[Bug 1611360] Re: Xenial 32-bit: multipath exits with SIGSEGV

Jon Grimm jon.grimm at canonical.com
Mon Oct 24 14:30:33 UTC 2016 

** Description changed:

- Ubuntu release:
- Description:	Ubuntu 16.04 LTS
- Release:	16.04
+ [Impact]
  
- Package version: 0.5.0+git1.656f8865-5ubuntu2.1
+  * The CLI for multipath segfaults when on 32-bit platforms.
  
- The current version of multipath-tools for Xenial (0.5.0+git1.656f8865-5ubuntu2.1) causes segmentation fault when trying to run, for example, "show paths" from the daemon.
- When further investigating the issue, it seems that since Ubuntu 14.04, the enum describing the keyword type in cli.h is now of size 35. This leads to overflows as later on values are left-shifted by the values in these enum, and some of those exceed 31 (the maximum legal shift amount in 32-bit int).
- This leads to wrong choice of the handler in the command parsing stage (cli.c - find_handler). Specifically in "show paths" it leads to choosing cli_list_paths_fmt instead of cli_list_paths, and later to null dereferencing and segmentation fault.
+  * As example, a simple 'sudo multipathd -k"show paths"' will blow up,
+    assuming you have a multipath configured.  
  
- GDB Backtrace:
- #0  snprint_path_header (line=0xb78010e0 "", len=1200, format=0x0) at print.c:795
- #1  0x08052a6e in show_paths (r=0xb7b52210, len=0xb7b52208, vecs=0x809f650, style=0x0, pretty=1) at cli_handlers.c:47
- #2  0x080532af in cli_list_paths_fmt (v=0xb7800678, reply=0xb7b52210, len=0xb7b52208, data=0x809f650) at cli_handlers.c:235
- #3  0x08052369 in parse_cmd (cmd=0xb7800f68 "show paths", reply=0xb7b52210, len=0xb7b52208, data=0x809f650) at cli.c:438
- #4  0x0804cf49 in uxsock_trigger (str=0xb7800f68 "show paths", reply=0xb7b52210, len=0xb7b52208, trigger_data=0x809f650) at main.c:780
- #5  0x08050e5a in uxsock_listen (uxsock_trigger=0x804cf00 <uxsock_trigger>, trigger_data=0x809f650) at uxlsnr.c:252
- #6  0x0804da3b in uxlsnrloop (ap=0x809f650) at main.c:946
- #7  0xb7fb82b5 in start_thread (arg=0xb7b52b40) at pthread_create.c:333
- #8  0xb7da216e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:114
+  * The ultimate cause of the bug is the codebase not correctly dealing
+ with bit flags that have exceeded the 32-bit natural word size on 32-bit
+ architectures.  The fix has been cherrypicked from upstream.
+ 
+ 
+ [Test Case]
+ 
+  * You'll need to setup a 32-bit (e.g. i386) multipath environment to
+ test.  I used qemu/kvm.
+ 
+  * See https://bugs.launchpad.net/ubuntu/+source/multipath-
+ tools/+bug/1611360/comments/4
+ 
+  * Once configured, type "sudo multipathd -k"show paths" and it will
+ fail with a segfault on 32-bit architectures, but succeed on 64-bit architectures.  
+ 
+ 
+ [Regression Potential] 
+ 
+  * Limited potential as only affects flag bits > 32-bits.  In addition
+ to testing commands affected by these bits on 32-bit platform (i386),
+ I've regression tested that these commands work on 64-bit platform
+ (amd64).

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to multipath-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1611360

Title:
  Xenial 32-bit: multipath exits with SIGSEGV

Status in multipath-tools package in Ubuntu:
  Fix Released
Status in multipath-tools source package in Xenial:
  New
Status in multipath-tools source package in Yakkety:
  New

Bug description:
  [Impact]

   * The CLI for multipath segfaults when on 32-bit platforms.

   * As example, a simple 'sudo multipathd -k"show paths"' will blow up,
     assuming you have a multipath configured.  

   * The ultimate cause of the bug is the codebase not correctly dealing
  with bit flags that have exceeded the 32-bit natural word size on
  32-bit architectures.  The fix has been cherrypicked from upstream.

  
  [Test Case]

   * You'll need to setup a 32-bit (e.g. i386) multipath environment to
  test.  I used qemu/kvm.

   * See https://bugs.launchpad.net/ubuntu/+source/multipath-
  tools/+bug/1611360/comments/4

   * Once configured, type "sudo multipathd -k"show paths" and it will
  fail with a segfault on 32-bit architectures, but succeed on 64-bit architectures.  

  
  [Regression Potential] 

   * Limited potential as only affects flag bits > 32-bits.  In addition
  to testing commands affected by these bits on 32-bit platform (i386),
  I've regression tested that these commands work on 64-bit platform
  (amd64).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/multipath-tools/+bug/1611360/+subscriptions

More information about the foundations-bugs mailing list