Bug#881520: marked as done (apt: do not attempt seccomp in qemu-user)

To: Julian Andres Klode <jak@debian.org>
Subject: Bug#881520: marked as done (apt: do not attempt seccomp in qemu-user)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 12 Nov 2017 19:39:10 +0000
Message-id: <[🔎] handler.881520.D881519.151051527420810.ackdone@bugs.debian.org>
Reply-to: 881520@bugs.debian.org
References: <E1eDy1Y-000BVb-G1@fasolo.debian.org> <[🔎] 8ff44152-4ba2-8836-a957-d1a7bd5f26d6@debian.org>

Your message dated Sun, 12 Nov 2017 19:34:32 +0000
with message-id <E1eDy1Y-000BVb-G1@fasolo.debian.org>
and subject line Bug#881519: fixed in apt 1.6~alpha5
has caused the Debian Bug report #881519,
regarding apt: do not attempt seccomp in qemu-user
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
881519: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881519
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: apt: apt update hangs under qemu-user when host and target architecture are 64-bit
From: James Cowgill <jcowgill@debian.org>
Date: Thu, 2 Nov 2017 14:49:07 +0000
Message-id: <[🔎] 8ff44152-4ba2-8836-a957-d1a7bd5f26d6@debian.org>

Package: apt
Version: 1.6~alpha3
Severity: important

Hi,

I noticed that with apt 1.6, running apt-get update hangs in a mips64el
chroot running on an amd64 host using qemu-user-static. I can also
reproduce this with an arm64 target so I suspect this affects all 64-bit
architectures running on amd64.

It outputs this before hanging (on mips64el):
> # apt-get update
> 0% [Working]qemu: Unsupported syscall: 5312
> 0% [Working]

Syscall 5312 is "seccomp".

If I run qemu-user with the -strace option, I see that the http method
calls the seccomp syscall which fails with ENOSYS (since it's not
supported in qemu). Then, libseccomp calls the old prctl(PR_SET_SECCOMP)
syscall which succeeds. I think in this case a valid seccomp filter is
installed, but for the wrong architecture. This results in the calling
thread being immediately killed when a syscall is later executed.

The apt changelog mentions checking for EFAULT in case apt is started
inside QEMU. I think this only works by chance on 32-bit targets because
they would pass a truncated pointer to the real prctl which the kernel
would usually reject as an invalid address.

I think the hanging is caused by the http method having two threads.
When an invalid syscall is executed under seccomp, only the calling
thread is killed. Since the http method is running two threads, the
other is left running and hangs. In turn this causes the parent apt
process to wait for the http method to exit which will never happen.

Thanks,
James

Attachment: signature.asc
Description: OpenPGP digital signature

--- End Message ---

--- Begin Message ---

To: 881519-close@bugs.debian.org
Subject: Bug#881519: fixed in apt 1.6~alpha5
From: Julian Andres Klode <jak@debian.org>
Date: Sun, 12 Nov 2017 19:34:32 +0000
Message-id: <E1eDy1Y-000BVb-G1@fasolo.debian.org>

Source: apt
Source-Version: 1.6~alpha5

We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 881519@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julian Andres Klode <jak@debian.org> (supplier of updated apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 12 Nov 2017 19:57:00 +0100
Source: apt
Binary: apt libapt-pkg5.0 libapt-inst2.0 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source
Version: 1.6~alpha5
Distribution: unstable
Urgency: medium
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Description:
 apt        - commandline package manager
 apt-doc    - documentation for APT
 apt-transport-https - transitional package for https support
 apt-utils  - package management related utility programs
 libapt-inst2.0 - deb package format runtime library
 libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - documentation for APT development
 libapt-pkg5.0 - package management runtime library
Closes: 881402 881519
Changes:
 apt (1.6~alpha5) unstable; urgency=medium
 .
   [ Julian Andres Klode ]
   * Do not attempt seccomp under qemu-user and drop EFAULT workaround
     (Closes: #881519)
 .
   [ Frans Spiesschaert ]
   * Dutch manpage translation update (Closes: #881402)
Checksums-Sha1:
 568f139423416102645223aa346155326312d69c 2739 apt_1.6~alpha5.dsc
 4f7b69c9ae9ea66bc4f93c262f7c6c9a69a03297 2095168 apt_1.6~alpha5.tar.xz
 e7acd18053b440df9fb532608f79c3773f0c92c1 8109 apt_1.6~alpha5_source.buildinfo
Checksums-Sha256:
 b3bd9ea91e6ceb9bfac48fcd9d8381a69a331d88a0d0cc0fde34303dd33dfc99 2739 apt_1.6~alpha5.dsc
 1fb2f427602eabeb10aa7eb53373e9525627907590fa58260b94bd9a7a18e27b 2095168 apt_1.6~alpha5.tar.xz
 32a3683b74c12f9107b45e92330e0fce8c2ababf6be59071213cc191c743f6c3 8109 apt_1.6~alpha5_source.buildinfo
Files:
 ed0b1ab1c09363e4a4c76fadf5ef7d3f 2739 admin important apt_1.6~alpha5.dsc
 644277686f49abaa56c4bf08c48a9184 2095168 admin important apt_1.6~alpha5.tar.xz
 841ccd582face121196edf7c70da05ef 8109 admin important apt_1.6~alpha5_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEEzeVhi4gF/W4gLOnC1zw55WWAs4YFAloInkkPHGpha0BkZWJp
YW4ub3JnAAoJENc8OeVlgLOGUB0P/1oc2Xftlg19xs9BqcD6ISkTytJtnWzwuHo8
KrFEclzqH4iQEU/qu+vKWKJOBJhpV9lzJ4Mk8FSRl3qpJKdAdYkHTJOoCBg1T9+i
OWBXNeFd2wOSZTVmcwWFoPAvmEgFVQduIGSdTdfuZt0ZEKHEoHV3veOGG3oBU8sz
drJN9v2fUp+/oLGWdE3vyikrI048PjlSv/tLBPgkYPhbllG99VJzW2PK2C8+5M2y
QaaXG0MCFx+x5B+lAIoKyJLR4FZBhA9mMhWaO6wmPjiqo4UP7PQvl2V4zdiCaNf0
Q014zLg5MnLMg8uMdF1a38YcricJ4wYmvEsTf+KqN+MQq2LPrhplV0//W59DRiKG
qqeE7XewBXQ0sOBKR9nJ2gO/f7KPcogkuLHvch6hJkKjrVshCAVnBRDZNqF7RDjZ
gfU/4GAS4tLiBD2Fcsh5jIMEkTmhx3JtxnbLVCZw5JCRDeVMw4GpqzKYXq4yeWrq
FOeco/N33fkLijL21iNv2V/IaCkZWcENKGP9qiah9QVmtf8Mdv6MhdaJsN2BMKV4
iP99E29QKSOuXRGvQ4QaFgiIt6mt9Yvr2ZpstICzB4FeFw9DrUGhAvU8D81OuHM3
16Kbz1iyS4QD963Sf47p90UK1aNebseYM9CW9Mh0329exThVIDQyBAaW6lhcgrLl
rWYW0TmK
=mzsQ
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#880582: apt: apt update hangs under qemu-user when host and target architecture are 64-bit
  - From: James Cowgill <jcowgill@debian.org>

Prev by Date: Bug#881519: marked as done (apt: do not attempt seccomp in qemu-user)
Next by Date: Processing of apt_1.6~alpha5_source.changes
Previous by thread: Bug#881519: marked as done (apt: do not attempt seccomp in qemu-user)
Next by thread: Bug#880645: apt: Hash Sum mismatch when running apt-get update
Index(es):
- Date
- Thread