[Bug 1699161] Re: lshw crashes with SEGV in privileged containers

Eric Desrochers eric.desrochers at canonical.com
Thu Oct 12 14:37:37 UTC 2017 

** Description changed:

- When running lshw in a Xenial container, I'm getting a segmentation
- fault. I'll attach the apport crash dump.
+ [Impact]
+ 
+  * lshw crashes with SEGV in privileged containers, unless you disable
+ the 'usb' test: $ lshw -disable usb
+ 
+ [Test Case]
+ 
+ ## Create a privileged container. ##
+ $ lxc launch ubuntu:16.04 priv -c security.privileged=true
+ Creating priv
+ Starting priv
+ 
+ ## Execute lshw inside the privileged container. ##
+ $ lxc exec priv bash
+ root at priv:~# 
+ 
+ root at priv:~#lshw
+ Segmentation fault
+ 
+ 
+ [Regression Potential] 
+ 
+  * Risks of regression are low.
+ 
+  * I have tested lshw inside containers (unprivileges/privileges) and baremetal with success connecting different types of usb device : webcam, usb keys, ... The usb output of lshw cmd is shown as expected, but this time without segfaulting when container in privilege mode.
+  
+  * Basically, the code look if both files doesn't exists
+ 
+ #define PROCBUSUSBDEVICES "/proc/bus/usb/devices"
+ #define SYSKERNELDEBUGUSBDEVICES "/sys/kernel/debug/usb/devices"
+ ...
+   if (!exists(SYSKERNELDEBUGUSBDEVICES) && !exists(PROCBUSUSBDEVICES))
+ __return false;
+ 
+ I kept the above in place.
+ 
+ But what if only 1 of the 2 files exists ?
+ 
+ For that reason I added an extra verification if
+ SYSKERNELDEBUGUSBDEVICES exist -> fopen SYSKERNELDEBUGUSBDEVICES.
+ 
+ and
+ 
+ if fopen SYSKERNELDEBUGUSBDEVICES fails and PROCBUSUSBDEVICES exist then
+ -> fopen "PROCBUSUSBDEVICES"
+ 
+ The code first look for SYSKERNELDEBUGUSBDEVICES and if it fails it jump
+ to PROCBUSUSBDEVICES.
+ 
+ But if PROCBUSUSBDEVICES fails there was no mechanism to skip, thus
+ segfault.
+ 
+ I also added another if statement in case PROCBUSUSBDEVICES fails like in this situation (no such file or directory) in privileged container, same as if SYSKERNELDEBUGUSBDEVICES can't be opened to force to jump on trying PROCBUSUSBDEVICES.
+    
+ 
+ [Other Info]
+  
+  * Proposal made to lyonel/lshw (Lyonel Vincent being lshw maintainer) : 
+    https://github.com/lyonel/lshw/pull/33
+ 
+  * I also sent Lyonel an email to poke him.
+ 
+ [Original Description]
+ When running lshw in a Xenial container, I'm getting a segmentation fault. I'll attach the apport crash dump.
  
  ```
  stgraber at castiana:~$ lxc launch ubuntu:16.04 priv -c security.privileged=true
  Creating priv
  Starting priv
  
  stgraber at castiana:~$ lxc exec priv bash
  root at priv:~# lshw
  Segmentation fault
  root at priv:~#
  ```
  
  [strace of lshw]
  open("/usr/share/hwdata/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
  open("/etc/usb.ids", O_RDONLY)          = -1 ENOENT (No such file or directory)
  open("/usr/share/usb.ids", O_RDONLY)    = -1 ENOENT (No such file or directory)
  open("/usr/local/share/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
  open("/usr/share/lshw-common/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
  open("/usr/share/usb.ids", O_RDONLY)    = -1 ENOENT (No such file or directory)
  open("/sys/kernel/debug/usb/devices", O_RDONLY) = -1 EACCES (Permission denied)
  open("/proc/bus/usb/devices", O_RDONLY) = -1 ENOENT (No such file or directory)
  --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} ---
  +++ killed by SIGSEGV +++
  Segmentation fault

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to lshw in Ubuntu.
https://bugs.launchpad.net/bugs/1699161

Title:
  lshw crashes with SEGV in privileged containers

Status in lshw package in Ubuntu:
  In Progress
Status in lshw source package in Trusty:
  Confirmed
Status in lshw source package in Xenial:
  Confirmed
Status in lshw source package in Zesty:
  Confirmed
Status in lshw source package in Artful:
  In Progress
Status in lshw source package in bb-series:
  New

Bug description:
  [Impact]

   * lshw crashes with SEGV in privileged containers, unless you disable
  the 'usb' test: $ lshw -disable usb

  [Test Case]

  ## Create a privileged container. ##
  $ lxc launch ubuntu:16.04 priv -c security.privileged=true
  Creating priv
  Starting priv

  ## Execute lshw inside the privileged container. ##
  $ lxc exec priv bash
  root at priv:~# 

  root at priv:~#lshw
  Segmentation fault

  
  [Regression Potential] 

   * Risks of regression are low.

   * I have tested lshw inside containers (unprivileges/privileges) and baremetal with success connecting different types of usb device : webcam, usb keys, ... The usb output of lshw cmd is shown as expected, but this time without segfaulting when container in privilege mode.
   
   * Basically, the code look if both files doesn't exists

  #define PROCBUSUSBDEVICES "/proc/bus/usb/devices"
  #define SYSKERNELDEBUGUSBDEVICES "/sys/kernel/debug/usb/devices"
  ...
    if (!exists(SYSKERNELDEBUGUSBDEVICES) && !exists(PROCBUSUSBDEVICES))
  __return false;

  I kept the above in place.

  But what if only 1 of the 2 files exists ?

  For that reason I added an extra verification if
  SYSKERNELDEBUGUSBDEVICES exist -> fopen SYSKERNELDEBUGUSBDEVICES.

  and

  if fopen SYSKERNELDEBUGUSBDEVICES fails and PROCBUSUSBDEVICES exist
  then -> fopen "PROCBUSUSBDEVICES"

  The code first look for SYSKERNELDEBUGUSBDEVICES and if it fails it
  jump to PROCBUSUSBDEVICES.

  But if PROCBUSUSBDEVICES fails there was no mechanism to skip, thus
  segfault.

  I also added another if statement in case PROCBUSUSBDEVICES fails like in this situation (no such file or directory) in privileged container, same as if SYSKERNELDEBUGUSBDEVICES can't be opened to force to jump on trying PROCBUSUSBDEVICES.
     

  [Other Info]
   
   * Proposal made to lyonel/lshw (Lyonel Vincent being lshw maintainer) : 
     https://github.com/lyonel/lshw/pull/33

   * I also sent Lyonel an email to poke him.

  [Original Description]
  When running lshw in a Xenial container, I'm getting a segmentation fault. I'll attach the apport crash dump.

  ```
  stgraber at castiana:~$ lxc launch ubuntu:16.04 priv -c security.privileged=true
  Creating priv
  Starting priv

  stgraber at castiana:~$ lxc exec priv bash
  root at priv:~# lshw
  Segmentation fault
  root at priv:~#
  ```

  [strace of lshw]
  open("/usr/share/hwdata/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
  open("/etc/usb.ids", O_RDONLY)          = -1 ENOENT (No such file or directory)
  open("/usr/share/usb.ids", O_RDONLY)    = -1 ENOENT (No such file or directory)
  open("/usr/local/share/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
  open("/usr/share/lshw-common/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
  open("/usr/share/usb.ids", O_RDONLY)    = -1 ENOENT (No such file or directory)
  open("/sys/kernel/debug/usb/devices", O_RDONLY) = -1 EACCES (Permission denied)
  open("/proc/bus/usb/devices", O_RDONLY) = -1 ENOENT (No such file or directory)
  --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} ---
  +++ killed by SIGSEGV +++
  Segmentation fault

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lshw/+bug/1699161/+subscriptions

More information about the foundations-bugs mailing list