEGV in privileged containers

** Description changed:

  When running lshw in a Xenial container, I'm getting a segmentation
  fault. I'll attach the apport crash dump.
+ 
+ ```
+ stgraber@castiana:~$ lxc launch ubuntu:16.04 priv -c security.privileged=true
+ Creating priv
+ Starting priv
+ 
+ stgraber@castiana:~$ lxc exec priv bash
+ root@priv:~# lshw
+ Segmentation fault        
+ root@priv:~# 
+ 
+ [strace of lshw]
+ open("/usr/share/hwdata/usb.ids", O_RDONLY) = -1 ENOENT (No such file or 
directory)
+ open("/etc/usb.ids", O_RDONLY)          = -1 ENOENT (No such file or 
directory)
+ open("/usr/share/usb.ids", O_RDONLY)    = -1 ENOENT (No such file or 
directory)
+ open("/usr/local/share/usb.ids", O_RDONLY) = -1 ENOENT (No such file or 
directory)
+ open("/usr/share/lshw-common/usb.ids", O_RDONLY) = -1 ENOENT (No such file or 
directory)
+ open("/usr/share/usb.ids", O_RDONLY)    = -1 ENOENT (No such file or 
directory)
+ open("/sys/kernel/debug/usb/devices", O_RDONLY) = -1 EACCES (Permission 
denied)
+ open("/proc/bus/usb/devices", O_RDONLY) = -1 ENOENT (No such file or 
directory)
+ --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} ---
+ +++ killed by SIGSEGV +++
+ Segmentation fault

** Description changed:

  When running lshw in a Xenial container, I'm getting a segmentation
  fault. I'll attach the apport crash dump.
  
  ```
  stgraber@castiana:~$ lxc launch ubuntu:16.04 priv -c security.privileged=true
  Creating priv
  Starting priv
  
  stgraber@castiana:~$ lxc exec priv bash
  root@priv:~# lshw
- Segmentation fault        
- root@priv:~# 
+ Segmentation fault
+ root@priv:~#
+ ```
  
  [strace of lshw]
  open("/usr/share/hwdata/usb.ids", O_RDONLY) = -1 ENOENT (No such file or 
directory)
  open("/etc/usb.ids", O_RDONLY)          = -1 ENOENT (No such file or 
directory)
  open("/usr/share/usb.ids", O_RDONLY)    = -1 ENOENT (No such file or 
directory)
  open("/usr/local/share/usb.ids", O_RDONLY) = -1 ENOENT (No such file or 
directory)
  open("/usr/share/lshw-common/usb.ids", O_RDONLY) = -1 ENOENT (No such file or 
directory)
  open("/usr/share/usb.ids", O_RDONLY)    = -1 ENOENT (No such file or 
directory)
  open("/sys/kernel/debug/usb/devices", O_RDONLY) = -1 EACCES (Permission 
denied)
  open("/proc/bus/usb/devices", O_RDONLY) = -1 ENOENT (No such file or 
directory)
  --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} ---
  +++ killed by SIGSEGV +++
  Segmentation fault

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1699161

Title:
  lshw crashes with SEGV in privileged containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lshw/+bug/1699161/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1699161] Re: lshw crashes with SEGV in unprivileged container

Reply via email to