* [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary?
@ 2018-02-14 8:30 Raphaël Hertzog
2018-02-14 15:46 ` [Qemu-devel] [Bug 1749393] " Gérard Vidal
` (31 more replies)
0 siblings, 32 replies; 33+ messages in thread
From: Raphaël Hertzog @ 2018-02-14 8:30 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being broken
when run under qemu-user (for all target architectures, host being amd64
for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's malloc,
then everything is fine. But it might be that glibc has a fallback when
sbrk() is not working properly and it might hide the underlying problem
in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-user-
static version 1:2.11+dfsg-1) but I have had reports that the problem is
reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
New
Bug description:
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Qemu-devel] [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
@ 2018-02-14 15:46 ` Gérard Vidal
2018-03-01 19:15 ` Peter Ogden
` (30 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Gérard Vidal @ 2018-02-14 15:46 UTC (permalink / raw)
To: qemu-devel
Affected by the same bug.
target architecture arm
host architecture amd64
bug message
bash: xmalloc: .././locale.c:****: cannot allocate 2 bytes (0 bytes allocated)
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
New
Bug description:
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Qemu-devel] [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
2018-02-14 15:46 ` [Qemu-devel] [Bug 1749393] " Gérard Vidal
@ 2018-03-01 19:15 ` Peter Ogden
2018-03-15 11:39 ` Peter Maydell
` (29 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Peter Ogden @ 2018-03-01 19:15 UTC (permalink / raw)
To: qemu-devel
This appears to be a problem in all PIE-compiled executables that use
sbrk in qemu-user due to the way that position-independent code gets
mmapped into adjacent ranges meaning there is no room for expansion.
I've hacked my version of QEMU to force the program binary to mmap in a
different range allowing for the region to be resized which fixes this
issue. I don't know the most appropriate way to determine what range to
use in generate though.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
New
Bug description:
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Qemu-devel] [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
2018-02-14 15:46 ` [Qemu-devel] [Bug 1749393] " Gérard Vidal
2018-03-01 19:15 ` Peter Ogden
@ 2018-03-15 11:39 ` Peter Maydell
2018-03-15 15:27 ` Matthias Klose
` (28 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Peter Maydell @ 2018-03-15 11:39 UTC (permalink / raw)
To: qemu-devel
** Tags added: arm linux-user
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
New
Bug description:
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Qemu-devel] [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (2 preceding siblings ...)
2018-03-15 11:39 ` Peter Maydell
@ 2018-03-15 15:27 ` Matthias Klose
2018-03-15 16:17 ` Peter Maydell
` (27 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Matthias Klose @ 2018-03-15 15:27 UTC (permalink / raw)
To: qemu-devel
** Also affects: qemu (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
New
Status in qemu package in Ubuntu:
New
Bug description:
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Qemu-devel] [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (3 preceding siblings ...)
2018-03-15 15:27 ` Matthias Klose
@ 2018-03-15 16:17 ` Peter Maydell
2018-03-15 17:56 ` Peter Ogden
` (26 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Peter Maydell @ 2018-03-15 16:17 UTC (permalink / raw)
To: qemu-devel
There seem to be two parts to this. Firstly, with a big reserved-region,
which is the default for 32-bit-guest-on-64-bit-host, this code in
main.c:
if (reserved_va) {
mmap_next_start = reserved_va;
}
says to start trying for the next mmap address at the top of the
reserved section, which is typically right at the top of the guest's
address space. This means that for a PIE executable we'll try to load it
at a very high address, which then means there's no space above the data
section for the brk segment.
Secondly, for the no-reserved-region case (-R 0, or 64-on-64), we still
fail, but this time because we've chosen to mmap the dynamic interpreter
at an address just above the executable. Again, no space to expand the
data segment and brk fails.
Linux kernel commit a87938b2e246b81 message says something about there
being a guaranteed 128MB "gap" between data segment and stack on x86-64
which we're obviously not honourin; presumbably there's similar
requirements for other archs. (As an aside, is bash really happy with
only having perhaps 128MB of allocatable memory? Otherwise it really
ought to use mmap rather than brk for its allocator.)
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
New
Status in qemu package in Ubuntu:
New
Bug description:
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Qemu-devel] [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (4 preceding siblings ...)
2018-03-15 16:17 ` Peter Maydell
@ 2018-03-15 17:56 ` Peter Ogden
2018-03-22 21:45 ` Launchpad Bug Tracker
` (25 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Peter Ogden @ 2018-03-15 17:56 UTC (permalink / raw)
To: qemu-devel
Could we over-allocate the data segment by
QEMU_DATA_SIZE/getrlimit(RLIMIT_DATA)/128 MB depending on what's set -
similar to how the stack size is managed?
My current workaround for aarch64 on x86-64 is to mmap a dynamic main
executable in some far-away part of the address space but I'm not sure
how to find somewhere suitable on a 32-bit host/guest.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
New
Status in qemu package in Ubuntu:
New
Bug description:
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Qemu-devel] [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (5 preceding siblings ...)
2018-03-15 17:56 ` Peter Ogden
@ 2018-03-22 21:45 ` Launchpad Bug Tracker
2018-04-04 16:16 ` Matthias Klose
` (24 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Launchpad Bug Tracker @ 2018-03-22 21:45 UTC (permalink / raw)
To: qemu-devel
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: qemu (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
New
Status in qemu package in Ubuntu:
Confirmed
Bug description:
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Qemu-devel] [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (6 preceding siblings ...)
2018-03-22 21:45 ` Launchpad Bug Tracker
@ 2018-04-04 16:16 ` Matthias Klose
2020-01-17 23:52 ` Richard Henderson
` (23 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Matthias Klose @ 2018-04-04 16:16 UTC (permalink / raw)
To: qemu-devel
qemu patch proposed at http://lists.nongnu.org/archive/html/qemu-
devel/2018-03/msg04700.html
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
New
Status in qemu package in Ubuntu:
Confirmed
Bug description:
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (7 preceding siblings ...)
2018-04-04 16:16 ` Matthias Klose
@ 2020-01-17 23:52 ` Richard Henderson
2020-03-10 9:07 ` Laurent Vivier
` (22 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Richard Henderson @ 2020-01-17 23:52 UTC (permalink / raw)
To: qemu-devel
Another proposed patch:
https://patchew.org/QEMU/20200117230245.5040-1-richard.henderson@linaro.org/
** Changed in: qemu (Ubuntu)
Assignee: (unassigned) => Richard Henderson (rth)
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
New
Status in qemu package in Ubuntu:
Confirmed
Bug description:
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (8 preceding siblings ...)
2020-01-17 23:52 ` Richard Henderson
@ 2020-03-10 9:07 ` Laurent Vivier
2020-04-30 13:34 ` Laurent Vivier
` (21 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Laurent Vivier @ 2020-03-10 9:07 UTC (permalink / raw)
To: qemu-devel
Fixed here:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6fd5944980f4
** Changed in: qemu
Status: New => Fix Committed
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
Fix Committed
Status in qemu package in Ubuntu:
Confirmed
Bug description:
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (9 preceding siblings ...)
2020-03-10 9:07 ` Laurent Vivier
@ 2020-04-30 13:34 ` Laurent Vivier
2020-05-01 6:47 ` Christian Ehrhardt
` (20 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Laurent Vivier @ 2020-04-30 13:34 UTC (permalink / raw)
To: qemu-devel
** Changed in: qemu
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
Fix Released
Status in qemu package in Ubuntu:
Confirmed
Bug description:
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (10 preceding siblings ...)
2020-04-30 13:34 ` Laurent Vivier
@ 2020-05-01 6:47 ` Christian Ehrhardt
2020-06-17 7:52 ` Christian Ehrhardt
` (19 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Christian Ehrhardt @ 2020-05-01 6:47 UTC (permalink / raw)
To: qemu-devel
Will be merged in 20.10 with qemu >=5.0 where this came upstream.
** Tags added: qemu-20.10
** Changed in: qemu (Ubuntu)
Status: Confirmed => Triaged
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
Fix Released
Status in qemu package in Ubuntu:
Triaged
Bug description:
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (11 preceding siblings ...)
2020-05-01 6:47 ` Christian Ehrhardt
@ 2020-06-17 7:52 ` Christian Ehrhardt
2020-08-01 5:05 ` Launchpad Bug Tracker
` (18 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Christian Ehrhardt @ 2020-06-17 7:52 UTC (permalink / raw)
To: qemu-devel
** Changed in: qemu (Ubuntu)
Assignee: Richard Henderson (rth) => Christian Ehrhardt (paelzer)
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
Fix Released
Status in qemu package in Ubuntu:
Triaged
Bug description:
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (12 preceding siblings ...)
2020-06-17 7:52 ` Christian Ehrhardt
@ 2020-08-01 5:05 ` Launchpad Bug Tracker
2021-04-19 23:03 ` Robie Basak
` (17 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Launchpad Bug Tracker @ 2020-08-01 5:05 UTC (permalink / raw)
To: qemu-devel
This bug was fixed in the package qemu - 1:5.0-5ubuntu3
---------------
qemu (1:5.0-5ubuntu3) groovy; urgency=medium
* d/p/ubuntu/lp-1887763-*: fix TCG sizing that OOMed many small CI
environments (LP: #1887763)
* Pick further changes for groovy from debian/master since 5.0-5
- ati-vga-check-mm_index-before-recursive-call-CVE-2020-13800.patch
Closes: CVE-2020-13800, ati-vga allows guest OS users to trigger
infinite recursion via a crafted mm_index value during
ati_mm_read or ati_mm_write call.
- revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch
Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu
devices which uses min_access_size and max_access_size Memory API fields.
Also closes: CVE-2020-13791
- exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
CVE-2020-13659: address_space_map in exec.c can trigger
a NULL pointer dereference related to BounceBuffer
- megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c
has an OOB read via a crafted reply_queue_head field from a guest OS user
- megasas-use-unsigned-type-for-positive-numeric-fields.patch
fix other possible cases like in CVE-2020-13362 (#961887)
- megasas-fix-possible-out-of-bounds-array-access.patch
Some tracepoints use a guest-controlled value as an index into the
mfi_frame_desc[] array. Thus a malicious guest could cause a very low
impact OOB errors here
- nbd-server-avoid-long-error-message-assertions-CVE-2020-10761.patch
Closes: CVE-2020-10761, An assertion failure issue in the QEMU NBD Server.
This flaw occurs when an nbd-client sends a spec-compliant request that is
near the boundary of maximum permitted request length. A remote nbd-client
could use this flaw to crash the qemu-nbd server resulting in a DoS.
- es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch
Closes: CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c does not
properly validate the frame count, which allows guest OS users to trigger
an out-of-bounds access during an es1370_write() operation
- a few patches from the stable series:
- fix-tulip-breakage.patch
The tulip network driver in a qemu-system-hppa emulation is broken in
the sense that bigger network packages aren't received any longer and
thus even running e.g. "apt update" inside the VM fails. Fix this.
- 9p-lock-directory-streams-with-a-CoMutex.patch
Prevent deadlocks in 9pfs readdir code
- net-do-not-include-a-newline-in-the-id-of-nic-device.patch
Fix newline accidentally sneaked into id string of a nic
- qemu-nbd-close-inherited-stderr.patch
- virtio-balloon-fix-free-page-hinting-check-on-unreal.patch
- virtio-balloon-fix-free-page-hinting-without-an-iothread.patch
- virtio-balloon-unref-the-iothread-when-unrealizing.patch
- acpi-tmr-allow-2-byte-reads.patch (Closes: #964247)
- reapply CVE-2020-13253 fixed from upstream:
sdcard-simplify-realize-a-bit.patch (preparation for the next patch)
sdcard-dont-allow-invalid-SD-card-sizes.patch (half part of CVE-2020-13253)
sdcard-update-coding-style-to-make-checkpatch-happy.patch (preparational)
sdcard-dont-switch-to-ReceivingData-if-address-is-in..-CVE-2020-13253.patch
Closes: #961297, CVE-2020-13253
- linux-user-refactor-ipc-syscall-and-support-of-semtimedop.patch
(Closes: #965109)
- linux-user-add-netlink-RTM_SETLINK-command.patch (Closes: #964289)
- d/control: since qemu-system-data now contains module(s),
it can't be multi-arch. Ditto for qemu-block-extra.
- qemu-system-foo: depend on exact version of qemu-system-data,
due to the latter having modules
- acpi-allow-accessing-acpi-cnt-register-by-byte.patch' (Closes: #964793)
This is another incarnation of the recent bugfix which actually enabled
memory access constraints, like #964247
- acpi-accept-byte-and-word-access-to-core-ACPI-registers.patch
this replace acpi-allow-accessing-acpi-cnt-register-by-byte.patch
and acpi-tmr-allow-2-byte-reads.patch, a more complete fix
- xhci-fix-valid.max_access_size-to-access-address-registers.patch
fix one more incarnation of the breakage after the CVE-2020-13754 fix
- do not install outdated (0.12 and before) Changelog (Closes: #965381)
- xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch
ARM-only XGMAC NIC, possible buffer overflow during packet transmission
Closes: CVE-2020-15863
- sm501 OOB read/write due to integer overflow in sm501_2d_operation()
List of patches:
sm501-convert-printf-abort-to-qemu_log_mask.patch
sm501-shorten-long-variable-names-in-sm501_2d_operation.patch
sm501-use-BIT-macro-to-shorten-constant.patch
sm501-clean-up-local-variables-in-sm501_2d_operation.patch
sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch
Closes: #961451, CVE-2020-12829
- riscv-allow-64-bit-access-to-SiFive-CLINT.patch
another fix for revert-memory-accept-.. CVE-2020-13754
- seabios-hppa-fno-ipa-sra.patch fix ftbfs with gcc-10
qemu (1:5.0-5ubuntu2) groovy; urgency=medium
* No change rebuild against new libnettle8 and libhogweed6 ABI.
qemu (1:5.0-5ubuntu1) groovy; urgency=medium
* Merge with Debian testing (LP: #1749393), remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type (LP: 1304107 1621042)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types
- d/qemu-system-x86.NEWS Info on fixed machine type definitions
for host-phys-bits=true (LP: 1776189)
- add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- provide pseries-bionic-2.11-sxxm type as convenience with all
meltdown/spectre workarounds enabled by default. (LP: 1761372).
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- improved dependencies
- Make qemu-system-common depend on qemu-block-extra
- Make qemu-utils depend on qemu-block-extra
- let qemu-utils recommend sharutils
- arch aware kvm wrappers
- tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/control-in: Disable capstone disassembler library support (universe)
- d/qemu-system-x86.README.Debian: add info about updated nesting changes
- d/control*, d/rules: disable xen by default, but provide universe
package qemu-system-x86-xen as alternative
[includes --disable-xen for user-static builds]
- d/control-in: disable pmem on ppc64 as it is currently considered
experimental on that architecture (pmdk v1.8-1)
- d/rules: makefile definitions can't be recursive - sys_systems for s390x
- d/rules: report config log from the correct subdir
- allow qemu to load old modules post upgrade (LP 1847361)
- d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
upgrade
- d/rules: generate maintainer scripts matching package version on build
- d/rules: enable --enable-module-upgrades where --enable-modules is set
- d/p/ubuntu/lp-1835546-*: backport the s390x protvirt feature (LP 1835546)
- d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
- debian/patches/ubuntu/lp-1878973-*: fix assert in qemu-guest-agent that
crashes it on shutdown (LP 1878973)
* Dropped changes (no more needed)
- d/qemu-system-common.maintscript: clean old sysv and upstart scripts
- d/p/ubuntu/expose-vmx_qemu64cpu.patch: expose nested kvm by default
in qemu64 cpu type.
- d/control: avoid upgrade issues triggered by moving ivshmem tools after
Debian. Fixed by bumping the related Breaks/Replaces to the
Version Ubuntu introduced the change (LP 1862287)
* Dropped changes (in Debian)
- improved s390x support
- d/binfmt-update-in: fix binfmt being called in some containers
(LP 1840956)
- qemu-system-x86-microvm package
In addition to the generic multi-purpose qemu also provide a minimal
feature binary that is loading faster for use cases with microvm machine
type and qboot bios
- d/control-in: add a new qemu-system-x86-microvm package
- d/rules: add an extra config/build step to get the minimal qemu
- Security and packaging fixes (LP 1872937)
- arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch
- net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
CVE-2020-10702
CVE-2020-11102
- fix external spice UI
+ install ui-spice-app.so in qemu-system-common
+ install ui-spice-app.so only if built, spice is optional
- switch binfmt registration to use update-binfmts --[un]import (#866756)
- qemu-system-gui: Multi-Arch=same, not foreign (#956763)
- qemu-system-data: s/highcolor/hicolor/ (#955741)
- enable riscv build (LP 1872931)
[ changes picked from Debian ]
- enable support for riscv64 hosts
- only enable librbd on architectures where it is built
- ceph: do not list librados-dev as we only use librbd-dev and the latter
depends on the former
- seccomp grew up, no need in versioned build-dep
- enable seccomp only on architectures where it can be built
* Dropped changes (upstream)
- d/p/ubuntu/lp-1857033-*: add support for Cooper Lake cpu model
(LP 1857033)
- d/p/lp-1859527-*: avoid breakage on high virtqueue counts (LP 1859527)
- d/p/ubuntu/vhost-user-gpu-Drop-trailing-json-comma.patch: fix parsing of
vhost-user-gpu
- d/p/ubuntu/lp-1847361-vhost-correctly-turn-on-VIRTIO_F_IOMMU_PLATFORM.patch:
avoid unnecessary IOTLB transactions (LP 1866207)
- d/p/stable/lp-1867519-*: Stabilize qemu 4.2 with upstream
patches @qemu-stable (LP 1867519)
- remove d/p/ubuntu/expose-vmx_qemu64cpu.patch: Stop adding VMX to qemu64
to avoid broken nesting (LP 1868692)
- d/p/ubuntu/lp-1871830-*: avoid crash when using QEMU_MODULE_DIR
(LP 1871830)
- d/p/ubuntu/lp-1872107*: fix migration while rebooting guests (LP 1872107)
- d/p/ubuntu/lp-1872931-*: fix build on non KVM platforms
- d/p/ubuntu/lp-1872945-*: fix riscv emulation errors that e.g. hung ssh
and clobbered doubles (LP 1872945)
- SECURITY UPDATE: DoS via integer overflow in ati_2d_blt()
- debian/patches/ubuntu/CVE-2020-11869.patch: fix checks in
ati_2d_blt() to avoid crash in hw/display/ati_2d.c.
- CVE-2020-11869
- d/p/ubuntu/lp-1805256*: Fixes for QEMU on aarch64 ARM hosts
- async: use explicit memory barriers (LP 1805256)
- aio-wait: delegate polling of main AioContext if BQL not held
- d/p/ubuntu/lp-1882774-*: fix issues with VMX subfeatures on systems not
supporting to set them (LP 1882774)
- d/p/ubuntu/lp-1847361-modules-load-upgrade.patch: to fallback module
load to a versioned path
* Added Changes:
- d/control: regenerate debian/control out of control-in
- update d/p/ubuntu/lp-1835546-* to the final versions
- 11 patches dropped as they are in 5.0
- 20 patches updated to how they will be in 5.1
- d/p/ubuntu/virtio-net-fix-rsc_ext-compat-handling.patch: fix
FTBFS in groovy
- Make qemu-system-x86-microvm a transitional package as the binary is now
in qemu-system-x86 itself.
- d/control-in: build-dep libcap is no more needed
- d/rules: update arch aware kvm wrappers
- d/qemu-system-x86.README.Debian: fix typo
qemu (1:5.0-5) unstable; urgency=medium
* more binfmt-install updates
* CVE-2020-10717 fix from upstream:
virtiofsd-add-rlimit-nofile-NUM-option.patch (preparational) and
virtiofsd-stay-below-fs.file-max-CVE-2020-10717.patch
(Closes: #959746, CVE-2020-10717)
* 2 patches from upstream/stable to fix io_uring fd set buildup:
aio-posix-dont-duplicate-fd-handler-deletion-in-fdmon_io_uring_destroy.patch
aio-posix-disable-fdmon-io_uring-when-GSource-is-used.patch
* upstream stable fix: hostmem-dont-use-mbind-if-host-nodes-is-empty.patch
* upstream stable fix:
net-use-peer-when-purging-queue-in-qemu_flush_or_purge_queue_packets.patch
qemu (1:5.0-4) unstable; urgency=medium
* fix binfmt registration (Closes: #959222)
* disable PIE for user-static build on x32 too, not only i386
qemu (1:5.0-3) unstable; urgency=medium
* do not explicitly enable -static-pie on non-i386 architectures.
Apparenly only amd64 actually support -static-pie for now, and
it is correctly detected.
qemu (1:5.0-2) unstable; urgency=medium
* (temporarily) disable pie on i386 static build
For now -static-pie fails on i386 with the following error message:
/usr/bin/ld: /usr/lib/i386-linux-gnu/libc.a(memset_chk-nonshared.o):
unsupported non-PIC call to IFUNC `memset'
* install qemu-system docs in qemu-system-common, not qemu-system-data,
since docs require ./configure run
qemu (1:5.0-1) unstable; urgency=medium
* new upstream release (5.0)
Closes: #958926
Closes: CVE-2020-11869
* refresh patches, remove patches applied upstream
* do not mention openhackware, it is not used anymore
* do not disable bluez (support removed)
* new system arch "rx"
* dont install qemu-doc.* for now,
but install virtiofsd & qemu-storage-daemon
* add shared-lib-without-dependency-information tag
to qemu-user-static.lintian-overrides
* add html docs to qemu-system-data (to /usr/share/doc/qemu-system-common)
* do not install usr/share/doc/qemu/specs & usr/share/doc/qemu/tools
* install qemu-user html docs for qemu-user & qemu-user-static
* build hppa-firmware.img from roms/seabios-hppa
(and Build-Depeds-Indep on gcc-hppa-linux-gnu)
* enable liburing on linux (build-depend on liburing-dev)
* add upstream signing-key.asc (Michael Roth <flukshun@gmail.com>)
* build opensbi firmware
(for riscv64 only, riscv32 is possible with compiler flags)
* add source-level lintian-overrides for binaries-without-sources
(lintian can't find sources for a few firmware images which are in roms/)
qemu (1:4.2-7) unstable; urgency=medium
* qemu-system-gui: Multi-Arch=same, not foreign (Closes: #956763)
* x32 arch is in the same family as i386 & x86_64, omit binfmt registration
* check systemd-detect-virt before running update-binfmt
* gluster is de-facto linux-only, do not build-depend on it on non-linux
* virglrenderer is also essentially linux-specific
* qemu-user-static does not depend on shlibs
* disable parallel building of targets of d/rules
* add lintian overrides (arch-dependent static binaries) for openbios binaries
* separate binary-indep target into install-indep-prep and binary-indep
* split out various components of qemu-system-data into independent
build/install rules and add infrastructure for more components:
x86-optionrom, sgabios, qboot, openbios, skiboot, palcode-clipper,
slof, s390x-fw
* iscsi-fix-heap-buffer-overflow-in-iscsi_aio_ioctl_cb.patch
qemu (1:4.2-6) unstable; urgency=medium
* d/rules: fix FTBFS (brown-paper-bag bug) in last upload
qemu (1:4.2-5) unstable; urgency=medium
* no error-out on address-of-packet-member in openbios
* install ui-spice-app.so only if built, spice is optional
* arm-fix-PAuth-sbox-functions-CVE-2020-10702.patch -
Closes: CVE-2020-10702, weak signature generation
in Pointer Authentication support for ARM
* (temporarily) enable seccomp only on architectures where it can be built
(Closes: #956624)
* seccomp has grown up, no need in versioned build-dep
* do not list librados-dev in build-dep as we only use librbd-dev
and the latter depends on the former
* only enable librbd on architectures where it is buildable
qemu (1:4.2-4) unstable; urgency=medium
[ Michael Tokarev ]
* d/rules: build minimal configuration for qboot/microvm usage
* set microvm to be the default machine type for microvm case
* install ui-spice-app.so in qemu-system-common
* do not depend on libattr-dev, functions are now in libc6 (Closes: #953910)
* net-tulip-check-frame-size-and-r-w-data-length-CVE-2020-11102.patch
(Closes: #956145, CVE-2020-11102, tulip nic buffer overflow)
* qemu-system-data: s/highcolor/hicolor/ (Closes: #955741)
* switch binfmt registration to use update-binfmts --[un]import
(Closes: #866756)
* build openbios-ppc & openbios-sparc binaries in qemu-system-data,
and replace corresponding binary packages.
Add gcc-sparc64-linux-gnu, fcode-utils & xsltproc to build-depend-indep
* build and provide/replace qemu-slof too
[ Aurelien Jarno ]
* enable support for riscv64 hosts
-- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 28 Jul
2020 13:21:31 +0200
** Changed in: qemu (Ubuntu)
Status: Triaged => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-10702
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-10717
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-10761
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-11102
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-11869
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-12829
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13253
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13361
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13362
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13659
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13754
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13791
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13800
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-15863
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
Fix Released
Status in qemu package in Ubuntu:
Fix Released
Bug description:
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (13 preceding siblings ...)
2020-08-01 5:05 ` Launchpad Bug Tracker
@ 2021-04-19 23:03 ` Robie Basak
2021-04-26 9:12 ` Launchpad Bug Tracker
` (16 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Robie Basak @ 2021-04-19 23:03 UTC (permalink / raw)
To: qemu-devel
There's a request for a backport of this fix to be made to Ubuntu 20.04
in duplicate bug 1924231, so I'm adding a task for that.
** Also affects: qemu (Ubuntu Focal)
Importance: Undecided
Status: New
** Changed in: qemu (Ubuntu Focal)
Status: New => Confirmed
** Changed in: qemu (Ubuntu Focal)
Status: Confirmed => Triaged
** Changed in: qemu (Ubuntu Focal)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
Fix Released
Status in qemu package in Ubuntu:
Fix Released
Status in qemu source package in Focal:
Triaged
Bug description:
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (14 preceding siblings ...)
2021-04-19 23:03 ` Robie Basak
@ 2021-04-26 9:12 ` Launchpad Bug Tracker
2021-04-26 9:17 ` Christian Ehrhardt
` (15 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Launchpad Bug Tracker @ 2021-04-26 9:12 UTC (permalink / raw)
To: qemu-devel
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu/+source/qemu/+git/qemu/+merge/401771
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
Fix Released
Status in qemu package in Ubuntu:
Fix Released
Status in qemu source package in Focal:
Triaged
Bug description:
[Impact]
* The current space reserved can be too small and we can end up
with no space at all for BRK. It can happen to any case, but is
much more likely with the now common PIE binaries.
* Backport the upstream fix which reserves a bit more space while loading
and giving it back after interpreter and stack is loaded.
[Test Plan]
* On x86 run:
sudo apt install -y qemu-user-static docker.io
sudo docker run --rm arm64v8/debian:bullseye bash -c 'apt update && apt install -y wget'
...
Running hooks in /etc/ca-certificates/update.d...
done.
Errors were encountered while processing:
libc-bin
E: Sub-process /usr/bin/dpkg returned an error code (1)
[Where problems could occur]
* Regressions would be around use-cases of linux-user that is
emulation not of a system but of binaries.
Commonly uses for cross-tests and cross-builds so that is the
space to watch for regressions
[Other Info]
* n/a
---
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (15 preceding siblings ...)
2021-04-26 9:12 ` Launchpad Bug Tracker
@ 2021-04-26 9:17 ` Christian Ehrhardt
2021-04-26 9:30 ` Christian Ehrhardt
` (14 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Christian Ehrhardt @ 2021-04-26 9:17 UTC (permalink / raw)
To: qemu-devel
** Description changed:
+ [Impact]
+
+ * The current space reserved can be too small and we can end up
+ with no space at all for BRK. It can happen to any case, but is
+ much more likely with the now common PIE binaries.
+
+ * Backport the upstream fix which reserves a bit more space while loading
+ and giving it back after interpreter and stack is loaded.
+
+ [Test Plan]
+
+ * On x86 run:
+ sudo apt install -y qemu-user-static docker.io
+ sudo docker run --rm arm64v8/debian:bullseye bash -c 'apt update && apt install -y wget'
+ ...
+ Running hooks in /etc/ca-certificates/update.d...
+ done.
+ Errors were encountered while processing:
+ libc-bin
+ E: Sub-process /usr/bin/dpkg returned an error code (1)
+
+
+ [Where problems could occur]
+
+ * Regressions would be around use-cases of linux-user that is
+ emulation not of a system but of binaries.
+ Commonly uses for cross-tests and cross-builds so that is the
+ space to watch for regressions
+
+ [Other Info]
+
+ * n/a
+
+
+ ---
+
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being broken
when run under qemu-user (for all target architectures, host being amd64
for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's malloc,
then everything is fine. But it might be that glibc has a fallback when
sbrk() is not working properly and it might hide the underlying problem
in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-user-
static version 1:2.11+dfsg-1) but I have had reports that the problem is
reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
Fix Released
Status in qemu package in Ubuntu:
Fix Released
Status in qemu source package in Focal:
Triaged
Bug description:
[Impact]
* The current space reserved can be too small and we can end up
with no space at all for BRK. It can happen to any case, but is
much more likely with the now common PIE binaries.
* Backport the upstream fix which reserves a bit more space while loading
and giving it back after interpreter and stack is loaded.
[Test Plan]
* On x86 run:
sudo apt install -y qemu-user-static docker.io
sudo docker run --rm arm64v8/debian:bullseye bash -c 'apt update && apt install -y wget'
...
Running hooks in /etc/ca-certificates/update.d...
done.
Errors were encountered while processing:
libc-bin
E: Sub-process /usr/bin/dpkg returned an error code (1)
[Where problems could occur]
* Regressions would be around use-cases of linux-user that is
emulation not of a system but of binaries.
Commonly uses for cross-tests and cross-builds so that is the
space to watch for regressions
[Other Info]
* n/a
---
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (16 preceding siblings ...)
2021-04-26 9:17 ` Christian Ehrhardt
@ 2021-04-26 9:30 ` Christian Ehrhardt
2021-05-21 0:53 ` Yasuhiro Horimoto
` (13 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Christian Ehrhardt @ 2021-04-26 9:30 UTC (permalink / raw)
To: qemu-devel
For Focal:
- SRU Template added to the bug
- MP: https://code.launchpad.net/~paelzer/ubuntu/+source/qemu/+git/qemu/+merge/401771
- PPA: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4535/+packages (still building)
I'd ask anyone affected by this on Focal to give it a try on the PPA and
let us know if this fix would work for you.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
Fix Released
Status in qemu package in Ubuntu:
Fix Released
Status in qemu source package in Focal:
Triaged
Bug description:
[Impact]
* The current space reserved can be too small and we can end up
with no space at all for BRK. It can happen to any case, but is
much more likely with the now common PIE binaries.
* Backport the upstream fix which reserves a bit more space while loading
and giving it back after interpreter and stack is loaded.
[Test Plan]
* On x86 run:
sudo apt install -y qemu-user-static docker.io
sudo docker run --rm arm64v8/debian:bullseye bash -c 'apt update && apt install -y wget'
...
Running hooks in /etc/ca-certificates/update.d...
done.
Errors were encountered while processing:
libc-bin
E: Sub-process /usr/bin/dpkg returned an error code (1)
[Where problems could occur]
* Regressions would be around use-cases of linux-user that is
emulation not of a system but of binaries.
Commonly uses for cross-tests and cross-builds so that is the
space to watch for regressions
[Other Info]
* n/a
---
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (17 preceding siblings ...)
2021-04-26 9:30 ` Christian Ehrhardt
@ 2021-05-21 0:53 ` Yasuhiro Horimoto
2021-09-17 4:33 ` Sebastian Unger
` (12 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Yasuhiro Horimoto @ 2021-05-21 0:53 UTC (permalink / raw)
To: qemu-devel
Thank you for fixing the problem.
I confirmed that https://bugs.launchpad.net/bugs/1924231 is fixed with
https://launchpad.net/~ci-train-ppa-
service/+archive/ubuntu/4535/+packages.
Thank you.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
Fix Released
Status in qemu package in Ubuntu:
Fix Released
Status in qemu source package in Focal:
Triaged
Bug description:
[Impact]
* The current space reserved can be too small and we can end up
with no space at all for BRK. It can happen to any case, but is
much more likely with the now common PIE binaries.
* Backport the upstream fix which reserves a bit more space while loading
and giving it back after interpreter and stack is loaded.
[Test Plan]
* On x86 run:
sudo apt install -y qemu-user-static docker.io
sudo docker run --rm arm64v8/debian:bullseye bash -c 'apt update && apt install -y wget'
...
Running hooks in /etc/ca-certificates/update.d...
done.
Errors were encountered while processing:
libc-bin
E: Sub-process /usr/bin/dpkg returned an error code (1)
[Where problems could occur]
* Regressions would be around use-cases of linux-user that is
emulation not of a system but of binaries.
Commonly uses for cross-tests and cross-builds so that is the
space to watch for regressions
[Other Info]
* n/a
---
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (18 preceding siblings ...)
2021-05-21 0:53 ` Yasuhiro Horimoto
@ 2021-09-17 4:33 ` Sebastian Unger
2021-09-20 9:58 ` Christian Ehrhardt
` (11 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Sebastian Unger @ 2021-09-17 4:33 UTC (permalink / raw)
To: qemu-devel
I'm running qemu-arm version 4.2.1 (Debian 1:4.2-3ubuntu6.17) on Ubuntu
20.04.03, but I seem to still be affected by this (or something very
much like it). In my case it is armhf exim4 crashing while creating a
chroot on an amd64 host. The final command run from deeply within
exim4's postinst is:
/usr/sbin/exim4 -C /var/lib/exim4/config.autogenerated.tmp -bV
and produces
Exim version 4.93 #5 built 28-Apr-2021 13:19:17
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DANE DKIM DNSSEC Event I18N OCSP PRDR SOCKS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault (core dumped)
Interestingly, even
/usr/sbin/exim4 -C /dev/null -bV
produces the same result, so it likely doesn't depend on any
configuration at my end and should be reproducible.
Please let me know if there is anything I can do to help debug further.
Should I create a separate ticket?
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
Fix Released
Status in qemu package in Ubuntu:
Fix Released
Status in qemu source package in Focal:
Triaged
Bug description:
[Impact]
* The current space reserved can be too small and we can end up
with no space at all for BRK. It can happen to any case, but is
much more likely with the now common PIE binaries.
* Backport the upstream fix which reserves a bit more space while loading
and giving it back after interpreter and stack is loaded.
[Test Plan]
* On x86 run:
sudo apt install -y qemu-user-static docker.io
sudo docker run --rm arm64v8/debian:bullseye bash -c 'apt update && apt install -y wget'
...
Running hooks in /etc/ca-certificates/update.d...
done.
Errors were encountered while processing:
libc-bin
E: Sub-process /usr/bin/dpkg returned an error code (1)
[Where problems could occur]
* Regressions would be around use-cases of linux-user that is
emulation not of a system but of binaries.
Commonly uses for cross-tests and cross-builds so that is the
space to watch for regressions
[Other Info]
* n/a
---
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (19 preceding siblings ...)
2021-09-17 4:33 ` Sebastian Unger
@ 2021-09-20 9:58 ` Christian Ehrhardt
2021-11-30 8:44 ` Christian Ehrhardt
` (10 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Christian Ehrhardt @ 2021-09-20 9:58 UTC (permalink / raw)
To: qemu-devel
Yeah Sebastian, a new ticket (with a reference to this bug as being
similar) would be preferred.
** Changed in: qemu (Ubuntu)
Assignee: Christian Ehrhardt (paelzer) => (unassigned)
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
Fix Released
Status in qemu package in Ubuntu:
Fix Released
Status in qemu source package in Focal:
Triaged
Bug description:
[Impact]
* The current space reserved can be too small and we can end up
with no space at all for BRK. It can happen to any case, but is
much more likely with the now common PIE binaries.
* Backport the upstream fix which reserves a bit more space while loading
and giving it back after interpreter and stack is loaded.
[Test Plan]
* On x86 run:
sudo apt install -y qemu-user-static docker.io
sudo docker run --rm arm64v8/debian:bullseye bash -c 'apt update && apt install -y wget'
...
Running hooks in /etc/ca-certificates/update.d...
done.
Errors were encountered while processing:
libc-bin
E: Sub-process /usr/bin/dpkg returned an error code (1)
[Where problems could occur]
* Regressions would be around use-cases of linux-user that is
emulation not of a system but of binaries.
Commonly uses for cross-tests and cross-builds so that is the
space to watch for regressions
[Other Info]
* n/a
---
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (20 preceding siblings ...)
2021-09-20 9:58 ` Christian Ehrhardt
@ 2021-11-30 8:44 ` Christian Ehrhardt
2021-11-30 9:20 ` Christian Ehrhardt
` (9 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Christian Ehrhardt @ 2021-11-30 8:44 UTC (permalink / raw)
To: qemu-devel
Hi,
sorry this has fallen through the cracks, but bug 1928075 made me re-discover it and it is time finally to complete that.
** Tags added: server-next
** Description changed:
[Impact]
- * The current space reserved can be too small and we can end up
- with no space at all for BRK. It can happen to any case, but is
- much more likely with the now common PIE binaries.
+ * The current space reserved can be too small and we can end up
+ with no space at all for BRK. It can happen to any case, but is
+ much more likely with the now common PIE binaries.
- * Backport the upstream fix which reserves a bit more space while loading
- and giving it back after interpreter and stack is loaded.
+ * Backport the upstream fix which reserves a bit more space while loading
+ and giving it back after interpreter and stack is loaded.
[Test Plan]
- * On x86 run:
+ * On x86 run:
sudo apt install -y qemu-user-static docker.io
sudo docker run --rm arm64v8/debian:bullseye bash -c 'apt update && apt install -y wget'
...
Running hooks in /etc/ca-certificates/update.d...
done.
Errors were encountered while processing:
- libc-bin
+ libc-bin
E: Sub-process /usr/bin/dpkg returned an error code (1)
+ Second test from bug 1928075
+
+ $ sudo qemu-debootstrap --arch=arm64 bullseye bullseye-arm64
+ http://ftp.debian.org/debian
+
+ In the bad case this is failing like
+ W: Failure trying to run: /sbin/ldconfig
+ W: See //debootstrap/debootstrap.log for detail
+
+ And in that log file you'll see the segfault
+ $ tail -n 2 bullseye-arm64/debootstrap/debootstrap.log
+ qemu: uncaught target signal 11 (Segmentation fault) - core dumped
+ Segmentation fault (core dumped)
+
[Where problems could occur]
- * Regressions would be around use-cases of linux-user that is
- emulation not of a system but of binaries.
- Commonly uses for cross-tests and cross-builds so that is the
- space to watch for regressions
+ * Regressions would be around use-cases of linux-user that is
+ emulation not of a system but of binaries.
+ Commonly uses for cross-tests and cross-builds so that is the
+ space to watch for regressions
[Other Info]
-
- * n/a
+ * n/a
---
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being broken
when run under qemu-user (for all target architectures, host being amd64
for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's malloc,
then everything is fine. But it might be that glibc has a fallback when
sbrk() is not working properly and it might hide the underlying problem
in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-user-
static version 1:2.11+dfsg-1) but I have had reports that the problem is
reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
Fix Released
Status in qemu package in Ubuntu:
Fix Released
Status in qemu source package in Focal:
Triaged
Bug description:
[Impact]
* The current space reserved can be too small and we can end up
with no space at all for BRK. It can happen to any case, but is
much more likely with the now common PIE binaries.
* Backport the upstream fix which reserves a bit more space while loading
and giving it back after interpreter and stack is loaded.
[Test Plan]
* On x86 run:
sudo apt install -y qemu-user-static docker.io
sudo docker run --rm arm64v8/debian:bullseye bash -c 'apt update && apt install -y wget'
...
Running hooks in /etc/ca-certificates/update.d...
done.
Errors were encountered while processing:
libc-bin
E: Sub-process /usr/bin/dpkg returned an error code (1)
Second test from bug 1928075
$ sudo qemu-debootstrap --arch=arm64 bullseye bullseye-arm64
http://ftp.debian.org/debian
In the bad case this is failing like
W: Failure trying to run: /sbin/ldconfig
W: See //debootstrap/debootstrap.log for detail
And in that log file you'll see the segfault
$ tail -n 2 bullseye-arm64/debootstrap/debootstrap.log
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault (core dumped)
[Where problems could occur]
* Regressions would be around use-cases of linux-user that is
emulation not of a system but of binaries.
Commonly uses for cross-tests and cross-builds so that is the
space to watch for regressions
[Other Info]
* n/a
---
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (21 preceding siblings ...)
2021-11-30 8:44 ` Christian Ehrhardt
@ 2021-11-30 9:20 ` Christian Ehrhardt
2021-11-30 9:25 ` Christian Ehrhardt
` (8 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Christian Ehrhardt @ 2021-11-30 9:20 UTC (permalink / raw)
To: qemu-devel
SRU template updated, PPA rebuilt, Merge requests updated.
Also bundled another bug fix.
Waiting for MR review now.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
Fix Released
Status in qemu package in Ubuntu:
Fix Released
Status in qemu source package in Focal:
In Progress
Bug description:
[Impact]
* The current space reserved can be too small and we can end up
with no space at all for BRK. It can happen to any case, but is
much more likely with the now common PIE binaries.
* Backport the upstream fix which reserves a bit more space while loading
and giving it back after interpreter and stack is loaded.
[Test Plan]
* On x86 run:
sudo apt install -y qemu-user-static docker.io
sudo docker run --rm arm64v8/debian:bullseye bash -c 'apt update && apt install -y wget'
...
Running hooks in /etc/ca-certificates/update.d...
done.
Errors were encountered while processing:
libc-bin
E: Sub-process /usr/bin/dpkg returned an error code (1)
Second test from bug 1928075
$ sudo qemu-debootstrap --arch=arm64 bullseye bullseye-arm64
http://ftp.debian.org/debian
In the bad case this is failing like
W: Failure trying to run: /sbin/ldconfig
W: See //debootstrap/debootstrap.log for detail
And in that log file you'll see the segfault
$ tail -n 2 bullseye-arm64/debootstrap/debootstrap.log
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault (core dumped)
[Where problems could occur]
* Regressions would be around use-cases of linux-user that is
emulation not of a system but of binaries.
Commonly uses for cross-tests and cross-builds so that is the
space to watch for regressions
[Other Info]
* n/a
---
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (22 preceding siblings ...)
2021-11-30 9:20 ` Christian Ehrhardt
@ 2021-11-30 9:25 ` Christian Ehrhardt
2021-11-30 10:10 ` Christian Ehrhardt
` (7 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Christian Ehrhardt @ 2021-11-30 9:25 UTC (permalink / raw)
To: qemu-devel
** Changed in: qemu (Ubuntu Focal)
Status: Triaged => In Progress
** Changed in: qemu (Ubuntu Focal)
Assignee: (unassigned) => Christian Ehrhardt (paelzer)
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
Fix Released
Status in qemu package in Ubuntu:
Fix Released
Status in qemu source package in Focal:
In Progress
Bug description:
[Impact]
* The current space reserved can be too small and we can end up
with no space at all for BRK. It can happen to any case, but is
much more likely with the now common PIE binaries.
* Backport the upstream fix which reserves a bit more space while loading
and giving it back after interpreter and stack is loaded.
[Test Plan]
* On x86 run:
sudo apt install -y qemu-user-static docker.io
sudo docker run --rm arm64v8/debian:bullseye bash -c 'apt update && apt install -y wget'
...
Running hooks in /etc/ca-certificates/update.d...
done.
Errors were encountered while processing:
libc-bin
E: Sub-process /usr/bin/dpkg returned an error code (1)
Second test from bug 1928075
$ sudo qemu-debootstrap --arch=arm64 bullseye bullseye-arm64
http://ftp.debian.org/debian
In the bad case this is failing like
W: Failure trying to run: /sbin/ldconfig
W: See //debootstrap/debootstrap.log for detail
And in that log file you'll see the segfault
$ tail -n 2 bullseye-arm64/debootstrap/debootstrap.log
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault (core dumped)
[Where problems could occur]
* Regressions would be around use-cases of linux-user that is
emulation not of a system but of binaries.
Commonly uses for cross-tests and cross-builds so that is the
space to watch for regressions
[Other Info]
* n/a
---
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (23 preceding siblings ...)
2021-11-30 9:25 ` Christian Ehrhardt
@ 2021-11-30 10:10 ` Christian Ehrhardt
2021-11-30 19:28 ` Brian Murray
` (6 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Christian Ehrhardt @ 2021-11-30 10:10 UTC (permalink / raw)
To: qemu-devel
Uploaded to F-unapproved, waiting for the SRU team to accept it.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
Fix Released
Status in qemu package in Ubuntu:
Fix Released
Status in qemu source package in Focal:
In Progress
Bug description:
[Impact]
* The current space reserved can be too small and we can end up
with no space at all for BRK. It can happen to any case, but is
much more likely with the now common PIE binaries.
* Backport the upstream fix which reserves a bit more space while loading
and giving it back after interpreter and stack is loaded.
[Test Plan]
* On x86 run:
sudo apt install -y qemu-user-static docker.io
sudo docker run --rm arm64v8/debian:bullseye bash -c 'apt update && apt install -y wget'
...
Running hooks in /etc/ca-certificates/update.d...
done.
Errors were encountered while processing:
libc-bin
E: Sub-process /usr/bin/dpkg returned an error code (1)
Second test from bug 1928075
$ sudo qemu-debootstrap --arch=arm64 bullseye bullseye-arm64
http://ftp.debian.org/debian
In the bad case this is failing like
W: Failure trying to run: /sbin/ldconfig
W: See //debootstrap/debootstrap.log for detail
And in that log file you'll see the segfault
$ tail -n 2 bullseye-arm64/debootstrap/debootstrap.log
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault (core dumped)
[Where problems could occur]
* Regressions would be around use-cases of linux-user that is
emulation not of a system but of binaries.
Commonly uses for cross-tests and cross-builds so that is the
space to watch for regressions
[Other Info]
* n/a
---
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (24 preceding siblings ...)
2021-11-30 10:10 ` Christian Ehrhardt
@ 2021-11-30 19:28 ` Brian Murray
2021-12-01 7:46 ` Christian Ehrhardt
` (5 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Brian Murray @ 2021-11-30 19:28 UTC (permalink / raw)
To: qemu-devel
Hello Raphaël, or anyone else affected,
Accepted qemu into focal-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/qemu/1:4.2-3ubuntu6.19
in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed. Your feedback will aid us getting this
update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
focal to verification-done-focal. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-focal. In either case, without details of your testing we will
not be able to proceed.
Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in
advance for helping!
N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.
** Changed in: qemu (Ubuntu Focal)
Status: In Progress => Fix Committed
** Tags added: verification-needed verification-needed-focal
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
Fix Released
Status in qemu package in Ubuntu:
Fix Released
Status in qemu source package in Focal:
Fix Committed
Bug description:
[Impact]
* The current space reserved can be too small and we can end up
with no space at all for BRK. It can happen to any case, but is
much more likely with the now common PIE binaries.
* Backport the upstream fix which reserves a bit more space while loading
and giving it back after interpreter and stack is loaded.
[Test Plan]
* On x86 run:
sudo apt install -y qemu-user-static docker.io
sudo docker run --rm arm64v8/debian:bullseye bash -c 'apt update && apt install -y wget'
...
Running hooks in /etc/ca-certificates/update.d...
done.
Errors were encountered while processing:
libc-bin
E: Sub-process /usr/bin/dpkg returned an error code (1)
Second test from bug 1928075
$ sudo qemu-debootstrap --arch=arm64 bullseye bullseye-arm64
http://ftp.debian.org/debian
In the bad case this is failing like
W: Failure trying to run: /sbin/ldconfig
W: See //debootstrap/debootstrap.log for detail
And in that log file you'll see the segfault
$ tail -n 2 bullseye-arm64/debootstrap/debootstrap.log
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault (core dumped)
[Where problems could occur]
* Regressions would be around use-cases of linux-user that is
emulation not of a system but of binaries.
Commonly uses for cross-tests and cross-builds so that is the
space to watch for regressions
[Other Info]
* n/a
---
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (25 preceding siblings ...)
2021-11-30 19:28 ` Brian Murray
@ 2021-12-01 7:46 ` Christian Ehrhardt
2021-12-16 7:53 ` Christian Ehrhardt
` (4 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Christian Ehrhardt @ 2021-12-01 7:46 UTC (permalink / raw)
To: qemu-devel
Focal
old
$ sudo apt install --reinstall qemu-user-static=1:4.2-3ubuntu6.18
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded.
Need to get 21.3 MB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 qemu-user-static amd64 1:4.2-3ubuntu6.18 [21.3 MB]
Fetched 21.3 MB in 1s (16.4 MB/s)
(Reading database ... 126154 files and directories currently installed.)
Preparing to unpack .../qemu-user-static_1%3a4.2-3ubuntu6.18_amd64.deb ...
Unpacking qemu-user-static (1:4.2-3ubuntu6.18) over (1:4.2-3ubuntu6.18) ...
Setting up qemu-user-static (1:4.2-3ubuntu6.18) ...
Processing triggers for man-db (2.9.1-1) ...
ubuntu@f-1928075-qemuuserstatic:~$ sudo chroot /home/ubuntu/bullseye-arm64 /bin/sh /debootstrap/debootstrap --second-stage
W: Failure trying to run: /sbin/ldconfig
W: See //debootstrap/debootstrap.log for details
ubuntu@f-1928075-qemuuserstatic:~$ tail -n 2 bullseye-arm64/debootstrap/debootstrap.log
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault (core dumped)
Upgrade
ubuntu@f-1928075-qemuuserstatic:~$ apt-cache policy qemu-user-static
qemu-user-static:
Installed: 1:4.2-3ubuntu6.18
Candidate: 1:4.2-3ubuntu6.19
Version table:
1:4.2-3ubuntu6.19 500
500 http://archive.ubuntu.com/ubuntu focal-proposed/universe amd64 Packages
*** 1:4.2-3ubuntu6.18 500
500 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages
100 /var/lib/dpkg/status
1:4.2-3ubuntu6.17 500
500 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages
1:4.2-3ubuntu6 500
500 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages
ubuntu@f-1928075-qemuuserstatic:~$ sudo apt install qemu-user-static
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
qemu-user-static
1 upgraded, 0 newly installed, 0 to remove and 65 not upgraded.
Need to get 21.3 MB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu focal-proposed/universe amd64 qemu-user-static amd64 1:4.2-3ubuntu6.19 [21.3 MB]
Fetched 21.3 MB in 2s (9092 kB/s)
(Reading database ... 126160 files and directories currently installed.)
Preparing to unpack .../qemu-user-static_1%3a4.2-3ubuntu6.19_amd64.deb ...
Unpacking qemu-user-static (1:4.2-3ubuntu6.19) over (1:4.2-3ubuntu6.18) ...
Setting up qemu-user-static (1:4.2-3ubuntu6.19) ...
Processing triggers for man-db (2.9.1-1) ...
ubuntu@f-1928075-qemuuserstatic:~$ sudo update-binfmts --test --display qemu-aarch64
qemu-aarch64 (enabled):
package = qemu-user-static
type = magic
offset = 0
magic = \x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00
mask = \xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff
interpreter = /usr/bin/qemu-aarch64-static
detector =
Test with new versio
ubuntu@f-1928075-qemuuserstatic:~$ sudo chroot /home/ubuntu/bullseye-arm64 /bin/sh /debootstrap/debootstrap --second-stage
I: Installing core packages...
W: Failure trying to run: dpkg --force-depends --install /var/cache/apt/archives/base-passwd_3.5.51_arm64.deb
W: See //debootstrap/debootstrap.log for details
ubuntu@f-1928075-qemuuserstatic:~$ tail -n 2 bullseye-arm64/debootstrap/debootstrap.log
dpkg: error: parsing file '/var/lib/dpkg/status' near line 5 package 'dpkg':
duplicate value for 'Package' field
That is the good case and also a full run now completes.
$ sudo rm -rf bullseye-arm64; sudo qemu-debootstrap --arch=arm64 bullseye bullseye-arm64 http://ftp.debian.org/debian
I: Running command: debootstrap --arch arm64 --foreign bullseye bullseye-arm64 http://ftp.debian.org/debian
W: Cannot check Release signature; keyring file not available /usr/share/keyrings/debian-archive-keyring.gpg
I: Retrieving InRelease
I: Retrieving Packages
...
I: Configuring tasksel...
I: Configuring libc-bin...
I: Base system installed successfully.
I can't run the docker test due to networking restrictions, but it was
the same fault and the same fix - so that should be ok. If anyone else
can test -proposed with docker please feel free to do so.
** Tags removed: verification-needed verification-needed-focal
** Tags added: verification-done verification-done-focal
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
Fix Released
Status in qemu package in Ubuntu:
Fix Released
Status in qemu source package in Focal:
Fix Committed
Bug description:
[Impact]
* The current space reserved can be too small and we can end up
with no space at all for BRK. It can happen to any case, but is
much more likely with the now common PIE binaries.
* Backport the upstream fix which reserves a bit more space while loading
and giving it back after interpreter and stack is loaded.
[Test Plan]
* On x86 run:
sudo apt install -y qemu-user-static docker.io
sudo docker run --rm arm64v8/debian:bullseye bash -c 'apt update && apt install -y wget'
...
Running hooks in /etc/ca-certificates/update.d...
done.
Errors were encountered while processing:
libc-bin
E: Sub-process /usr/bin/dpkg returned an error code (1)
Second test from bug 1928075
$ sudo qemu-debootstrap --arch=arm64 bullseye bullseye-arm64
http://ftp.debian.org/debian
In the bad case this is failing like
W: Failure trying to run: /sbin/ldconfig
W: See //debootstrap/debootstrap.log for detail
And in that log file you'll see the segfault
$ tail -n 2 bullseye-arm64/debootstrap/debootstrap.log
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault (core dumped)
[Where problems could occur]
* Regressions would be around use-cases of linux-user that is
emulation not of a system but of binaries.
Commonly uses for cross-tests and cross-builds so that is the
space to watch for regressions
[Other Info]
* n/a
---
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (26 preceding siblings ...)
2021-12-01 7:46 ` Christian Ehrhardt
@ 2021-12-16 7:53 ` Christian Ehrhardt
2021-12-26 12:21 ` frank
` (3 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: Christian Ehrhardt @ 2021-12-16 7:53 UTC (permalink / raw)
To: qemu-devel
FYI the release of this is slowed down by the slow verification of bug
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1929926
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
Fix Released
Status in qemu package in Ubuntu:
Fix Released
Status in qemu source package in Focal:
Fix Committed
Bug description:
[Impact]
* The current space reserved can be too small and we can end up
with no space at all for BRK. It can happen to any case, but is
much more likely with the now common PIE binaries.
* Backport the upstream fix which reserves a bit more space while loading
and giving it back after interpreter and stack is loaded.
[Test Plan]
* On x86 run:
sudo apt install -y qemu-user-static docker.io
sudo docker run --rm arm64v8/debian:bullseye bash -c 'apt update && apt install -y wget'
...
Running hooks in /etc/ca-certificates/update.d...
done.
Errors were encountered while processing:
libc-bin
E: Sub-process /usr/bin/dpkg returned an error code (1)
Second test from bug 1928075
$ sudo qemu-debootstrap --arch=arm64 bullseye bullseye-arm64
http://ftp.debian.org/debian
In the bad case this is failing like
W: Failure trying to run: /sbin/ldconfig
W: See //debootstrap/debootstrap.log for detail
And in that log file you'll see the segfault
$ tail -n 2 bullseye-arm64/debootstrap/debootstrap.log
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault (core dumped)
[Where problems could occur]
* Regressions would be around use-cases of linux-user that is
emulation not of a system but of binaries.
Commonly uses for cross-tests and cross-builds so that is the
space to watch for regressions
[Other Info]
* n/a
---
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (27 preceding siblings ...)
2021-12-16 7:53 ` Christian Ehrhardt
@ 2021-12-26 12:21 ` frank
2022-01-03 11:42 ` Christian Ehrhardt
` (2 subsequent siblings)
31 siblings, 0 replies; 33+ messages in thread
From: frank @ 2021-12-26 12:21 UTC (permalink / raw)
To: qemu-devel
i can confirm that focal-proposed package fixes problems for arm64 and
armhf on hostarch amd64
note: tried ppa listed here which fixes for arm64 but breaks armhf:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1928075/comments/15
steps for installing proposed Package:
cat <<EOF >/etc/apt/sources.list.d/ubuntu-$(lsb_release -cs)-proposed.list
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted main multiverse universe
EOF
cat <<EOF >/etc/apt/preferences.d/proposed-updates
# Configure apt to allow selective installs of packages from proposed
Package: *
Pin: release a=$(lsb_release -cs)-proposed
Pin-Priority: 400
EOF
apt update
apt install qemu-user-static/focal-proposed
then build 2 bullseye-chroot (arm64 and armhf) including secondstage and
no crash happens
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
Fix Released
Status in qemu package in Ubuntu:
Fix Released
Status in qemu source package in Focal:
Fix Committed
Bug description:
[Impact]
* The current space reserved can be too small and we can end up
with no space at all for BRK. It can happen to any case, but is
much more likely with the now common PIE binaries.
* Backport the upstream fix which reserves a bit more space while loading
and giving it back after interpreter and stack is loaded.
[Test Plan]
* On x86 run:
sudo apt install -y qemu-user-static docker.io
sudo docker run --rm arm64v8/debian:bullseye bash -c 'apt update && apt install -y wget'
...
Running hooks in /etc/ca-certificates/update.d...
done.
Errors were encountered while processing:
libc-bin
E: Sub-process /usr/bin/dpkg returned an error code (1)
Second test from bug 1928075
$ sudo qemu-debootstrap --arch=arm64 bullseye bullseye-arm64
http://ftp.debian.org/debian
In the bad case this is failing like
W: Failure trying to run: /sbin/ldconfig
W: See //debootstrap/debootstrap.log for detail
And in that log file you'll see the segfault
$ tail -n 2 bullseye-arm64/debootstrap/debootstrap.log
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault (core dumped)
[Where problems could occur]
* Regressions would be around use-cases of linux-user that is
emulation not of a system but of binaries.
Commonly uses for cross-tests and cross-builds so that is the
space to watch for regressions
[Other Info]
* n/a
---
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (28 preceding siblings ...)
2021-12-26 12:21 ` frank
@ 2022-01-03 11:42 ` Christian Ehrhardt
2022-01-04 17:38 ` Launchpad Bug Tracker
2022-01-04 17:39 ` [Bug 1749393] Update Released Brian Murray
31 siblings, 0 replies; 33+ messages in thread
From: Christian Ehrhardt @ 2022-01-03 11:42 UTC (permalink / raw)
To: qemu-devel
Thank you Frank for that extra confirmation,
by now also all the blockers on the other bug fixed are good. I expect this to be released as soon as the SRU Team is back from the Christmas shutdown.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
Fix Released
Status in qemu package in Ubuntu:
Fix Released
Status in qemu source package in Focal:
Fix Committed
Bug description:
[Impact]
* The current space reserved can be too small and we can end up
with no space at all for BRK. It can happen to any case, but is
much more likely with the now common PIE binaries.
* Backport the upstream fix which reserves a bit more space while loading
and giving it back after interpreter and stack is loaded.
[Test Plan]
* On x86 run:
sudo apt install -y qemu-user-static docker.io
sudo docker run --rm arm64v8/debian:bullseye bash -c 'apt update && apt install -y wget'
...
Running hooks in /etc/ca-certificates/update.d...
done.
Errors were encountered while processing:
libc-bin
E: Sub-process /usr/bin/dpkg returned an error code (1)
Second test from bug 1928075
$ sudo qemu-debootstrap --arch=arm64 bullseye bullseye-arm64
http://ftp.debian.org/debian
In the bad case this is failing like
W: Failure trying to run: /sbin/ldconfig
W: See //debootstrap/debootstrap.log for detail
And in that log file you'll see the segfault
$ tail -n 2 bullseye-arm64/debootstrap/debootstrap.log
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault (core dumped)
[Where problems could occur]
* Regressions would be around use-cases of linux-user that is
emulation not of a system but of binaries.
Commonly uses for cross-tests and cross-builds so that is the
space to watch for regressions
[Other Info]
* n/a
---
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Re: sbrk() not working under qemu-user with a PIE-compiled binary?
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (29 preceding siblings ...)
2022-01-03 11:42 ` Christian Ehrhardt
@ 2022-01-04 17:38 ` Launchpad Bug Tracker
2022-01-04 17:39 ` [Bug 1749393] Update Released Brian Murray
31 siblings, 0 replies; 33+ messages in thread
From: Launchpad Bug Tracker @ 2022-01-04 17:38 UTC (permalink / raw)
To: qemu-devel
This bug was fixed in the package qemu - 1:4.2-3ubuntu6.19
---------------
qemu (1:4.2-3ubuntu6.19) focal; urgency=medium
* d/p/u/lp-1749393-linux-user-Reserve-space-for-brk.patch: fix static
use cases needing a lot of brk space (LP: #1749393)
* d/p/u/lp-1929926-target-s390x-Fix-translation-exception-on-illegal-in.patch:
fix uretprobe in s390x TCG (LP: #1929926)
-- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 26 Apr
2021 11:11:19 +0200
** Changed in: qemu (Ubuntu Focal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
Fix Released
Status in qemu package in Ubuntu:
Fix Released
Status in qemu source package in Focal:
Fix Released
Bug description:
[Impact]
* The current space reserved can be too small and we can end up
with no space at all for BRK. It can happen to any case, but is
much more likely with the now common PIE binaries.
* Backport the upstream fix which reserves a bit more space while loading
and giving it back after interpreter and stack is loaded.
[Test Plan]
* On x86 run:
sudo apt install -y qemu-user-static docker.io
sudo docker run --rm arm64v8/debian:bullseye bash -c 'apt update && apt install -y wget'
...
Running hooks in /etc/ca-certificates/update.d...
done.
Errors were encountered while processing:
libc-bin
E: Sub-process /usr/bin/dpkg returned an error code (1)
Second test from bug 1928075
$ sudo qemu-debootstrap --arch=arm64 bullseye bullseye-arm64
http://ftp.debian.org/debian
In the bad case this is failing like
W: Failure trying to run: /sbin/ldconfig
W: See //debootstrap/debootstrap.log for detail
And in that log file you'll see the segfault
$ tail -n 2 bullseye-arm64/debootstrap/debootstrap.log
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault (core dumped)
[Where problems could occur]
* Regressions would be around use-cases of linux-user that is
emulation not of a system but of binaries.
Commonly uses for cross-tests and cross-builds so that is the
space to watch for regressions
[Other Info]
* n/a
---
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
* [Bug 1749393] Update Released
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
` (30 preceding siblings ...)
2022-01-04 17:38 ` Launchpad Bug Tracker
@ 2022-01-04 17:39 ` Brian Murray
31 siblings, 0 replies; 33+ messages in thread
From: Brian Murray @ 2022-01-04 17:39 UTC (permalink / raw)
To: qemu-devel
The verification of the Stable Release Update for qemu has completed
successfully and the package is now being released to -updates.
Subsequently, the Ubuntu Stable Release Updates Team is being
unsubscribed and will not receive messages about this bug report. In
the event that you encounter a regression using the package from
-updates please report a new bug using ubuntu-bug and tag the bug report
regression-update so we can easily find any regressions.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1749393
Title:
sbrk() not working under qemu-user with a PIE-compiled binary?
Status in QEMU:
Fix Released
Status in qemu package in Ubuntu:
Fix Released
Status in qemu source package in Focal:
Fix Released
Bug description:
[Impact]
* The current space reserved can be too small and we can end up
with no space at all for BRK. It can happen to any case, but is
much more likely with the now common PIE binaries.
* Backport the upstream fix which reserves a bit more space while loading
and giving it back after interpreter and stack is loaded.
[Test Plan]
* On x86 run:
sudo apt install -y qemu-user-static docker.io
sudo docker run --rm arm64v8/debian:bullseye bash -c 'apt update && apt install -y wget'
...
Running hooks in /etc/ca-certificates/update.d...
done.
Errors were encountered while processing:
libc-bin
E: Sub-process /usr/bin/dpkg returned an error code (1)
Second test from bug 1928075
$ sudo qemu-debootstrap --arch=arm64 bullseye bullseye-arm64
http://ftp.debian.org/debian
In the bad case this is failing like
W: Failure trying to run: /sbin/ldconfig
W: See //debootstrap/debootstrap.log for detail
And in that log file you'll see the segfault
$ tail -n 2 bullseye-arm64/debootstrap/debootstrap.log
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault (core dumped)
[Where problems could occur]
* Regressions would be around use-cases of linux-user that is
emulation not of a system but of binaries.
Commonly uses for cross-tests and cross-builds so that is the
space to watch for regressions
[Other Info]
* n/a
---
In Debian unstable, we recently switched bash to be a PIE-compiled
binary (for hardening). Unfortunately this resulted in bash being
broken when run under qemu-user (for all target architectures, host
being amd64 for me).
$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash
bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated)
bash has its own malloc implementation based on sbrk():
https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c
When we disable this internal implementation and rely on glibc's
malloc, then everything is fine. But it might be that glibc has a
fallback when sbrk() is not working properly and it might hide the
underlying problem in qemu-user.
This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author:
https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080
You can find the problematic bash binary in that .deb file:
http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb
The version of qemu I have been using is 2.11 (Debian package qemu-
user-static version 1:2.11+dfsg-1) but I have had reports that the
problem is reproducible with older versions (back to 2.8 at least).
Here are the related Debian bug reports:
https://bugs.debian.org/889869
https://bugs.debian.org/865599
It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1749393/+subscriptions
^ permalink raw reply [flat|nested] 33+ messages in thread
end of thread, other threads:[~2022-01-04 17:51 UTC | newest]
Thread overview: 33+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-02-14 8:30 [Qemu-devel] [Bug 1749393] [NEW] sbrk() not working under qemu-user with a PIE-compiled binary? Raphaël Hertzog
2018-02-14 15:46 ` [Qemu-devel] [Bug 1749393] " Gérard Vidal
2018-03-01 19:15 ` Peter Ogden
2018-03-15 11:39 ` Peter Maydell
2018-03-15 15:27 ` Matthias Klose
2018-03-15 16:17 ` Peter Maydell
2018-03-15 17:56 ` Peter Ogden
2018-03-22 21:45 ` Launchpad Bug Tracker
2018-04-04 16:16 ` Matthias Klose
2020-01-17 23:52 ` Richard Henderson
2020-03-10 9:07 ` Laurent Vivier
2020-04-30 13:34 ` Laurent Vivier
2020-05-01 6:47 ` Christian Ehrhardt
2020-06-17 7:52 ` Christian Ehrhardt
2020-08-01 5:05 ` Launchpad Bug Tracker
2021-04-19 23:03 ` Robie Basak
2021-04-26 9:12 ` Launchpad Bug Tracker
2021-04-26 9:17 ` Christian Ehrhardt
2021-04-26 9:30 ` Christian Ehrhardt
2021-05-21 0:53 ` Yasuhiro Horimoto
2021-09-17 4:33 ` Sebastian Unger
2021-09-20 9:58 ` Christian Ehrhardt
2021-11-30 8:44 ` Christian Ehrhardt
2021-11-30 9:20 ` Christian Ehrhardt
2021-11-30 9:25 ` Christian Ehrhardt
2021-11-30 10:10 ` Christian Ehrhardt
2021-11-30 19:28 ` Brian Murray
2021-12-01 7:46 ` Christian Ehrhardt
2021-12-16 7:53 ` Christian Ehrhardt
2021-12-26 12:21 ` frank
2022-01-03 11:42 ` Christian Ehrhardt
2022-01-04 17:38 ` Launchpad Bug Tracker
2022-01-04 17:39 ` [Bug 1749393] Update Released Brian Murray
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).