[erlang-bugs] Erlang R14B4 segfaults if /sys/devices/system/node is not readable

Dennis Schridde devurandom@REDACTED
Mon Feb 27 13:38:28 CET 2012 

Hello!

I am using Erlang on a Gentoo/Hardened system, which restricts several things 
for security reasons. For example /sys/devices/system/node is only read and 
traversable (0700) by root, which makes erlexec segfault. I will describe how 
I reproduce the segfault and attach a backtrace.

In the following the directory "otp" refers to "otp_src_R14B04", which was the 
one I started building Erlang in (the build process also never finishes due to 
this issue).

otp/bootstrap/bin/erl was modified to set:
---
ROOTDIR=$ERL_TOP/bootstrap
BINDIR=$ERL_TOP/bin/ia64-unknown-linux-gnu
---

The script I use to reproduce is:
---
export ERL_TOP=`pwd`/otp
export PATH=$ERL_TOP/bootstrap/bin:${PATH}

echo "run -W +debug_info +warn_exported_vars +warn_missing_spec 
+warn_untyped_record -oebin misc/hipe_consttab.erl" > gdb.cmd

gdb erlc -x gdb.cmd
---

The segfault will happen in read_topology at common/erl_misc_utils.c:850.
That line reads:
  nde = readdir(ndir);
The issue comes from ndir which is set a few lines before:
  ndir = opendir(npath);
The return value should be checked against NULL, because that is what opendir 
returns on error - errno will tell the details.

It would be nice if you could provide a fallback method in case 
/sys/devices/system/node cannot be read.

If you need any additional information, please ask.

Kind regards,
Dennis

P.S: /sys/devices/system/cpu is readable by every user, so you could directly 
fallback to that.

The fix would then be to replace following code, starting from line 836:
    if (realpath(ERTS_SYS_NODE_PATH, npath)) {
        got_nodes = 1;
        ndir = opendir(npath);
    }
with:
    if (realpath(ERTS_SYS_NODE_PATH, npath)) {
        ndir = opendir(npath);
        if (ndir) {
         got_nodes = 1;
        }
    }

P.P.S: Does this list silently discard emails from non-subscribers? I did not 
receive a is-in-moderation-queue confirmation when first sending this email 
while not being subscribed...
-------------- next part --------------
process 13252 is executing new program: /bin/bash
process 13252 is executing new program: ...otp/bin/ia64-unknown-linux-gnu/erlexec

Program received signal SIGSEGV, Segmentation fault.
0x200004255b3143e0 in ?? ()
(gdb) bt full
#0  0x200004255b3143e0 in ?? ()
No symbol table info available.
#1  0x400007e64b577f80 in read_topology (cpuinfo=0x400007e64b5b1ba0) at common/erl_misc_utils.c:850
        node_id = -1
        npath = "/sys/devices/system/node", '\000' <repeats 4071 times>
        cpath = '\000' <repeats 4095 times>
        tpath = "cpu  169776 0 21892 550684 14211 123 524 0 0\ncpu0 58314 0 10054 300175 9556 123 396 0 0\ncpu1 111462 0 11838 250509 4655 0 128 0 0\nintr 1276499 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 6"...
        fpath = '\000' <repeats 272 times>, "\b-XK\346\a\000@", '\000' <repeats 2209 times>"\200, '\000\000\000\000\000\364V'\000\000\000\000\000\364V'", '\000' <repeats 13 times>, "\005\000\000\000\000\000\000\000\000@(\000\000\000\000\000\000\300(\000\000\000\000\000\260\236(\000\000\000\000\000\000\347(\000\000\000\000\000\000@'\000\000\000\000\000\003", '\000' <repeats 17 times>, "\f\000\000\000\000\000\300\312\v\000\000\000\000\000\300\312\v", '\000' <repeats 13 times>, "\005\000\000\000\000\000\000\000\000\300\f\000\000\000\000\000\000\000\r\000\000\000\000\000\244\322\f\000\000\000\000\000\340\322\f\000\000\000\000\000\000\300\v\000\000\000\000\000\003", '\000' <repeats 247 times>"\350, \330\016[%\004\000 ", '\000' <repeats 40 times>, " \324"...
        ndir = 0x0
        cdir = 0x0
        nde = 0x0
        ix = -1
        res = 0
        got_nodes = 1
        no_nodes = 0
#2  0x400007e64b575260 in erts_cpu_info_update (cpuinfo=0x400007e64b5b1ba0) at common/erl_misc_utils.c:414
        changed = 1
        configured = 2
        online = 2
        available = 2
        old_topology = 0x0
        old_topology_size = 0
        cpuset = {__bits = {3, 0 <repeats 15 times>}}
#3  0x400007e64b5745b0 in erts_cpu_info_create () at common/erl_misc_utils.c:232
        cpuinfo = 0x400007e64b5b1ba0
#4  0x400007e64b566ea0 in main (argc=25, argv=0x60000ddcbe16fc48) at ./erlexec.c:458
        haltAfterwards = 0
        isdistributed = 0
        no_epmd = 0
        i = 1
        s = 0x0
        epmd_prog = 0x0
        malloc_lib = 0x60000ddcbe16fb70 ""
        process_args = 1
        print_args_exit = 0
        print_qouted_cmd_exit = 0
        cpuinfo = 0x0
        emu_name = 0x0
        reset_cerl_detached = 0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20120227/87f2b313/attachment.bin>

More information about the erlang-bugs mailing list