QEMU

Infinite loop over ERANGE from getsockopt

Bug #1840252 reported by Fritz Katze
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QEMU
New
Undecided
Unassigned

Bug Description

Host system: Ubuntu 18.04.3 AMD64
Qemu Version: qemu-arm-static --version
qemu-arm version 2.11.1(Debian 1:2.11+dfsg-1ubuntu7.17)

Emulated System:
Root file system taken from RaspberryPi 3 image
ubuntu-18.04.3-preinstalled-server-armhf+raspi3.img
from http://cdimage.ubuntu.com/releases/18.04/release/ubuntu-18.04.3-preinstalled-server-armhf+raspi3.img.xz.

Then using system-nspawn with with /usr/bin/qemu-arm-static copied in.

When executing commands like
  dpkg -i (--force-all) <...>.deb
or
  tar tvf ..
or
  tar xvf ..
the hosting qemu-arm-static process goes into an infinite loop of getsockopt calls of the form:
getsockopt(12, SOL_SOCKET, SO_PEERSEC, 0x7fff7cac49d8, [4]) = -1 ERANGE (Numerical result out of range)
I assume that this is because of an infinite retry without checking the actual error code of the call.

strace:
openat(AT_FDCWD, "/lib/arm-linux-gnueabihf/librt.so.1", O_RDONLY|O_CLOEXEC) = 12
read(12, "\177ELF\1\1\1\3\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\20\30\0\0004\0\0\0"..., 512) = 512
lseek(12, 21236, SEEK_SET) = 21236
read(12, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1240) = 1240
lseek(12, 20856, SEEK_SET) = 20856
read(12, "A2\0\0\0aeabi\0\1(\0\0\0\0057-A\0\6\n\7A\10\1\t\2\n\4\22"..., 51) = 51
fstat(12, {st_mode=S_IFREG|0644, st_size=22476, ...}) = 0
mmap(0x7f419952c000, 90112, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS|MAP_DENYWRIT
E, -1, 0) = 0x7f419952c000
mmap(0x7f419952c000, 90112, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 12, 0) = 0x
7f419952c000
mprotect(0x7f4199531000, 61440, PROT_NONE) = 0
mmap(0x7f4199540000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 12, 0x4000)
 = 0x7f4199540000
close(12) = 0
mprotect(0x7f4199540000, 4096, PROT_READ) = 0
mprotect(0x7f4199578000, 8192, PROT_READ) = 0
mmap(0x7f419957b000, 28672, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0)
= 0x7f419957b000
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, [HUP USR1 USR2 PIPE ALRM CHLD TSTP URG VTALRM PROF WINCH IO], NULL, 8
) = 0
access("/etc/systemd/dont-synthesize-nobody", F_OK) = -1 ENOENT (No such file or directory)
getpid() = 26
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 12
getsockopt(12, SOL_SOCKET, SO_RCVBUF, [212992], [4]) = 0
setsockopt(12, SOL_SOCKET, SO_RCVBUFFORCE, [8388608], 4) = -1 EPERM (Operation not permitted)
setsockopt(12, SOL_SOCKET, SO_RCVBUF, [8388608], 4) = 0
getsockopt(12, SOL_SOCKET, SO_SNDBUF, [212992], [4]) = 0
setsockopt(12, SOL_SOCKET, SO_SNDBUFFORCE, [8388608], 4) = -1 EPERM (Operation not permitted)
setsockopt(12, SOL_SOCKET, SO_SNDBUF, [8388608], 4) = 0
connect(12, {sa_family=AF_UNIX, sun_path="/run/dbus/system_bus_socket"}, 29) = 0
getsockopt(12, SOL_SOCKET, SO_PEERCRED, {pid=0, uid=0, gid=0}, [12]) = 0
getsockopt(12, SOL_SOCKET, SO_PEERSEC, 0x7fff7cac49d8, [4]) = -1 ERANGE (Numerical result out of
range)

And this last entry repeats endlessly.

See original description
Revision history for this message
Peter Maydell (pmaydell) wrote :

Hi; thanks for this bug report. It looks like it's the same as LP:1823790. The underlying cause is that we don't implement the SO_PEERSEC getsockopt option properly. Unfortunately this option appears to be completely undocumented, which makes it pretty hard for us to implement :-(

Fritz Katze (fritz-the-cat)
description: updated
Revision history for this message
Fritz Katze (fritz-the-cat) wrote :

See my comment at LP:1823790.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.