[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#903554: marked as done (libc6: segfault in ld-2.24.so when running 'xl' from Xen, only on Skylake CPUs (upstream bug BZ#22636))

Your message dated Sat, 09 Feb 2019 21:47:22 +0000
with message-id <E1gsaT4-0003FW-0W@fasolo.debian.org>
and subject line Bug#903554: fixed in glibc 2.24-11+deb9u4
has caused the Debian Bug report #903554,
regarding libc6: segfault in ld-2.24.so when running 'xl' from Xen, only on Skylake CPUs (upstream bug BZ#22636)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
903554: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903554
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: libc6
Version: 2.24-11+deb9u3
Severity: normal

Dear Maintainer,

When I use 'xl create' or 'xl destroy' to manage Xen domUs, xl segfaults
with:

(gdb) run create /etc/xen/domU.cfg
Starting program: /usr/lib/xen-4.8/bin/xl create /etc/xen/domU.cfg
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Parsing config from /etc/xen/domU.cfg
[New Thread 0x7ffff7ff4700 (LWP 3311)]

Thread 2 "xl" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff7ff4700 (LWP 3311)]
0x00007ffff7de2ff5 in _dl_lookup_symbol_x (undef_name=0x7ffff5478c63 "_Unwind_Find_FDE", undef_map=0x555555788310, 
    ref=ref@entry=0x7ffff7ff2128, symbol_scope=0x555555788668, version=0x555555788a50, type_class=type_class@entry=1, flags=5, 
    skip_map=0x0) at dl-lookup.c:833

Despite the segfault, it seems that the domU is running fine, which
might explain why this wasn't reported yet AFAIK.

In the exact same software environment, I cannot reproduce this on
pre-Skylake CPUs.

I could confirm that:
- upgrading glibc to 2.26-5 fixes the problem.
- 2.26-4 is still affected.

I looked at the changes between 2.26-4 and 2.26-5.

My initial guess was that this was BZ#22715 due to the link with
AVX-512. But backporting the fix (which is already in
release/2.24/master but not in the stretch package) did not solve the
issue.

However, backporting the fix for BZ#22636 fixed the issue (specifically
I backported
771c846a71d9ee14aa3b91fd184026482da585d9..abf2e34ee6a9cf1b7e5afddd13971754e5c5fa82
, from the release/2.25/master branch).


Could you please backport this fix to the stretch package?

Thanks!

Lucas




-- System Information:
Debian Release: 9.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-6-amd64 (SMP w/64 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libc6 depends on:
ii  libgcc1  1:6.3.0-18+deb9u1

libc6 recommends no packages.

Versions of packages libc6 suggests:
ii  debconf [debconf-2.0]  1.5.61
pn  glibc-doc              <none>
ii  libc-l10n              2.24-11+deb9u3
ii  locales                2.24-11+deb9u3

-- debconf information:
  glibc/disable-screensaver:
  glibc/upgrade: true
  glibc/restart-failed:
  glibc/restart-services:
  glibc/kernel-not-supported:
  glibc/kernel-too-old:
  libraries/restart-without-asking: false

--- End Message ---
--- Begin Message --- 
Source: glibc
Source-Version: 2.24-11+deb9u4

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 903554@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 06 Feb 2019 22:17:41 +0100
Source: glibc
Binary: libc-bin libc-dev-bin libc-l10n glibc-doc glibc-source locales locales-all nscd multiarch-support libc6 libc6-dev libc6-dbg libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc libc6-dev-sparc libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mips32 libc6-dev-mips32 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-x32 libc6-dev-x32 libc6-xen libc0.3-xen libc6.1-alphaev67 libc0.1-i686 libc0.3-i686 libc6-i686
Architecture: source
Version: 2.24-11+deb9u4
Distribution: stretch
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description:
 glibc-doc  - GNU C Library: Documentation
 glibc-source - GNU C Library: sources
 libc-bin   - GNU C Library: Binaries
 libc-dev-bin - GNU C Library: Development binaries
 libc-l10n  - GNU C Library: localization files
 libc0.1    - GNU C Library: Shared libraries
 libc0.1-dbg - GNU C Library: detached debugging symbols
 libc0.1-dev - GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64
 libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - transitional dummy package
 libc0.1-pic - GNU C Library: PIC archive library
 libc0.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - GNU C Library: Shared libraries
 libc0.3-dbg - GNU C Library: detached debugging symbols
 libc0.3-dev - GNU C Library: Development Libraries and Header Files
 libc0.3-i686 - transitional dummy package
 libc0.3-pic - GNU C Library: PIC archive library
 libc0.3-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc0.3-xen - GNU C Library: Shared libraries [Xen version]
 libc6      - GNU C Library: Shared libraries
 libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - GNU C Library: detached debugging symbols
 libc6-dev  - GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips32 - GNU C Library: o32 Development Libraries for MIPS
 libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64
 libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64
 libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for ppc64
 libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64
 libc6-dev-s390 - GNU C Library: 32bit Development Libraries for IBM zSeries
 libc6-dev-sparc - GNU C Library: 32bit Development Libraries for SPARC
 libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC
 libc6-dev-x32 - GNU C Library: X32 ABI Development Libraries for AMD64
 libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - transitional dummy package
 libc6-mips32 - GNU C Library: o32 Shared libraries for MIPS
 libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - GNU C Library: PIC archive library
 libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64
 libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-s390 - GNU C Library: 32bit Shared libraries for IBM zSeries
 libc6-sparc - GNU C Library: 32bit Shared libraries for SPARC
 libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc6-x32  - GNU C Library: X32 ABI Shared libraries for AMD64
 libc6-xen  - GNU C Library: Shared libraries [Xen version]
 libc6.1    - GNU C Library: Shared libraries
 libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - GNU C Library: detached debugging symbols
 libc6.1-dev - GNU C Library: Development Libraries and Header Files
 libc6.1-pic - GNU C Library: PIC archive library
 libc6.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
 locales    - GNU C Library: National Language (locale) data [support]
 locales-all - GNU C Library: Precompiled locale data
 multiarch-support - Transitional package to ensure multiarch compatibility
 nscd       - GNU C Library: Name Service Cache Daemon
Closes: 710275 879500 879501 879955 884132 884133 884615 899070 899071 903554 904158 916925
Changes:
 glibc (2.24-11+deb9u4) stretch; urgency=medium
 .
   [ Aurelien Jarno ]
   * debian/patches/git-updates.diff: update from upstream stable branch:
     - Fix buffer overflow in glob with GLOB_TILDE (CVE-2017-15670).  Closes:
       #879501.
     - Fix memory leak in glob with GLOB_TILDE (CVE-2017-15671).  Closes:
       #879500.
     - Fix a buffer overflow in glob with GLOB_TILDE in unescaping
       (CVE-2017-15804).  Closes: #879955.
     - Fix a memory leak in ld.so (CVE-2017-1000408).  Closes: #884132.
     - Fix a buffer overflow in ld.so (CVE-2017-1000409).  Closes: #884133.
     - Fixes incorrect RPATH/RUNPATH handling for SUID binaries
       (CVE-2017-16997).  Closes: #884615.
     - Fix a data corruption in SSE2-optimized memmove implementation for
       i386 (CVE-2017-18269).
     - Fix a stack-based buffer overflow in the realpath function
       (CVE-2018-11236).  Closes: #899071.
     - Fix a buffer overflow in the AVX-512-optimized implementation of the
       mempcpy function (CVE-2018-11237).  Closes: #899070.
     - Fix stack guard size accounting and reduce stack usage during
       unwinding to avoid segmentation faults on CPUs with AVX512-F.  Closes:
       #903554.
     - Fix a use after free in pthread_create().  Closes: #916925.
   * debian/debhelper.in/libc.postinst, script.in/nsscheck.sh: check for
     postgresql in NSS check.  Closes: #710275.
 .
   [ Sebastian Andrzej Siewior ]
   * patches/any/local-condvar-do-not-use-requeue-for-pshared-condvars.patch:
     patch to fix pthread_cond_wait() in the pshared case on non-x86.  Closes:
     #904158.
Checksums-Sha1:
 b39f25d60b68fd05c29621fe6b17121a07f6ac68 8386 glibc_2.24-11+deb9u4.dsc
 337cc7011764cdb0d7b1d8ba58cb677c42103b43 1060620 glibc_2.24-11+deb9u4.debian.tar.xz
 ed61a67e2b4a34fc9daf0b85f4c8d76f77d0f707 7668 glibc_2.24-11+deb9u4_source.buildinfo
Checksums-Sha256:
 0cfc10b8f713f41c087476a0a9f6687b4ccb22c5652502bfe8e5c0798f8b097f 8386 glibc_2.24-11+deb9u4.dsc
 bcf78fb5157cd84d26cdc4b3366b1d5e92fc13609a465ac63ff322a5adac3cbc 1060620 glibc_2.24-11+deb9u4.debian.tar.xz
 4d777a745a7c3a801203406c05f47fbf8de1b600c20caab4df0db1df2b89cce5 7668 glibc_2.24-11+deb9u4_source.buildinfo
Files:
 8aaa2c3a9525a21cbc347dafd83d30c9 8386 libs required glibc_2.24-11+deb9u4.dsc
 de1d8451f6c1306477ab263f30a657c5 1060620 libs required glibc_2.24-11+deb9u4.debian.tar.xz
 f17967e72c65ce195f6d49c720173ecf 7668 libs required glibc_2.24-11+deb9u4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAlxbT9oACgkQE4jA+Jno
M2swiA/9EIursIuqJK5Y3+lH8oMtziso1YilP34RICGUbqh3eywI+//3vskBDAHW
bseZCvRGLV5EqaaW1djIL0iKu5Yz3kgnpdw6oP5Mc6cPL//6HrXm0+uDKp2CXviy
YNXt/3/mdDPtzO9COJOK0G2G09uSs481iRqW71489JblD3edthwNyABzi0Tk81xh
lksvlr9Cwf5Ppf+wBu78FEyDJHrOCsrWMz7AppuzESc8fz1aBMA8cH8JusFLwQpv
LQVymnUb92e1SQq4qdxcEppeFtSiCUxv7EV7ML7zKg7VHYMxFqlzj8gRodjTr3dY
WX57dpJPfzmq7FWz4kA3M3e3csS9wpv1+343CMnlz/x2bxBtVnysmZdobxQzPyJa
6bZgRw1Gg4PaZibUi51ksYXqNawujA+Pz05IyydYtQFDBCg3vOuQW6j3gqti/R2f
xtKCtNA6WDN5qixtWPuusq+Z/HtfdO71DfNz6q+AlPXAzV2v4f6J19YZ4mVXuovu
i07CzLQrNoWpWi0XngZmGm5eAHr234Dbqu6CrR/20NWh13sIhxO7j3haH3ymreu/
GlNpmdXue4kohe+jVFUqQ7FIJh40hD9bRWoyB4xd91VZNxJ/6M2HH+lzxQA4+t7v
TpFE2QO+na3UcxUXxjVPUbLJ6qEQaYqglD1KMXG0yywSdK96PNw=
=W9pv
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: