[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#865549: linux-image-3.16.0-4-powerpc64le: stackguard fix incorrect; probably causes cargo to segfault on ppc64el

Control: forcemerge -1 865416

It's fixed by the kernel you linked:

$ uname -a
Linux page 3.16.0-4-powerpc64le #1 SMP Debian 3.16.43-2+deb8u2 (2017-06-21) ppc64le GNU/Linux
$ for i in {1..10}; do cargo/bin/cargo -V; done
cargo 0.19.0 (28d1d60d4 2017-05-16)
cargo 0.19.0 (28d1d60d4 2017-05-16)
cargo 0.19.0 (28d1d60d4 2017-05-16)
cargo 0.19.0 (28d1d60d4 2017-05-16)
cargo 0.19.0 (28d1d60d4 2017-05-16)
cargo 0.19.0 (28d1d60d4 2017-05-16)
cargo 0.19.0 (28d1d60d4 2017-05-16)
cargo 0.19.0 (28d1d60d4 2017-05-16)
cargo 0.19.0 (28d1d60d4 2017-05-16)
cargo 0.19.0 (28d1d60d4 2017-05-16)

Thanks!

Ximin Luo:
> jrtc27 graciously lent me access to a VM so I'm building it now and will test it some time tomorrow.
> 
> X
> 
> Ximin Luo:
>> Hi, unfortunately I don't have root access to any ppc64el machines to be able to install a new kernel, I only have access to plummer.debian.org. (Also you didn't build them for ppc64el yet.)
>>
>> There are some things different about what we're seeing in cargo, vs the provided C code that segfaults. However the timing is too coincidental so I'm still inclined to think it's caused by this bug. But unfortunately I don't know how I can test this myself.
>>
>> Could you release this to stable so that I can ask the buildd people to install this on plummer, so I can test it?
>>
>> Or, if anyone else is able to test it, you can download and extract this: https://static.rust-lang.org/dist/rust-1.18.0-powerpc64le-unknown-linux-gnu.tar.gz then run `for i in {1..10}; do rust-1.18.0-powerpc64le-unknown-linux-gnu/cargo/bin/cargo -V; done` and see if it segfaults.
>>
>> X
>>
>> Ben Hutchings:
>>> Control: tag -1 moreinfo
>>>
>>> On Thu, 22 Jun 2017 19:02:26 +0200 Ximin Luo <infinity0@debian.org>
>>> wrote:
>>>> Package: linux-image-3.16.0-4-powerpc64le
>>>> Version: 3.16.43-2+deb8u1
>>>> Severity: critical
>>>> Justification: breaks unrelated software
>>>>  
>>>> Dear Maintainer,
>>>>  
>>>> I have been getting segfaults trying to build cargo on ppc64el
>>>>  
>>>> https://github.com/rust-lang/cargo/issues/4197
>>>>  
>>>> The signs point to the recent stack guard fix as being the culprit, I can
>>>> confirm that the test program given here:
>>>>  
>>>> http://www.openwall.com/lists/oss-security/2017/06/22/6
>>>>  
>>>> indicates the presence of the bug on plummer.debian.org. I'm not very familiar
>>>> with kernel development so I don't know where the proper fix is, but subsequent
>>>> discussion on that thread suggests that mainline has the "correct fix" whereas
>>>> some distros applied an incorrect one.
>>>
>>> Can you please test with this candidate fix?
>>> https://people.debian.org/~benh/packages/CVE-2017-1000364/
>>>
>>> Ben.
>>>
>>
>>
> 
> 


-- 
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
https://github.com/infinity0/pubkeys.git
Reply to: