do-release-upgrade crashed with SIGSEGV under wayland

Bug #1732185 reported by Jean-Baptiste Lallement on 2017-11-14
22
This bug affects 3 people
Affects Status Importance Assigned to Milestone
ubuntu-release-upgrader (Ubuntu)
Critical
Balint Reczey
Artful
Undecided
Balint Reczey
update-manager (Ubuntu)
Critical
Balint Reczey
Artful
Critical
Balint Reczey

Bug Description

[Impact]

Users can't upgrade to next Ubuntu release running the upgrade GUI under Wayland.
The backport is needed to let Artful users to upgrade to Bionic without applying workarounds manually.

[Test Case (for update-manager)]

1. Install 17.10 and all the updates available
2. Start a wayland session (Ubuntu in GDM)
3. open a terminal and run the following command:
  $ update-manager -cd
4. When you're prompted to upgrade to 18.04, accept and proceed.
  Expected result on fixed version: Upgrade starts.
  Result on unfixed version: The GUI crashes.

[Test Case (for ubuntu-release-upgrader)]

1. Install 17.10 and all the updates available
2. Start a wayland session (Ubuntu in GDM)
3. Check that root is not listed in xhost output:
  $ xhost
  access control enabled, only authorized clients can connect
  SI:localuser:rbalint
4. If root is present, remove it:
  $ xhost -si:localuser:root
  localuser:root being removed from access control list
  $ xhost
  access control enabled, only authorized clients can connect
  SI:localuser:rbalint
4. open a terminal and run one of the following commands (alternatives):
  $ do-release-upgrade --frontend=DistUpgradeViewGtk3 -d
  $ /usr/lib/ubuntu-release-upgrader/check-new-release-gtk -d
5. When you're prompted to upgrade to 18.04, accept and proceed.
   Expected result on fixed version: Upgrade starts.
   Result on unfixed version: The GUI crashes.

[Test Case (for regressions)]

Repeat the test cases running under X.org (Ubuntu on Xorg in GDM) and check that:
a. Upgrade still works
b. xhost output is not modified

[Regression Potential]

The upgrade GUI may crash in a different way when applying the workaround fails.
Do-release-upgrade may fail to detect development or versions to upgrade to.
The workaround "xhost +si:localuser:root" may be added under Xorg as well

[Original Bug Text]

Test Case:
1. Install 17.10 and all the updates available
2. Start a wayland session (Ubuntu in GDM)
3. open a terminal and run the following command:
  $ update-manager -cd
4. When you're prompted to upgrade to 18.04, accept and proceed.

OR run this command in a terminal:
  $ pkexec /usr/bin/python3 /usr/bin/do-release-upgrade \
        --frontend=DistUpgradeViewGtk3 -d

(note that it's expected to fail under wayland cf bug 1713313)

Expected result
Upgrade starts

Actual result
This crash.

ProblemType: Crash
DistroRelease: Ubuntu 17.10
Package: ubuntu-release-upgrader-core 1:17.10.8
ProcVersionSignature: Ubuntu 4.13.0-16.19-generic 4.13.4
Uname: Linux 4.13.0-16-generic x86_64
ApportVersion: 2.20.7-0ubuntu3.1
Architecture: amd64
CrashDB: ubuntu
Date: Tue Nov 14 14:27:30 2017
ExecutablePath: /usr/bin/do-release-upgrade
ExecutableTimestamp: 1508803676
InstallationDate: Installed on 2017-11-14 (0 days ago)
InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20171018)
InterpreterPath: /usr/bin/python3.6
PackageArchitecture: all
ProcCmdline: /usr/bin/python3 /usr/bin/do-release-upgrade --frontend=DistUpgradeViewGtk3 -d
ProcCwd: /root
Python3Details: /usr/bin/python3.6, Python 3.6.3, python3-minimal, 3.6.3-0ubuntu2
PythonDetails: /usr/bin/python2.7, Python 2.7.14, python-minimal, 2.7.14-2ubuntu1
SegvAnalysis: Skipped: missing required field "Disassembly"
Signal: 11
SourcePackage: ubuntu-release-upgrader
StacktraceTop:
 ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
 ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
 ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
 ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
 ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:

Jean-Baptiste Lallement (jibel) wrote :
Changed in ubuntu-release-upgrader (Ubuntu):
importance: Undecided → Critical
description: updated

StacktraceTop:
 gtk_switch_class_init (klass=0x0) at ././gtk/gtkswitch.c:875
 gtk_switch_class_intern_init (klass=0x0) at ././gtk/gtkswitch.c:129
 default_icon_theme_value () from /tmp/apport_sandbox_urPSiG/usr/lib/x86_64-linux-gnu/libgtk-3.so.0
 ?? ()
 ?? ()

tags: removed: need-amd64-retrace
Changed in ubuntu-release-upgrader (Ubuntu):
status: New → Triaged
Jean-Baptiste Lallement (jibel) wrote :

A workaround is to add root to the access control list when running under wayland.

summary: - do-release-upgrade crashed with SIGSEGV
+ do-release-upgrade crashed with SIGSEGV under wayland
Jean-Baptiste Lallement (jibel) wrote :

Proposal to workaround the limitation to run GUI apps by user root under wayland when do-release-upgrade is called from update-manager.

Changed in update-manager (Ubuntu):
status: New → Triaged
importance: Undecided → Critical
assignee: nobody → Jean-Baptiste Lallement (jibel)

The attachment "update-manager_17.10.11ubuntu1.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Jean-Baptiste Lallement (jibel) wrote :

Same patch but in ubuntu-release-upgrader instead so users can run "sudo do-release-upgrade -f ..."

no longer affects: update-manager (Ubuntu)
Changed in ubuntu-release-upgrader (Ubuntu):
assignee: nobody → Jean-Baptiste Lallement (jibel)

Both patches are actually needed for when the upgrader is called directly or from update-manager

Changed in update-manager (Ubuntu):
status: New → Triaged
importance: Undecided → Critical
Dimitri John Ledkov (xnox) wrote :

So i guess this elevates priviledges from the get go, but i believe previously some of the early code was run unpriviledged previously. So, in addition to this raising priviledges, does update/upgrade-manager need now grow ability to drop priviledges when doing risky moves? (like downloading things off the internet, etc?!)

Balint Reczey (rbalint) on 2018-01-05
Changed in update-manager (Ubuntu):
assignee: nobody → Balint Reczey (rbalint)
Balint Reczey (rbalint) on 2018-01-11
Changed in update-manager (Ubuntu Artful):
importance: Undecided → Critical
status: New → Triaged
status: Triaged → In Progress
Balint Reczey (rbalint) wrote :

@jibel Thanks for the update-manager patch, I uploaded it. Regarding the ubuntu-release-upgrader patch sudo filters out WAYLAND_DISPLAY on Artful and sudo xhost does not work either under wayland thus I think to run sudo do-release-upgrade with GUI one needs to adjust xhost in advance.
Running do-release-upgrade with GUI but as a normal user also fails because gksu is broken under wayland and the GUI is started earler, but this can be fixed at least.

Balint Reczey (rbalint) on 2018-01-11
Changed in update-manager (Ubuntu):
status: Triaged → Fix Committed
Balint Reczey (rbalint) wrote :

@xnox IMO ubuntu-release-upgrader needs to grow the ability to run the GUI as the normal user and execute the minimal set of commands as root. Not that it would be a simple change.

Balint Reczey (rbalint) wrote :

I'm wondering about the importance of adding the workaround to ubuntu-release-upgrader since with the change to update-manager the upgrade seems to work and probably most users would use do-release-upgrade only when preferring a CLI tool.

check-new-release-gtk in ubuntu-release-upgrader has this code that must also be fixed:

123 def on_button_upgrade_now_clicked(self, button):
124 logging.debug("upgrade now")
125 extra_args = ""
126 if options.devel_release:
127 extra_args = extra_args + " --devel-release"
128 if options.proposed_release:
129 extra_args = extra_args + " --proposed"
130 os.execl("/bin/sh", "/bin/sh", "-c",
131 "/usr/bin/pkexec /usr/bin/do-release-upgrade "
132 "--frontend=DistUpgradeViewGtk3%s" % extra_args)

Balint Reczey (rbalint) on 2018-01-13
description: updated

Hello Jean-Baptiste, or anyone else affected,

Accepted update-manager into artful-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/update-manager/1:17.10.12 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-artful to verification-done-artful. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-artful. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in update-manager (Ubuntu Artful):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-artful
Balint Reczey (rbalint) on 2018-01-15
Changed in ubuntu-release-upgrader (Ubuntu):
assignee: Jean-Baptiste Lallement (jibel) → Balint Reczey (rbalint)
status: Triaged → In Progress
Changed in ubuntu-release-upgrader (Ubuntu Artful):
status: New → In Progress
assignee: nobody → Balint Reczey (rbalint)
Balint Reczey (rbalint) on 2018-01-15
description: updated
Balint Reczey (rbalint) on 2018-01-16
Changed in update-manager (Ubuntu Artful):
assignee: nobody → Balint Reczey (rbalint)
Changed in ubuntu-release-upgrader (Ubuntu):
status: In Progress → Fix Committed
Balint Reczey (rbalint) on 2018-01-16
description: updated
Łukasz Zemczak (sil2100) wrote :

Hello Jean-Baptiste, or anyone else affected,

Accepted ubuntu-release-upgrader into artful-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-release-upgrader/1:17.10.9 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-artful to verification-done-artful. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-artful. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in ubuntu-release-upgrader (Ubuntu Artful):
status: In Progress → Fix Committed
Brian Murray (brian-murray) wrote :

This has been uploaded so I'm unsubscribing ubuntu-sponsors.

I verified ubuntu-release-upgrader 1:17.10.9 from proposed. It works under wayland as a user but is still crashing as root. From the diff the workaround is only applied when uid != 0

Marking as verification-failed.

tags: added: verification-failed-artful
removed: verification-needed-artful

verification of update-manager 1:17.10.12

I have reproduced the problem with update-manager 1:17.10.11 in artful and have verified that the version of update-manager 1:17.10.12 in -proposed fixes the issue.

On Fri, Jan 26, 2018 at 10:41 AM, Jean-Baptiste Lallement
<email address hidden> wrote:
> I verified ubuntu-release-upgrader 1:17.10.9 from proposed. It works
> under wayland as a user but is still crashing as root. From the diff the
> workaround is only applied when uid != 0

Thanks for the verification!
Yes, this is expected. As uid 0 xhost command fails and you can't
apply the workaround, but starting do-release-upgrade with GUI from
command line is something I would not expect users to do.

I found another place to fix and I plan removing the workaround from
update-manager in bionic and just calling do-release-upgrade without
pkexec letting do-release-upgrade elevating privileges and applying
the workaround.

Okay then. Apart from this case all the other cases are working. I tested on Xorg and Wayland. I tried update-manager, do-release-upgrade and check-new-release-gtk.

Marking as verification-done.

tags: added: verification-done verification-done-artful
removed: verification-failed-artful verification-needed
amano (jyaku) wrote :

Rbalint, out of interest, could your new fix be tramsferred to Synaptic somehow?

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package update-manager - 1:18.04.2

---------------
update-manager (1:18.04.2) bionic; urgency=medium

  * Build from bazaar repository to keep empty dirs in the source package
  * Break long comment to keep PEP 8 test happy

 -- Balint Reczey <email address hidden> Fri, 12 Jan 2018 01:12:32 +0100

Changed in update-manager (Ubuntu):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-release-upgrader - 1:18.04.6

---------------
ubuntu-release-upgrader (1:18.04.6) bionic; urgency=medium

  * DistUpgradeFetcherKDE.py:
    - ensure theming is correct across all Qt versions and Plasma versions
    - drop unused openUrl helper (replaced by QUrlOpener)
  * QUrlOpener.py:
    - make sure to pass --set-home to sudo when dropping back to user, prevents
      browsers from getting confused which HOME to use
  * DistUpgradeViewKDE.py:
    - force KDE theming for Qt5
    - fix icon & pixmap lookup by running them throw a compatibility helper
      using either Qt3/4 static lookup or Qt5 theme-based lookup (theme is
      determined by the QPA ideally)
    - let name mangling use os-release' PRETTY_NAME if present
    - do not resize windows, adjustsize() them (same as resize albeit readable)
    - introduce an override for QWidget.adjustSize() which prevents adjustment
      iff the window is maximized. as noted in the documentation adjusting a
      maximized yields unexpected results due to a control mismatch between
      X11 window managers and Qt (in short: Qt cannot unmaximize, so adjustsize
      does nothing useful in this case and in fact causes only part of the
      window to be marked dirty by Qt causing sever rendering artifacts)

 -- Harald Sitter <email address hidden> Fri, 19 Jan 2018 13:34:32 +0100

Changed in ubuntu-release-upgrader (Ubuntu):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for ubuntu-release-upgrader has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package update-manager - 1:17.10.12

---------------
update-manager (1:17.10.12) artful; urgency=medium

  [ Jean-Baptiste Lallement ]
  * UpdateManager/Dialogs.py: Workaround restricted access to GUI applications
    by user root under wayland to start do-release-upgrade in graphical mode
    (LP: #1732185)

  [ Balint Reczey ]
  * Break long comment to keep PEP 8 test happy

 -- Balint Reczey <email address hidden> Fri, 12 Jan 2018 23:55:03 +0100

Changed in update-manager (Ubuntu Artful):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-release-upgrader - 1:17.10.9

---------------
ubuntu-release-upgrader (1:17.10.9) artful; urgency=medium

  * DistUpgrade/DistUpgradeFetcher.py,
    check-new-release-gtk,
    do-release-upgrade:
    - Raise privileges in do-release-upgrade using pkexec when GUI is used
    - Drop gksu usage
    - Use os.execv in check-new-release-gtk instead of os.execl
    - Apply the workaround "xhost +si:localuser:root" under Wayland to let
      upgrades finish (LP: #1732185)
  * Skip Python files from other packages in PEP 8 tests

 -- Balint Reczey <email address hidden> Mon, 15 Jan 2018 17:20:58 +0100

Changed in ubuntu-release-upgrader (Ubuntu Artful):
status: Fix Committed → Fix Released
tags: added: id-5a145e478569e8e8505fce45
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers