2009-10-15 13:54:09 |
Visi |
bug |
|
|
added bug |
2009-10-19 07:57:05 |
Visi |
nominated for series |
|
Ubuntu Karmic |
|
2009-10-23 12:33:18 |
Amit Kucheria |
linux (Ubuntu): importance |
Undecided |
Medium |
|
2009-10-23 12:33:18 |
Amit Kucheria |
linux (Ubuntu): status |
New |
Confirmed |
|
2009-10-23 12:46:35 |
Amit Kucheria |
affects |
linux (Ubuntu) |
bash (Ubuntu) |
|
2009-11-11 12:12:18 |
Amit Kucheria |
bug task added |
|
linux (Ubuntu) |
|
2009-11-11 12:13:06 |
Amit Kucheria |
linux (Ubuntu): importance |
Undecided |
Medium |
|
2009-11-11 12:13:06 |
Amit Kucheria |
linux (Ubuntu): status |
New |
Incomplete |
|
2009-11-11 12:40:42 |
Amit Kucheria |
linux (Ubuntu): assignee |
|
Amit Kucheria (amitk) |
|
2009-11-21 05:35:28 |
Amit Kucheria |
linux (Ubuntu): status |
Incomplete |
Triaged |
|
2009-12-11 15:45:17 |
Loïc Minier |
bash (Ubuntu): status |
Confirmed |
Invalid |
|
2010-01-15 00:25:19 |
Kees Cook |
bug task added |
|
bash (Ubuntu Karmic) |
|
2010-01-15 00:25:19 |
Kees Cook |
bug task added |
|
linux (Ubuntu Karmic) |
|
2010-01-15 00:25:32 |
Kees Cook |
bash (Ubuntu Karmic): status |
New |
Invalid |
|
2010-01-15 00:25:38 |
Kees Cook |
linux (Ubuntu): status |
Triaged |
Confirmed |
|
2010-01-15 00:25:41 |
Kees Cook |
linux (Ubuntu Karmic): status |
New |
Confirmed |
|
2010-01-15 00:25:55 |
Kees Cook |
linux (Ubuntu Karmic): importance |
Undecided |
Medium |
|
2010-01-15 00:25:58 |
Kees Cook |
linux (Ubuntu Karmic): assignee |
|
Amit Kucheria (amitk) |
|
2010-01-15 18:29:06 |
Kees Cook |
attachment added |
|
explode.c http://launchpadlibrarian.net/37933948/explode.c |
|
2010-01-15 20:44:11 |
Kees Cook |
attachment added |
|
0001-UBUNTU-SAUCE-x86-brk-away-from-exec-rand-area.patch http://launchpadlibrarian.net/37938467/0001-UBUNTU-SAUCE-x86-brk-away-from-exec-rand-area.patch |
|
2010-01-15 20:44:33 |
Kees Cook |
nominated for series |
|
Ubuntu Lucid |
|
2010-01-15 20:44:33 |
Kees Cook |
bug task added |
|
bash (Ubuntu Lucid) |
|
2010-01-15 20:44:33 |
Kees Cook |
bug task added |
|
linux (Ubuntu Lucid) |
|
2010-01-15 20:44:50 |
Kees Cook |
linux (Ubuntu Lucid): assignee |
Amit Kucheria (amitk) |
Kees Cook (kees) |
|
2010-01-15 20:45:02 |
Kees Cook |
bash (Ubuntu Lucid): importance |
Medium |
Undecided |
|
2010-01-15 20:53:05 |
Kees Cook |
linux (Ubuntu Karmic): status |
Confirmed |
Triaged |
|
2010-01-15 20:53:10 |
Kees Cook |
linux (Ubuntu Lucid): status |
Confirmed |
In Progress |
|
2010-01-15 20:53:20 |
Kees Cook |
linux (Ubuntu Karmic): assignee |
Amit Kucheria (amitk) |
Kees Cook (kees) |
|
2010-01-20 00:04:12 |
Kees Cook |
linux (Ubuntu Lucid): status |
In Progress |
Fix Committed |
|
2010-01-22 14:25:33 |
Stefan Bader |
linux (Ubuntu Karmic): status |
Triaged |
Fix Committed |
|
2010-01-22 15:30:51 |
Stefan Bader |
description |
It seems that memory allocation fails occasionally, when an optional (non-standard, but legal) startup method is used to execute a binary. Our application requires that method (scratchbox2) so that's why we found it.
Environment:
-----------------
Ubuntu 9.10 Karmic Koala 32bit
uname -a:
Linux testub910-32 2.6.31-14-generic #46-Ubuntu SMP Tue Oct 13 16:47:59 UTC 2009 i686 GNU/Linux
How to reproduce:
-----------------------
Use the following loop to do the test: Execute ld.so/ld-linux.so
explicitly:
#!/bin/sh
while true
do
/lib/ld-linux.so.2 /bin/bash /usr/bin/which apt-get
done
(note that "which" is really a shell script, that is why bash is involved)
This produces occasionally memory allocation errors and coredumps.
like:
...
/usr/bin/apt-get
Segmentation fault (core dumped)
/usr/bin/apt-get
..
/usr/bin/apt-get
/usr/bin/apt-get
/bin/bash: xrealloc: ../../../bash/lib/sh/stringvec.c:48: cannot reallocate 276 bytes (0 bytes allocated)
/usr/bin/apt-get
..
/usr/bin/apt-get
/usr/bin/apt-get
/usr/bin/apt-get
/usr/bin/which: xrealloc: ../bash/input.c:170: cannot reallocate 1100 bytes (0 bytes allocated)
/usr/bin/apt-get
..
/usr/bin/apt-get
Segmentation fault (core dumped)
...
Necessary background information:
--------------------------------
Using ld.so (=ld-linux.so) explicitly to start a program is a not-so-common
way to start a binary, but it is still a valid and legal way to do it.
Scratchbox 2 uses it because it needs to use Maemo's ld.so (the default is
to use host's ld.so) and Maemo's libraries (default is to use host's
libraries),
and additionally we want to set some extra parameters that can only be
specified when ld.so is executed "from the command line".
We have tested the similar script in some different environment:
--------------------------------------------------------------------------------
In Ubuntu 9.04 Jaunty 32 bit everything works fine without any problem.
uname -a:
Linux testmachine 2.6.28-15-generic #52-Ubuntu SMP Wed Sep 9 10:49:34 UTC 2009 i686 GNU/Linux
In OpenSUSE 11.2 Beta 32bit does not produce the above described problem
uname -a:
Linux testmachine 2.6.31.3-1-default #1 SMP 2009-10-08 00:27:25 +0200 i686 i686 i386 GNU/Linux
I have also compiled the latest stable kernel from kernel.org (2.6.31.4) under karmic koala. If I booting from this new kernel (under the same problematic Ubuntu 9.10 Karmic Koala 32bit machine) then it will NOT produce the above described problem. So I think (I am not an expert so please correct me if I am wrong) it means that the problem is likely to be in an ubuntu specific kernel change.
uname -a:
Linux testmachine 2.6.31.4 #1 SMP Thu Oct 15 15:55:55 EEST 2009 i686 GNU/Linux
Please locate the problem and fix it, if it is possible, before Karmic Koala release.
Thank you in advance. |
SRU Justification:
Impact: With the current NX emulation, there are cases where the brk segment conflicts with the exe randomization.
Fix: The patch linked to this report moves the brk segment out of the way for these cases.
Testcase: See below
---
It seems that memory allocation fails occasionally, when an optional (non-standard, but legal) startup method is used to execute a binary. Our application requires that method (scratchbox2) so that's why we found it.
Environment:
-----------------
Ubuntu 9.10 Karmic Koala 32bit
uname -a:
Linux testub910-32 2.6.31-14-generic #46-Ubuntu SMP Tue Oct 13 16:47:59 UTC 2009 i686 GNU/Linux
How to reproduce:
-----------------------
Use the following loop to do the test: Execute ld.so/ld-linux.so
explicitly:
#!/bin/sh
while true
do
/lib/ld-linux.so.2 /bin/bash /usr/bin/which apt-get
done
(note that "which" is really a shell script, that is why bash is involved)
This produces occasionally memory allocation errors and coredumps.
like:
...
/usr/bin/apt-get
Segmentation fault (core dumped)
/usr/bin/apt-get
..
/usr/bin/apt-get
/usr/bin/apt-get
/bin/bash: xrealloc: ../../../bash/lib/sh/stringvec.c:48: cannot reallocate 276 bytes (0 bytes allocated)
/usr/bin/apt-get
..
/usr/bin/apt-get
/usr/bin/apt-get
/usr/bin/apt-get
/usr/bin/which: xrealloc: ../bash/input.c:170: cannot reallocate 1100 bytes (0 bytes allocated)
/usr/bin/apt-get
..
/usr/bin/apt-get
Segmentation fault (core dumped)
...
Necessary background information:
--------------------------------
Using ld.so (=ld-linux.so) explicitly to start a program is a not-so-common
way to start a binary, but it is still a valid and legal way to do it.
Scratchbox 2 uses it because it needs to use Maemo's ld.so (the default is
to use host's ld.so) and Maemo's libraries (default is to use host's
libraries),
and additionally we want to set some extra parameters that can only be
specified when ld.so is executed "from the command line".
We have tested the similar script in some different environment:
--------------------------------------------------------------------------------
In Ubuntu 9.04 Jaunty 32 bit everything works fine without any problem.
uname -a:
Linux testmachine 2.6.28-15-generic #52-Ubuntu SMP Wed Sep 9 10:49:34 UTC 2009 i686 GNU/Linux
In OpenSUSE 11.2 Beta 32bit does not produce the above described problem
uname -a:
Linux testmachine 2.6.31.3-1-default #1 SMP 2009-10-08 00:27:25 +0200 i686 i686 i386 GNU/Linux
I have also compiled the latest stable kernel from kernel.org (2.6.31.4) under karmic koala. If I booting from this new kernel (under the same problematic Ubuntu 9.10 Karmic Koala 32bit machine) then it will NOT produce the above described problem. So I think (I am not an expert so please correct me if I am wrong) it means that the problem is likely to be in an ubuntu specific kernel change.
uname -a:
Linux testmachine 2.6.31.4 #1 SMP Thu Oct 15 15:55:55 EEST 2009 i686 GNU/Linux
Please locate the problem and fix it, if it is possible, before Karmic Koala release.
Thank you in advance.
|
|
2010-01-27 18:30:09 |
Launchpad Janitor |
linux (Ubuntu Lucid): status |
Fix Committed |
Fix Released |
|
2010-01-27 18:30:09 |
Launchpad Janitor |
cve linked |
|
2009-4536 |
|
2010-01-27 18:30:09 |
Launchpad Janitor |
cve linked |
|
2009-4538 |
|
2010-02-07 04:25:02 |
r12056 |
nominated for series |
|
Ubuntu Dapper |
|
2010-02-07 04:25:02 |
r12056 |
nominated for series |
|
Ubuntu Hardy |
|
2010-02-07 04:25:02 |
r12056 |
nominated for series |
|
Ubuntu Jaunty |
|
2010-02-07 04:25:02 |
r12056 |
nominated for series |
|
Ubuntu Intrepid |
|
2010-02-09 12:28:47 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/linux-fsl-imx51 |
|
2010-02-11 15:29:17 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/linux-mvl-dove |
|
2010-02-23 18:32:29 |
Kees Cook |
tags |
|
verification-done |
|
2010-03-04 08:42:32 |
Launchpad Janitor |
linux (Ubuntu Karmic): status |
Fix Committed |
Fix Released |
|