[Bug 1699161] Re: lshw crashes with SEGV in privileged containers

Mon, 23 Oct 2017 09:42:08 -0700 

** Description changed:

  [Impact]
  
   * lshw crashes with SEGV in privileged containers, unless you disable
  the 'usb' test: $ lshw -disable usb
  
  [Test Case]
  
  ## Create a privileged container. ##
  $ lxc launch ubuntu:16.04 priv -c security.privileged=true
  Creating priv
  Starting priv
  
  ## Execute lshw inside the privileged container. ##
  $ lxc exec priv bash
  root@priv:~#
  
  root@priv:~#lshw
  Segmentation fault
  
  [Regression Potential]
  
   * Risks of regression are low.
  
   * I have tested lshw inside containers (unprivileges/privileges) and
  baremetal with success connecting different types of usb device :
  webcam, usb keys, ... The usb output of lshw cmd is shown as expected,
  but this time without segfaulting when container in privilege mode.
  
   * Basically, the code look if both files doesn't exists
  
  #define PROCBUSUSBDEVICES "/proc/bus/usb/devices"
  #define SYSKERNELDEBUGUSBDEVICES "/sys/kernel/debug/usb/devices"
  ...
    if (!exists(SYSKERNELDEBUGUSBDEVICES) && !exists(PROCBUSUSBDEVICES))
  __return false;
  
  I kept the above in place.
  
  But what if only 1 of the 2 files exists ?
  
  For that reason I added an extra verification if
  SYSKERNELDEBUGUSBDEVICES exist -> fopen SYSKERNELDEBUGUSBDEVICES.
  
  and
  
  if fopen SYSKERNELDEBUGUSBDEVICES fails and PROCBUSUSBDEVICES exist then
  -> fopen "PROCBUSUSBDEVICES"
  
  The code first look for SYSKERNELDEBUGUSBDEVICES and if it fails it jump
  to PROCBUSUSBDEVICES.
  
  But if PROCBUSUSBDEVICES fails there was no mechanism to skip, thus
  segfault.
  
  I also added another if statement in case PROCBUSUSBDEVICES fails like
  in this situation (no such file or directory) in privileged container,
  same as if SYSKERNELDEBUGUSBDEVICES can't be opened to force to jump on
  trying PROCBUSUSBDEVICES.
  
  [Other Info]
  
-  * PR :
-    https://ezix.org/src/pkg/lshw/pulls/9
+  * PR :
+    https://ezix.org/src/pkg/lshw/pulls/9
  
   * Upstream Commit:
     
https://ezix.org/src/pkg/lshw/commit/7b99d35064230f908551ba65c29264d90f49f246
  
   * This bug doesn't affect Trusty in privileged container. (The code is
  a bit different in Trusty/lshw package. It basically doesn't rely on
  SYSKERNELDEBUGUSBDEVICES, meaning that it is only validating if
  PROCBUSUSBDEVICES exist or not and react accordingly).
  
   * Only affect Xenial and late.
  
   * The bug has been introduced upstream after this specific commit :
     
https://ezix.org/src/pkg/lshw/commit/9f05be36f7ce6117731e312053d1ec91348a3051
  
  * This particular bug isn't reproducible in Debian (tested with sid in
  privileged mode) container image because both files doesn't exist in
  their image, thus making the lshw stop here :
  
    if (!exists(SYSKERNELDEBUGUSBDEVICES) && !exists(PROCBUSUSBDEVICES))
    return false;
  
  With that being said, I filed a debian bug anyway mentioning that it would be 
great for them to merge the upstream PR since Ubuntu is merging/syncing from 
them, and it won't hurt debian lshw package, if they change or not their image 
behavior one day. Even if not necessary fixing an actual debian/lshw bug.
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878792
+ 
+ ** [10:45:45] 19<apw> slashd, artful is open for SRUs, when BB
+ opens it will start from whatever is in A **
  
  [Original Description]
  When running lshw in a Xenial container, I'm getting a segmentation fault. 
I'll attach the apport crash dump.
  
  ```
  stgraber@castiana:~$ lxc launch ubuntu:16.04 priv -c security.privileged=true
  Creating priv
  Starting priv
  
  stgraber@castiana:~$ lxc exec priv bash
  root@priv:~# lshw
  Segmentation fault
  root@priv:~#
  ```
  
  [strace of lshw]
  open("/usr/share/hwdata/usb.ids", O_RDONLY) = -1 ENOENT (No such file or 
directory)
  open("/etc/usb.ids", O_RDONLY)          = -1 ENOENT (No such file or 
directory)
  open("/usr/share/usb.ids", O_RDONLY)    = -1 ENOENT (No such file or 
directory)
  open("/usr/local/share/usb.ids", O_RDONLY) = -1 ENOENT (No such file or 
directory)
  open("/usr/share/lshw-common/usb.ids", O_RDONLY) = -1 ENOENT (No such file or 
directory)
  open("/usr/share/usb.ids", O_RDONLY)    = -1 ENOENT (No such file or 
directory)
  open("/sys/kernel/debug/usb/devices", O_RDONLY) = -1 EACCES (Permission 
denied)
  open("/proc/bus/usb/devices", O_RDONLY) = -1 ENOENT (No such file or 
directory)
  --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} ---
  +++ killed by SIGSEGV +++
  Segmentation fault

** Changed in: lshw (Ubuntu Artful)
       Status: Confirmed => In Progress

** Changed in: lshw (Ubuntu Artful)
     Assignee: Dan Streetman (ddstreet) => Eric Desrochers (slashd)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1699161

Title:
  lshw crashes with SEGV in privileged containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lshw/+bug/1699161/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to