[erlang-bugs] Erlang R14B4 segfaults if /sys/devices/system/node is not readable
Dennis Schridde
devurandom@REDACTED
Mon Feb 27 13:38:28 CET 2012
Hello!
I am using Erlang on a Gentoo/Hardened system, which restricts several things
for security reasons. For example /sys/devices/system/node is only read and
traversable (0700) by root, which makes erlexec segfault. I will describe how
I reproduce the segfault and attach a backtrace.
In the following the directory "otp" refers to "otp_src_R14B04", which was the
one I started building Erlang in (the build process also never finishes due to
this issue).
otp/bootstrap/bin/erl was modified to set:
---
ROOTDIR=$ERL_TOP/bootstrap
BINDIR=$ERL_TOP/bin/ia64-unknown-linux-gnu
---
The script I use to reproduce is:
---
export ERL_TOP=`pwd`/otp
export PATH=$ERL_TOP/bootstrap/bin:${PATH}
echo "run -W +debug_info +warn_exported_vars +warn_missing_spec
+warn_untyped_record -oebin misc/hipe_consttab.erl" > gdb.cmd
gdb erlc -x gdb.cmd
---
The segfault will happen in read_topology at common/erl_misc_utils.c:850.
That line reads:
nde = readdir(ndir);
The issue comes from ndir which is set a few lines before:
ndir = opendir(npath);
The return value should be checked against NULL, because that is what opendir
returns on error - errno will tell the details.
It would be nice if you could provide a fallback method in case
/sys/devices/system/node cannot be read.
If you need any additional information, please ask.
Kind regards,
Dennis
P.S: /sys/devices/system/cpu is readable by every user, so you could directly
fallback to that.
The fix would then be to replace following code, starting from line 836:
if (realpath(ERTS_SYS_NODE_PATH, npath)) {
got_nodes = 1;
ndir = opendir(npath);
}
with:
if (realpath(ERTS_SYS_NODE_PATH, npath)) {
ndir = opendir(npath);
if (ndir) {
got_nodes = 1;
}
}
P.P.S: Does this list silently discard emails from non-subscribers? I did not
receive a is-in-moderation-queue confirmation when first sending this email
while not being subscribed...
-------------- next part --------------
process 13252 is executing new program: /bin/bash
process 13252 is executing new program: ...otp/bin/ia64-unknown-linux-gnu/erlexec
Program received signal SIGSEGV, Segmentation fault.
0x200004255b3143e0 in ?? ()
(gdb) bt full
#0 0x200004255b3143e0 in ?? ()
No symbol table info available.
#1 0x400007e64b577f80 in read_topology (cpuinfo=0x400007e64b5b1ba0) at common/erl_misc_utils.c:850
node_id = -1
npath = "/sys/devices/system/node", '\000' <repeats 4071 times>
cpath = '\000' <repeats 4095 times>
tpath = "cpu 169776 0 21892 550684 14211 123 524 0 0\ncpu0 58314 0 10054 300175 9556 123 396 0 0\ncpu1 111462 0 11838 250509 4655 0 128 0 0\nintr 1276499 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 6"...
fpath = '\000' <repeats 272 times>, "\b-XK\346\a\000@", '\000' <repeats 2209 times>"\200, '\000\000\000\000\000\364V'\000\000\000\000\000\364V'", '\000' <repeats 13 times>, "\005\000\000\000\000\000\000\000\000@(\000\000\000\000\000\000\300(\000\000\000\000\000\260\236(\000\000\000\000\000\000\347(\000\000\000\000\000\000@'\000\000\000\000\000\003", '\000' <repeats 17 times>, "\f\000\000\000\000\000\300\312\v\000\000\000\000\000\300\312\v", '\000' <repeats 13 times>, "\005\000\000\000\000\000\000\000\000\300\f\000\000\000\000\000\000\000\r\000\000\000\000\000\244\322\f\000\000\000\000\000\340\322\f\000\000\000\000\000\000\300\v\000\000\000\000\000\003", '\000' <repeats 247 times>"\350, \330\016[%\004\000 ", '\000' <repeats 40 times>, " \324"...
ndir = 0x0
cdir = 0x0
nde = 0x0
ix = -1
res = 0
got_nodes = 1
no_nodes = 0
#2 0x400007e64b575260 in erts_cpu_info_update (cpuinfo=0x400007e64b5b1ba0) at common/erl_misc_utils.c:414
changed = 1
configured = 2
online = 2
available = 2
old_topology = 0x0
old_topology_size = 0
cpuset = {__bits = {3, 0 <repeats 15 times>}}
#3 0x400007e64b5745b0 in erts_cpu_info_create () at common/erl_misc_utils.c:232
cpuinfo = 0x400007e64b5b1ba0
#4 0x400007e64b566ea0 in main (argc=25, argv=0x60000ddcbe16fc48) at ./erlexec.c:458
haltAfterwards = 0
isdistributed = 0
no_epmd = 0
i = 1
s = 0x0
epmd_prog = 0x0
malloc_lib = 0x60000ddcbe16fb70 ""
process_args = 1
print_args_exit = 0
print_qouted_cmd_exit = 0
cpuinfo = 0x0
emu_name = 0x0
reset_cerl_detached = 0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20120227/87f2b313/attachment.bin>
More information about the erlang-bugs
mailing list