-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
lsof crash on glibc 2.33 armv7a #160
Comments
Thank you for reporting. Could you rebuild the lsof command with 'make clean; make DEBUG='-g -O0'' and capture the stack trace again? |
@masatake Here you go, though glibc itself is built with optimizations, but I assume that's irrelevant.
|
Looks strange.
How about the following change? diff --git a/misc.c b/misc.c
index 3bebdc5..4954e90 100644
--- a/misc.c
+++ b/misc.c
@@ -293,7 +293,11 @@ doinchild(fn, fp, rbuf, rbln)
*/
int r_al, r_rbln;
- char r_arg[MAXPATHLEN+1], r_rbuf[MAXPATHLEN+1];
+ char r_arg[MAXPATHLEN+1];
+ union {
+ char r_rbuf[MAXPATHLEN+1];
+ struct stat r_stat;
+ } r;
int (*r_fn)();
/*
* Close sufficient open file descriptors except Pipes[0] and
@@ -358,16 +362,16 @@ doinchild(fn, fp, rbuf, rbln)
|| read(Pipes[0], r_arg, r_al) != r_al
|| read(Pipes[0], (char *)&r_rbln, sizeof(r_rbln))
!= (int)sizeof(r_rbln)
- || r_rbln < 1 || r_rbln > (int)sizeof(r_rbuf))
+ || r_rbln < 1 || r_rbln > (int)sizeof(r.r_rbuf))
break;
- zeromem (r_rbuf, r_rbln);
- rv = r_fn(r_arg, r_rbuf, r_rbln);
+ zeromem (r.r_rbuf, r_rbln);
+ rv = r_fn(r_arg, r.r_rbuf, r_rbln);
en = errno;
if (write(Pipes[3], (char *)&rv, sizeof(rv))
!= sizeof(rv)
|| write(Pipes[3], (char *)&en, sizeof(en))
!= sizeof(en)
- || write(Pipes[3], r_rbuf, r_rbln) != r_rbln)
+ || write(Pipes[3], r.r_rbuf, r_rbln) != r_rbln)
break;
} |
The above fix works, the union with the buffer correctly fixes the alignment. Can you please apply this fix to the main or branches? Thank you! |
@10ne1, thank you for testing. |
BTW, what kind of command-line options did you specified? |
Typically it is run in ChromiumOS at startup as Once you merge a fix I'll push it to the lsof package in Gentoo then I will also push to ChromiumOS. Thank you very much! |
Now, I understand what happened. I assumed the child process was created each time when calling stat or readlink. |
Close lsof-org#160. The original code passes char[] buffer to stat(). This can be cause a SIGBUS. lsof-org#160 reported an actual crash on armv7a + glibc-2.33 platform. See also https://sourceware.org/bugzilla/show_bug.cgi?id=27993. The issue is reported by @10ne1. Signed-off-by: Masatake YAMATO <yamato@redhat.com>
This backports an upstream fix for a crash which happens on armv7a + glibc 2.33 due to a buffer misalignment. Upstream issue: lsof-org/lsof#160 Upstream commit: 21cb1dad1243f4c0a427d893babab12e48b60f0e Signed-off-by: Adrian Ratiu <adrian.ratiu@collabora.com>
This backports an upstream fix for a crash which happens on armv7a + glibc 2.33 due to a buffer misalignment. Upstream issue: lsof-org/lsof#160 Upstream commit: 21cb1dad1243f4c0a427d893babab12e48b60f0e Signed-off-by: Adrian Ratiu <adrian.ratiu@collabora.com>
This backports an upstream fix for a crash which happens on armv7a + glibc 2.33 due to a buffer misalignment. Upstream issue: lsof-org/lsof#160 Upstream commit: 21cb1dad1243f4c0a427d893babab12e48b60f0e Bug: https://bugs.gentoo.org/797358 Signed-off-by: Adrian Ratiu <adrian.ratiu@collabora.com>
This backports an upstream fix for a crash which happens on armv7a + glibc 2.33 due to a buffer misalignment. Upstream issue: lsof-org/lsof#160 Upstream commit: 21cb1dad1243f4c0a427d893babab12e48b60f0e Bug: https://bugs.gentoo.org/797358 Closes: #21354 Acked-by: David Seifert <soap@gentoo.org> Signed-off-by: Adrian Ratiu <adrian.ratiu@collabora.com> Signed-off-by: Sam James <sam@gentoo.org>
This backports an upstream fix for a crash which happens on armv7a + glibc 2.33 due to a buffer misalignment. Upstream issue: lsof-org/lsof#160 Upstream commit: 21cb1dad1243f4c0a427d893babab12e48b60f0e Bug: https://bugs.gentoo.org/797358 Closes: gentoo#21354 Acked-by: David Seifert <soap@gentoo.org> Signed-off-by: Adrian Ratiu <adrian.ratiu@collabora.com> Signed-off-by: Sam James <sam@gentoo.org>
This backports an upstream fix for a crash which happens on armv7a + glibc 2.33 due to a buffer misalignment. Upstream issue: lsof-org/lsof#160 Upstream commit: 21cb1dad1243f4c0a427d893babab12e48b60f0e Bug: https://bugs.gentoo.org/797358 Closes: gentoo#21354 Acked-by: David Seifert <soap@gentoo.org> Signed-off-by: Adrian Ratiu <adrian.ratiu@collabora.com> Signed-off-by: Sam James <sam@gentoo.org>
Hi. Starting with glibc v2.33 the {f}stat{at} APIs got reworked which exposed a bug in lsof making it always crash on 32bit arm systems due to a buffer alignment problem in this code location.
The glibc 2.33 commit causing the crash this: aa03f722f3 linux: Add {f}stat{at} y2038 support
See the discussion in the glibc bugtracker which uncovered the issue. Here's a stack trace:
In a nutshell lsof needs to ensure the rbuf in doinchild() is properly aligned.
The text was updated successfully, but these errors were encountered: