Ubuntu
opencryptoki package

[UBUNTU 21.04] Opencryptoki 3.15: token_specific_sha_update() causes segmentation fault in main_arena () from /usr/lib64/libc.so.6 (opencryptoki)

Bug #1915689 reported by bugproxy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Fix Released
High
Skipper Bug Screeners
opencryptoki (Ubuntu)
Fix Released
Undecided
Skipper Bug Screeners

Bug Description

Summary
=======
IBM z15 LPAR
found on non-Ubuntu distro with opencryptoki-3.15.1

Segmentation fault of the sess_opstate test on the Soft Token
The problem is immediately reproducible

Details
=======
The sess_opstate test was receiving a segmentation fault signal when running
on the OpenCryptoki SoftToken.
./Bopencryptoki-tb: line 391: 222135 Segmentation fault (core dumped) ./sess_opstate -slot $slot_nr

sess_opstate succeeds against the ICA token, CCA token, and EP11 token.
The elapled time amount is showing about 50years of run time which is way too high, though.

# time ./sess_opstate1 -slot 3
Using slot #3...

With option: no_init: 0
Running 100 loops...
* TESTCASE sess_opstate_funcs PASS (elapsed time 1612872946s 711722us) Get/SetOperationState digest test

real 0m0.895s
user 0m0.015s
sys 0m0.032s

Debug info
==========
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000003ff9a51e9c0 in main_arena () from /usr/lib64/libc.so.6
(gdb) bt
#0 0x000003ff9a51e9c0 in main_arena () from /usr/lib64/libc.so.6
#1 0x000003ff98270872 in token_specific_sha_update (tokdata=<optimized out>, ctx=0x161b0578, in_data=<optimized out>,
    in_data_len=<optimized out>) at usr/lib/soft_stdll/soft_specific.c:3062
#2 0x000003ff98215f48 in digest_mgr_digest_update (tokdata=<optimized out>, sess=<optimized out>, ctx=0x161b0578,
    data=<optimized out>, data_len=5) at usr/lib/common/dig_mgr.c:287
#3 0x000003ff98251716 in SC_DigestUpdate (tokdata=0x1619da60, sSession=<optimized out>, pPart=0x161b0710 "\310@\024\352\345",
    ulPartLen=5) at usr/lib/common/new_host.c:2613
#4 0x000003ff9a607578 in C_DigestUpdate () from /usr/lib64/opencryptoki/libopencryptoki.so.0
#5 0x0000000001004d56 in sess_opstate_funcs ()
#6 0x00000000010057d2 in main ()

Terminal Output
===============
./Bopencryptoki-tb: line 391: 222135 Segmentation fault (core dumped) ./sess_opstate -slot $slot_nr

# file sess_opstate
sess_opstate: ELF 64-bit MSB executable, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, for GNU/Linux 3.2.0, BuildID[sha1]=999f80eaa557d306a8ea4cda25e8e928fe9eb527, with debug_info, not stripped

# coredumpctl list
TIME PID UID GID SIG COREFILE EXE
Thu 2021-02-04 19:05:29 CET 222135 0 0 11 missing /root/crypto/opencryptoki-3.15.1/testcases/pkcs11/sess_opstate
#
 coredumpctl dump 222135 > coredump_pid222135.core
           PID: 222135 (sess_opstate)
           UID: 0 (root)
           GID: 0 (root)
        Signal: 11 (SEGV)
     Timestamp: Thu 2021-02-04 19:05:28 CET (4 days ago)
  Command Line: ./sess_opstate -slot 2
    Executable: /root/crypto/opencryptoki-3.15.1/testcases/pkcs11/sess_opstate
 Control Group: /user.slice/user-0.slice/session-5.scope
          Unit: session-5.scope
         Slice: user-0.slice
       Session: 5
     Owner UID: 0 (root)
       Boot ID: 13342569937c43b9ab778ea184f4e490
    Machine ID: fc8625d575914061ba54bbf27e15d50d
      Hostname: t83lp22.lnxne.boe
       Storage: /var/lib/systemd/coredump/core.sess_opstate.0.13342569937c43b9ab778ea184f4e490.222135.1612461928000000.lz4 (inaccessible)
       Message: Process 222135 (sess_opstate) of user 0 dumped core.

                Stack trace of thread 222135:
                #0 0x0000000000000002 n/a (n/a)

Syslog from the segmentation fault situation:

Feb 04 19:05:28 system sess_opstate[222135]: Libica FIPS library integrity check passed.
Feb 04 19:05:28 system kernel: User process fault: interruption code 0010 ilc:3 in sess_opstate[1000000+a000]
Feb 04 19:05:28 system kernel: Failing address: 0000000000000000 TEID: 0000000000000800
Feb 04 19:05:28 system kernel: Fault in primary space mode while using user ASCE.
Feb 04 19:05:28 system kernel: AS:00000000e585c1c7 R3:00000000da39c007 S:0000000000000020
Feb 04 19:05:28 system kernel: CPU: 2 PID: 222135 Comm: sess_opstate Kdump: loaded Not tainted 4.18.0-277.el8.s390x #1
Feb 04 19:05:28 system kernel: Hardware name: IBM 8561 T01 701 (LPAR)
Feb 04 19:05:28 system kernel: User PSW : 0705000180000000 0000000000000002
Feb 04 19:05:28 system kernel: R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:1 AS:0 CC:0 PM:0 RI:0 EA:3
Feb 04 19:05:28 system kernel: User GPRS: 0000000000000000 0000000000000002 0000000002922fb0 0000000002922ca0
Feb 04 19:05:28 system kernel: 0000000000000003 0000000000000003 0000000000000003 0000000000000002
Feb 04 19:05:28 system kernel: 00000000029098b0 0000000000000003 0000000002922ca0 0000000002923238
Feb 04 19:05:28 system kernel: 0000000002922ca0 0000000000000063 000003ff991f0872 000003ffc027ee50
Feb 04 19:05:28 system kernel: User Code: Bad PSW.
Feb 04 19:05:28 system kernel: Last Breaking-Event-Address:
Feb 04 19:05:28 system kernel: [<000003ff9ae96cec>] 0x3ff9ae96cec
Feb 04 19:05:28 system systemd-coredump[222136]: Libica FIPS library integrity check passed.
Feb 04 19:05:28 system systemd[1]: Created slice system-systemd\x2dcoredump.slice.
Feb 04 19:05:28 system systemd[1]: Started Process Core Dump (PID 222136/UID 0).
Feb 04 19:05:29 system systemd-coredump[222137]: Libica FIPS library integrity check passed.
Feb 04 19:05:29 system sess_mgmt_tests[222138]: Libica FIPS library integrity check passed.
Feb 04 19:05:29 system systemd-coredump[222137]: Process 222135 (sess_opstate) of user 0 dumped core.

                                                            Stack trace of thread 222135:
                                                            #0 0x0000000000000002 n/a (n/a)
Feb 04 19:05:29 system systemd[1]: systemd-coredump@0-222136-0.service: Succeeded

---Steps to Reproduce---
1. Unpack the GitHub OpenCryptoki source code package and run
   ./bootstrap.sh
   ./configure --enable-testcases
2. cd testcases
3. make
4. cd crypto
5. Set up the opencryptoki Soft token (define in
   /etc/opencryptoki/opencryptoki.conf file and initialize using 'pkcsconf')
6. export PKCS11_USER_PIN=01234567; export PKCS11_SO_PIN=76543210
7. run: ./sess_opstate -slot <N> -securekey; N being the index of the Soft token
8. Watch the Error output of the tests.

Userspace tool common name: opencryptoki

Userspace : opencryptoki-libs-3.15.1

The userspace tool has the following bit modes: 64-bit

Userspace tool obtained from project website: na

This affects OCK >= 3.15 only.

The fix is now upstream:
https://github.com/opencryptoki/opencryptoki/commit/1e98001ff63cd7e75d95b4ea0d3d2a69965d8890 "SOFT: Fix problem with C_Get/SetOperationState and digest contexts"

This patch should apply smoothly on top of OCK 3.15.1.

bugproxy (bugproxy)
tags: added: architecture-s39064 bugnameltc-191549 severity-high targetmilestone-inin2104
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → opencryptoki (Ubuntu)
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
importance: Undecided → High
status: New → Triaged
Steve Langasek (vorlon)
tags: added: fr-1139
Revision history for this message
Frank Heimes (fheimes) wrote :

Could and should be done as part of LP 1906369.

Frank Heimes (fheimes)
Changed in opencryptoki (Ubuntu):
status: New → Fix Released
Changed in ubuntu-z-systems:
status: Triaged → Fix Released
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2021-02-23 08:52 EDT-------
IBM Bugzilla status->closed, Fix Released

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.