[Bug 1699161] Re: lshw crashes with SEGV in unprivileged container
Stéphane Graber
stgraber at stgraber.org
Mon Jun 26 06:35:52 UTC 2017
Unable to reproduce in a normal unprivileged container:
```
stgraber at castiana:~$ lxc launch ubuntu:16.04 unpriv
Creating unpriv
Starting unpriv
stgraber at castiana:~$ lxc exec unpriv bash
root at unpriv:~# ls -lh /sys/kernel/
total 0
drwxr-xr-x 2 nobody nogroup 0 Jun 26 06:32 boot_params
drwx------ 38 nobody nogroup 0 Jun 24 14:56 debug
-r--r--r-- 1 nobody nogroup 4.0K Jun 26 06:32 fscaps
drwxr-xr-x 2 nobody nogroup 0 Jun 26 06:32 iommu_groups
drwxr-xr-x 38 nobody nogroup 0 Jun 26 06:32 irq
-r--r--r-- 1 nobody nogroup 4.0K Jun 26 06:32 kexec_crash_loaded
-rw-r--r-- 1 nobody nogroup 4.0K Jun 26 06:32 kexec_crash_size
-r--r--r-- 1 nobody nogroup 4.0K Jun 26 06:32 kexec_loaded
drwxr-xr-x 2 nobody nogroup 0 Jun 26 06:32 livepatch
drwxr-xr-x 6 nobody nogroup 0 Jun 26 06:32 mm
-r--r--r-- 1 nobody nogroup 516 Jun 26 06:32 notes
-rw-r--r-- 1 nobody nogroup 4.0K Jun 26 06:32 profiling
-rw-r--r-- 1 nobody nogroup 4.0K Jun 26 06:32 rcu_expedited
-rw-r--r-- 1 nobody nogroup 4.0K Jun 26 06:32 rcu_normal
drwxr-xr-x 4 nobody nogroup 0 Jun 24 14:55 security
drwxr-xr-x 140 nobody nogroup 0 Jun 26 06:32 slab
dr-xr-xr-x 2 nobody nogroup 0 Jun 26 06:33 tracing
-rw-r--r-- 1 nobody nogroup 4.0K Jun 24 14:55 uevent_helper
-r--r--r-- 1 nobody nogroup 4.0K Jun 26 06:32 uevent_seqnum
-r--r--r-- 1 nobody nogroup 4.0K Jun 26 06:32 vmcoreinfo
root at unpriv:~# lshw >/dev/null
root at unpriv:~# echo $?
0
root at unpriv:~#
```
But I can reproduce it in a privileged container where lshw is seen
attempting to access /sys/kernel/debug/usb/devices and
/proc/bus/usb/devices. The former is denied as all debugfs access should
be in privileged containers, the latter doesn't exist.
So this is a lshw bug. It shouldn't just crash when the kernel denies it
access to a path. I'd instead expect it to skip the particular
subsystem.
** Package changed: lxd (Ubuntu) => lshw (Ubuntu)
** Summary changed:
- lshw crashes with SEGV in unprivileged container
+ lshw crashes with SEGV in privileged containers
** Description changed:
When running lshw in a Xenial container, I'm getting a segmentation
fault. I'll attach the apport crash dump.
+
+ ```
+ stgraber at castiana:~$ lxc launch ubuntu:16.04 priv -c security.privileged=true
+ Creating priv
+ Starting priv
+
+ stgraber at castiana:~$ lxc exec priv bash
+ root at priv:~# lshw
+ Segmentation fault
+ root at priv:~#
+
+ [strace of lshw]
+ open("/usr/share/hwdata/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
+ open("/etc/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
+ open("/usr/share/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
+ open("/usr/local/share/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
+ open("/usr/share/lshw-common/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
+ open("/usr/share/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
+ open("/sys/kernel/debug/usb/devices", O_RDONLY) = -1 EACCES (Permission denied)
+ open("/proc/bus/usb/devices", O_RDONLY) = -1 ENOENT (No such file or directory)
+ --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} ---
+ +++ killed by SIGSEGV +++
+ Segmentation fault
** Description changed:
When running lshw in a Xenial container, I'm getting a segmentation
fault. I'll attach the apport crash dump.
```
stgraber at castiana:~$ lxc launch ubuntu:16.04 priv -c security.privileged=true
Creating priv
Starting priv
stgraber at castiana:~$ lxc exec priv bash
root at priv:~# lshw
- Segmentation fault
- root at priv:~#
+ Segmentation fault
+ root at priv:~#
+ ```
[strace of lshw]
open("/usr/share/hwdata/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/share/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/lshw-common/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usb/devices", O_RDONLY) = -1 EACCES (Permission denied)
open("/proc/bus/usb/devices", O_RDONLY) = -1 ENOENT (No such file or directory)
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} ---
+++ killed by SIGSEGV +++
Segmentation fault
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to lshw in Ubuntu.
https://bugs.launchpad.net/bugs/1699161
Title:
lshw crashes with SEGV in privileged containers
Status in lshw package in Ubuntu:
Confirmed
Bug description:
When running lshw in a Xenial container, I'm getting a segmentation
fault. I'll attach the apport crash dump.
```
stgraber at castiana:~$ lxc launch ubuntu:16.04 priv -c security.privileged=true
Creating priv
Starting priv
stgraber at castiana:~$ lxc exec priv bash
root at priv:~# lshw
Segmentation fault
root at priv:~#
```
[strace of lshw]
open("/usr/share/hwdata/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/share/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/lshw-common/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/usb.ids", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/sys/kernel/debug/usb/devices", O_RDONLY) = -1 EACCES (Permission denied)
open("/proc/bus/usb/devices", O_RDONLY) = -1 ENOENT (No such file or directory)
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} ---
+++ killed by SIGSEGV +++
Segmentation fault
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lshw/+bug/1699161/+subscriptions
More information about the foundations-bugs
mailing list