Installing qemu-user-static in an i386 lxc container applies the binfmt changes to the host, breaking execution in that host

Bug #917660 reported by Guilherme Salgado on 2012-01-17
24
This bug affects 3 people
Affects Status Importance Assigned to Milestone
binfmt-support (Ubuntu)
Medium
Unassigned
linux (Ubuntu)
Medium
Unassigned
lxc (Ubuntu)
Medium
Unassigned
qemu-linaro (Ubuntu)
Undecided
Unassigned

Bug Description

If you create an i386 container on an amd64 host and install qemu-user-static on the container, it will run "update-binfmts --import qemu-x86_64" and since binfmt doesn't seem to be containerized, it will affect the host causing all binary executions to go through /usr/bin/qemu-x86_64-static, which in turn crashes like this:

  salgado@delgadito:~$ ls
  ERROR: ioctl(SNDCTL_DSP_MAPINBUF): target=0x80085013 host=0x80105013
  ERROR: ioctl(SNDCTL_DSP_MAPOUTBUF): target=0x80085014 host=0x80105014
  qemu: Unsupported syscall: 202
  qemu: uncaught target signal 11 (Segmentation fault) - core dumped

Because of that you won't be able to execute anything on the host, so the only way to solve that is to restart or run the following in the container:

  update-binfmts --package qemu-user-static --remove qemu-x86_64 /usr/bin/qemu-x86_64-static

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: linux-image-3.2.0-9-generic 3.2.0-9.16
ProcVersionSignature: Ubuntu 3.2.0-9.16-generic 3.2.1
Uname: Linux 3.2.0-9-generic x86_64
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.24.
ApportVersion: 1.90-0ubuntu2
Architecture: amd64
ArecordDevices:
 **** List of CAPTURE Hardware Devices ****
 card 0: PCH [HDA Intel PCH], device 0: CONEXANT Analog [CONEXANT Analog]
   Subdevices: 1/1
   Subdevice #0: subdevice #0
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: salgado 2876 F.... pulseaudio
Card0.Amixer.info:
 Card hw:0 'PCH'/'HDA Intel PCH at 0xf1620000 irq 49'
   Mixer name : 'Intel CougarPoint HDMI'
   Components : 'HDA:14f1506e,17aa21d2,00100002 HDA:80862805,80860101,00100000'
   Controls : 23
   Simple ctrls : 8
Card29.Amixer.info:
 Card hw:29 'ThinkPadEC'/'ThinkPad Console Audio Control at EC reg 0x30, fw unknown'
   Mixer name : 'ThinkPad EC (unknown)'
   Components : ''
   Controls : 1
   Simple ctrls : 1
Card29.Amixer.values:
 Simple mixer control 'Console',0
   Capabilities: pswitch pswitch-joined penum
   Playback channels: Mono
   Mono: Playback [on]
Date: Tue Jan 17 10:56:49 2012
HibernationDevice: RESUME=UUID=ce6e1bad-83b4-490c-a732-f15d400083f3
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
MachineType: LENOVO 4170CTO
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.2.0-9-generic root=UUID=6c8b89f7-f0ef-440b-bea8-ccb5f8d5b8a3 ro quiet splash i915.i915_enable_rc6=1 i915.lvds_downclock=1 vt.handoff=7
RelatedPackageVersions:
 linux-restricted-modules-3.2.0-9-generic N/A
 linux-backports-modules-3.2.0-9-generic N/A
 linux-firmware 1.67
SourcePackage: linux
StagingDrivers: mei
UpgradeStatus: Upgraded to precise on 2012-01-17 (0 days ago)
dmi.bios.date: 11/01/2011
dmi.bios.vendor: LENOVO
dmi.bios.version: 8CET50WW (1.30 )
dmi.board.asset.tag: Not Available
dmi.board.name: 4170CTO
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvr8CET50WW(1.30):bd11/01/2011:svnLENOVO:pn4170CTO:pvrThinkPadT420s:rvnLENOVO:rn4170CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 4170CTO
dmi.product.version: ThinkPad T420s
dmi.sys.vendor: LENOVO

Guilherme Salgado (salgado) wrote :
Brad Figg (brad-figg) on 2012-01-17
Changed in linux (Ubuntu):
status: New → Confirmed
Changed in linux (Ubuntu):
importance: Undecided → Medium
Andy Whitcroft (apw) on 2012-01-18
summary: - Installing qemu-user-static on an i386 lxc container will hose your
- amd64 host
+ Installing qemu-user-static in an i386 lxc container applies the binfmt
+ changes to the host, breaking execution in that host
Changed in lxc (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium

Thank you for taking the time to file a bug report on this issue.

However, given the number of bugs that the Kernel Team receives during any development cycle it is impossible for us to review them all. Therefore, we occasionally resort to using automated bots to request further testing. This is such a request.

We have noted that there is a newer version of the development kernel than the one you last tested when this issue was found. Please test again with the newer kernel and indicate in the bug if this issue still exists or not.

You can update to the latest development kernel by simply running the following commands in a terminal window:

    sudo apt-get update
    sudo apt-get upgrade

If the bug still exists, change the bug status from Incomplete to Confirmed. If the bug no longer exists, change the bug status from Incomplete to Fix Released.

If you want this bot to quit automatically requesting kernel tests, add a tag named: bot-stop-nagging.

 Thank you for your help, we really do appreciate it.

Changed in linux (Ubuntu):
status: Confirmed → Incomplete
tags: added: kernel-request-3.2.0-10.17

Is the new kernel still on -proposed or has it been accepted already? I
just ran apt-get update/upgrade and didn't get that.

Also, is it really worth testing this on the new kernel?

Serge Hallyn (serge-hallyn) wrote :

When I tried to reproduce this, I failed. It appeared to be due to the container not having /lib/modules.

Guilherme Salgado (salgado) wrote :

I reproduce it yesterday by creating a fresh precise-i386 container on
my precise-amd64 host and installing qemu-user-static in it. This is how
I created it:

lxc-create -n $CONTAINER_NAME -t ubuntu -f /tmp/network.conf -- -r
precise -a i386

Guilherme Salgado (salgado) wrote :

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Problem still exists on latest kernel

 status confirmed
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8dUNMACgkQ8F5AvJx1xKYptACglD1Mt1bVgKD7al5UlpdVgvlF
dyMAnROAxgHZkMY1PgpUHiOiHWL083m9
=dVYe
-----END PGP SIGNATURE-----

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Serge Hallyn (serge-hallyn) wrote :

Thanks, Guilherme. I'm sorry, should have mentioned that no, a new kernel was not expected to fix that.

For lxc containers, we can (and should) fix this using an apparmor policy.

I don't know if there is a reasonable way that update-binfmts itself can detect this. I'll mark this as affecting that package to get more input.

Andy Whitcroft (apw) wrote :

@serge -- if this is going to be fixed using an apparmour policy should we be flipping the kernel task over to apparmor ?

Serge Hallyn (serge-hallyn) wrote :

@Andy -- that depends on whether we consider the kernel part of this a bug or not.

For lxc it'll be fixed with an apparmor policy shipped with lxc.

For update-binfmts more generally, there might be way for that program to be smarter.

But still the kernel itself is reading over proc and/or sys files, so there's the question of how far we go to protect the admin from himself.

My take right now: the container admin may be separate from the host admin, so we need the lxc policy. For the rest, update-binfmts and the kernel part can only be used by the host admin, so we let him shoot himself in the foot.

Thank you for taking the time to file a bug report on this issue.

However, given the number of bugs that the Kernel Team receives during any development cycle it is impossible for us to review them all. Therefore, we occasionally resort to using automated bots to request further testing. This is such a request.

We have noted that there is a newer version of the development kernel than the one you last tested when this issue was found. Please test again with the newer kernel and indicate in the bug if this issue still exists or not.

You can update to the latest development kernel by simply running the following commands in a terminal window:

    sudo apt-get update
    sudo apt-get upgrade

If the bug still exists, change the bug status from Incomplete to Confirmed. If the bug no longer exists, change the bug status from Incomplete to Fix Released.

If you want this bot to quit automatically requesting kernel tests, add a tag named: bot-stop-nagging.

 Thank you for your help, we really do appreciate it.

Changed in linux (Ubuntu):
status: Confirmed → Incomplete
tags: added: kernel-request-3.2.0-10.18
Andy Whitcroft (apw) on 2012-01-30
tags: added: bot-stop-nagging
removed: kernel-request-3.2.0-10.17 kernel-request-3.2.0-10.18
Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Serge Hallyn (serge-hallyn) wrote :

This should be fixed in lxc in precise, where the apparmor policy should prevent it from happening.

I've marked the kernel bug invalid, but kept the binfmt-support bug new. If there is something which that package could do to help the general (non-lxc) case, that'd be terrific. I'm not sure however that there is.

Changed in linux (Ubuntu):
status: Confirmed → Invalid
Changed in lxc (Ubuntu):
status: Confirmed → Fix Released
Guilherme Salgado (salgado) wrote :

It's indeed fixed, thanks!

Guilherme Salgado (salgado) wrote :

Although I now get an error when uninstalling qemu-user-static. I don't worry about that because I know what's going on, but I thought I'd mention anyway

Steve Langasek (vorlon) on 2012-02-07
Changed in binfmt-support (Ubuntu):
importance: Undecided → Medium
Guilherme Salgado (salgado) wrote :

The fix to bug 947617 seems to have caused a regression here; reopening.

Changed in lxc (Ubuntu):
status: Fix Released → Confirmed
Changed in lxc (Ubuntu):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in binfmt-support (Ubuntu):
status: New → Confirmed
Changed in linux (Ubuntu):
status: Invalid → Confirmed
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Serge Hallyn (serge-hallyn) wrote :

Adding qemu-linaro (for qemu-user-static) as per irc conversation in #ubuntu-devel.

Suggestion is to have qemu-user-static.postinst not install any targets matching `uname -m` or current userspace.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers