[Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
This bug was fixed in the package freeipmi - 1.6.4-3ubuntu1.1 --- freeipmi (1.6.4-3ubuntu1.1) focal; urgency=medium * d/p/lp-1875771-libfreeipmi-fix-segfault-in-SPMI-parsing.patch: fix crash on Dell iDRAC6/9 (LP: #1875771) -- Christian Ehrhardt Mon, 07 Sep 2020 09:02:06 +0200 ** Changed in: freeipmi (Ubuntu Focal) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
Pre: ii freeipmi-common 1.6.4-3ubuntu1 all GNU implementation of the IPMI protocol - common files ii freeipmi-tools 1.6.4-3ubuntu1 amd64GNU implementation of the IPMI protocol - tools ii libfreeipmi17 1.6.4-3ubuntu1 amd64GNU IPMI - libraries ii libipmiconsole2 1.6.4-3ubuntu1 amd64GNU IPMI - Serial-over-Lan library ii libipmidetect0 1.6.4-3ubuntu1 amd64GNU IPMI - IPMI node detection library $ sudo ipmi-locate Probing KCS device using DMIDECODE... done IPMI Version: 2.0 IPMI locate driver: DMIDECODE IPMI interface: KCS BMC driver device: BMC I/O base address: 0xCA8 Register spacing: 4 Probing SMIC device using DMIDECODE... FAILED Probing BT device using DMIDECODE... FAILED Probing SSIF device using DMIDECODE... FAILED Probing KCS device using SMBIOS... FAILED Probing SMIC device using SMBIOS... FAILED Probing BT device using SMBIOS... FAILED Probing SSIF device using SMBIOS... FAILED Segmentation fault ## Upgrade to proposed $ v="1.6.4-3ubuntu1.1"; sudo apt install freeipmi-tools=$v libfreeipmi17=$v freeipmi-common=$v libipmiconsole2=$v libipmidetect0=$v Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: libmysqlclient21 libopenipmi0 libsnmp-base libsnmp35 mysql-common openipmi Use 'sudo apt autoremove' to remove them. Suggested packages: freeipmi-ipmidetect freeipmi-bmc-watchdog The following packages will be upgraded: freeipmi-common freeipmi-tools libfreeipmi17 libipmiconsole2 libipmidetect0 5 upgraded, 0 newly installed, 0 to remove and 88 not upgraded. Need to get 1810 kB of archives. After this operation, 4096 B disk space will be freed. Get:1 http://us.archive.ubuntu.com/ubuntu focal-proposed/main amd64 libipmidetect0 amd64 1.6.4-3ubuntu1.1 [32.3 kB] Get:2 http://us.archive.ubuntu.com/ubuntu focal-proposed/main amd64 libfreeipmi17 amd64 1.6.4-3ubuntu1.1 [875 kB] Get:3 http://us.archive.ubuntu.com/ubuntu focal-proposed/main amd64 libipmiconsole2 amd64 1.6.4-3ubuntu1.1 [86.9 kB] Get:4 http://us.archive.ubuntu.com/ubuntu focal-proposed/main amd64 freeipmi-tools amd64 1.6.4-3ubuntu1.1 [636 kB] Get:5 http://us.archive.ubuntu.com/ubuntu focal-proposed/main amd64 freeipmi-common all 1.6.4-3ubuntu1.1 [179 kB] Fetched 1810 kB in 0s (32.1 MB/s) (Reading database ... 106008 files and directories currently installed.) Preparing to unpack .../libipmidetect0_1.6.4-3ubuntu1.1_amd64.deb ... Unpacking libipmidetect0 (1.6.4-3ubuntu1.1) over (1.6.4-3ubuntu1) ... Preparing to unpack .../libfreeipmi17_1.6.4-3ubuntu1.1_amd64.deb ... Unpacking libfreeipmi17 (1.6.4-3ubuntu1.1) over (1.6.4-3ubuntu1) ... Preparing to unpack .../libipmiconsole2_1.6.4-3ubuntu1.1_amd64.deb ... Unpacking libipmiconsole2 (1.6.4-3ubuntu1.1) over (1.6.4-3ubuntu1) ... Preparing to unpack .../freeipmi-tools_1.6.4-3ubuntu1.1_amd64.deb ... Unpacking freeipmi-tools (1.6.4-3ubuntu1.1) over (1.6.4-3ubuntu1) ... Preparing to unpack .../freeipmi-common_1.6.4-3ubuntu1.1_all.deb ... Unpacking freeipmi-common (1.6.4-3ubuntu1.1) over (1.6.4-3ubuntu1) ... Setting up freeipmi-common (1.6.4-3ubuntu1.1) ... Setting up libfreeipmi17 (1.6.4-3ubuntu1.1) ... Setting up libipmidetect0 (1.6.4-3ubuntu1.1) ... Setting up libipmiconsole2 (1.6.4-3ubuntu1.1) ... Setting up freeipmi-tools (1.6.4-3ubuntu1.1) ... Processing triggers for man-db (2.9.1-1) ... Processing triggers for install-info (6.7.0.dfsg.2-5) ... Processing triggers for libc-bin (2.31-0ubuntu9) ... Post: $ sudo ipmi-locate Probing KCS device using DMIDECODE... done IPMI Version: 2.0 IPMI locate driver: DMIDECODE IPMI interface: KCS BMC driver device: BMC I/O base address: 0xCA8 Register spacing: 4 Probing SMIC device using DMIDECODE... FAILED Probing BT device using DMIDECODE... FAILED Probing SSIF device using DMIDECODE... FAILED Probing KCS device using SMBIOS... FAILED Probing SMIC device using SMBIOS... FAILED Probing BT device using SMBIOS... FAILED Probing SSIF device using SMBIOS... FAILED Probing KCS device using ACPI... FAILED Probing SMIC device using ACPI... FAILED Probing BT device using ACPI... FAILED Probing SSIF device using ACPI... FAILED Probing KCS device using PCI... FAILED Probing SMIC device using PCI... FAILED Probing BT device using PCI... FAILED Probing SSIF device using PCI... FAILED We can see it passes the former crash. It still can't find anything on this kind of system, but that isn't what this bug is about. Setting verified ** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/
[Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
Hello Jeff, or anyone else affected, Accepted freeipmi into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/freeipmi/1.6.4-3ubuntu1.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-focal. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: freeipmi (Ubuntu Focal) Status: Triaged => Fix Committed ** Tags added: verification-needed verification-needed-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
** Description changed: - Ran ipmi-locate on a system running Focal. ipmi-locate returns the info - I expect to see, and then segfaults (no core dump that I'm aware of). + [Impact] + + * A variable was badly initialized leading to a 0x0 pointer that was +accessed and segfaulting the program. In older versions this was +hidden due to other fails leading to an early exit on such platforms +(those we don't have to touch) + + * The Patch was upstreamed and hereby backported (applies as-is) to + Focal + + [Test Case] + + * There might be more affected systems, but he one we know so far +are dell idrac6/9 so please test on those if possible. +Obviously "regression tests" can be done on any system. +- run ipmi-locate +- without the fix it will segfault + + [Regression Potential] + + * The initialization is done right at the beginning of the function +and not accessed until the bad one we remove. So any user of that +variable would have crashed. Due to that I think we can't regress a +case that wasn't formerly segfaulting - which should be fine. +The one change of behavior is that if people just ran the command (not +checking output) and checked RC for further actions it might now on +some systems actually work and return a difference RC. + + [Other Info] + + * n/a + + --- + + + Ran ipmi-locate on a system running Focal. ipmi-locate returns the info I expect to see, and then segfaults (no core dump that I'm aware of). ubuntu@mayapple:~$ sudo ipmi-locate --version ipmi-locate - 1.6.4 Copyright (C) 2005-2015 FreeIPMI Core Team This program is free software; you may redistribute it under the terms of the GNU General Public License. This program has absolutely no warranty. ubuntu@mayapple:~$ sudo ipmi-locate Probing KCS device using DMIDECODE... done IPMI Version: 2.0 IPMI locate driver: DMIDECODE IPMI interface: KCS - BMC driver device: + BMC driver device: BMC I/O base address: 0xCA8 Register spacing: 4 Probing SMIC device using DMIDECODE... FAILED Probing BT device using DMIDECODE... FAILED Probing SSIF device using DMIDECODE... FAILED Probing KCS device using SMBIOS... FAILED Probing SMIC device using SMBIOS... FAILED Probing BT device using SMBIOS... FAILED Probing SSIF device using SMBIOS... FAILED Segmentation fault - On a machine running Bionic, it returns similar data but does not segfault afterwards: bladernr@weavile:~$ sudo ipmi-locate --version ipmi-locate - 1.4.11 Copyright (C) 2005-2014 FreeIPMI Core Team This program is free software; you may redistribute it under the terms of the GNU General Public License. This program has absolutely no warranty. bladernr@weavile:~$ sudo ipmi-locate Probing KCS device using DMIDECODE... done IPMI Version: 2.0 IPMI locate driver: DMIDECODE IPMI interface: KCS - BMC driver device: + BMC driver device: BMC I/O base address: 0xCA2 Register spacing: 1 Probing SMIC device using DMIDECODE... FAILED Probing BT device using DMIDECODE... FAILED Probing SSIF device using DMIDECODE... FAILED Probing KCS device using SMBIOS... FAILED Probing SMIC device using SMBIOS... FAILED Probing BT device using SMBIOS... FAILED Probing SSIF device using SMBIOS... FAILED Probing KCS device using ACPI... done IPMI Version: 2.0 IPMI locate driver: ACPI IPMI interface: KCS - BMC driver device: + BMC driver device: BMC I/O base address: 0xCA3 Register spacing: 1 Probing SMIC device using ACPI... FAILED Probing BT device using ACPI... FAILED Probing SSIF device using ACPI... FAILED Probing KCS device using PCI... FAILED Probing SMIC device using PCI... FAILED Probing BT device using PCI... FAILED Probing SSIF device using PCI... FAILED ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: freeipmi-tools 1.6.4-3ubuntu1 ProcVersionSignature: User Name 5.4.0-26.30-generic 5.4.30 Uname: Linux 5.4.0-26-generic x86_64 ApportVersion: 2.20.11-0ubuntu27 Architecture: amd64 CasperMD5CheckResult: skip Date: Tue Apr 28 22:56:41 2020 ProcEnviron: - TERM=screen-256color - PATH=(custom, no user) - XDG_RUNTIME_DIR= - LANG=C.UTF-8 - SHELL=/bin/bash + TERM=screen-256color + PATH=(custom, no user) + XDG_RUNTIME_DIR= + LANG=C.UTF-8 + SHELL=/bin/bash SourcePackage: freeipmi UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
** Merge proposal linked: https://code.launchpad.net/~paelzer/ubuntu/+source/freeipmi/+git/freeipmi/+merge/390350 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
Upstream as commit 7afb97681d5ccdc237891a8d2a3ec1c994958dd0 Author: Christian Ehrhardt Date: Thu Sep 3 03:48:57 2020 -0700 libfreeipmi: fix segfault in SPMI parsing on branch: upstream/freeipmi-1-6-0-stable Prepping this for Focal => https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4251/+packages => https://code.launchpad.net/~paelzer/ubuntu/+source/freeipmi/+git/freeipmi/+merge/390350 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
This bug was fixed in the package freeipmi - 1.6.4-3ubuntu2 --- freeipmi (1.6.4-3ubuntu2) groovy; urgency=medium * d/p/lp-1875771-libfreeipmi-fix-segfault-in-SPMI-parsing.patch: fix crash on Dell iDRAC6/9 (LP: #1875771 -- Christian Ehrhardt Thu, 03 Sep 2020 09:25:11 +0200 ** Changed in: freeipmi (Ubuntu Groovy) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
Jeff, thanks for testing that, and yeah that confirms the line in question is in error. Christian, good work on the additional archaeology which reveals how this error originated, and on the packaging to get this into the distro. Removing the bad line seems like the good fix/workaround for this problem, and I've +1'd the MP to get this repaired in Ubuntu. Nicely done all around. :-) ** Also affects: freeipmi (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: freeipmi (Ubuntu Groovy) Importance: Medium Status: Confirmed ** Changed in: freeipmi (Ubuntu Focal) Status: New => Triaged ** Changed in: freeipmi (Ubuntu Groovy) Status: Confirmed => Triaged ** Changed in: freeipmi (Ubuntu Focal) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
** Merge proposal linked: https://code.launchpad.net/~paelzer/ubuntu/+source/freeipmi/+git/freeipmi/+merge/390219 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
Now that we have the root cause and also explain why we see it now and not in the past I have prepped this as a fix and submitted it: https://lists.gnu.org/archive/html/freeipmi-devel/2020-09/msg1.html Let us see what the response there is and then consider applying the fix in Focal and Groovy. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
Way back it seems it set this to zero for a reason. http://git.savannah.gnu.org/cgit/freeipmi.git/commit/?id=68ed819225bdb529f34baca74e499a9645da5197 acpi_table was a global vaiable before and the predecessor of "_ipmi_acpi_get_table" called "ipmi_acpi_get_table" was called with an & operator. + if (ipmi_acpi_get_table (table_address, signature, + &acpi_table, + &acpi_table_length) != 0) Back then it cleared the former value, just as today line 1308 still does with "*acpi_table = NULL;" (clears the value not the pointer). Things changed a lot since then and as Bryce stated "_ipmi_acpi_get_table" expects malloc'ed memory which it isn't anymore after setting the pointer itself back to NULL. The last piece to the puzzle is why it wasn't broken before as Jeff reported Bionic to work. This is true, but the error we found is there. It has an early exit in "_ipmi_acpi_get_table_dev_mem" before it gets to the bad code. In Bionic _ipmi_acpi_get_rsdp always returns -1 and never finds anything. This was fixed by the massive cleanup of http://git.savannah.gnu.org/cgit/freeipmi.git/commit/?id=094cd5ce63aff8597ff8f45f2efd014d24995747 That is in freeipmi since 1.6.0 and unblocks the code in Focal to reach the bad acpi_table re-initialization. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
On Wed, Sep 2, 2020 at 1:20 PM Bryce Harrington <1875...@bugs.launchpad.net> wrote: > If it was, that seems redundant with line 1308 so still seems odd. In > any case, setting acpi_table = NULL and then passing that to > _ipmi_acpi_get_table() seems very suspect. It might be interesting to > see what would happen if you try commenting out line 1387 and trying to > reproduce the crash? It looks like this code was added in 0.7.15-1 (Nov > 2009). So I tried that, and no segfault... Output before: ubuntu@mayapple:~/source$ sudo ipmi-locate Probing KCS device using DMIDECODE... done IPMI Version: 2.0 IPMI locate driver: DMIDECODE IPMI interface: KCS BMC driver device: BMC I/O base address: 0xCA8 Register spacing: 4 Probing SMIC device using DMIDECODE... FAILED Probing BT device using DMIDECODE... FAILED Probing SSIF device using DMIDECODE... FAILED Probing KCS device using SMBIOS... FAILED Probing SMIC device using SMBIOS... FAILED Probing BT device using SMBIOS... FAILED Probing SSIF device using SMBIOS... FAILED Segmentation fault And output after: ubuntu@mayapple:~/source$ sudo ipmi-locate Probing KCS device using DMIDECODE... done IPMI Version: 2.0 IPMI locate driver: DMIDECODE IPMI interface: KCS BMC driver device: BMC I/O base address: 0xCA8 Register spacing: 4 Probing SMIC device using DMIDECODE... FAILED Probing BT device using DMIDECODE... FAILED Probing SSIF device using DMIDECODE... FAILED Probing KCS device using SMBIOS... FAILED Probing SMIC device using SMBIOS... FAILED Probing BT device using SMBIOS... FAILED Probing SSIF device using SMBIOS... FAILED Probing KCS device using ACPI... FAILED Probing SMIC device using ACPI... FAILED Probing BT device using ACPI... FAILED Probing SSIF device using ACPI... FAILED Probing KCS device using PCI... FAILED Probing SMIC device using PCI... FAILED Probing BT device using PCI... FAILED Probing SSIF device using PCI... FAILED all I did was, as you suggested, commented out line 1387, and this runs to completion and exits successfully. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
1260: static int 1261: _ipmi_acpi_get_table_dev_mem (ipmi_locate_ctx_t ctx, 1262: char *signature, 1263: unsigned int table_instance, 1264: uint8_t **acpi_table, 1265: uint32_t *acpi_table_length) 1266: { ... 1305: assert (acpi_table); 1306: assert (acpi_table_length); 1307: 1308: *acpi_table = NULL; ... 1387: acpi_table = NULL; 1388: acpi_table_length = 0; 1389: for (i = 0, signature_table_count = 0; i < acpi_table_count; i++) 1340: { ... 1429: if (_ipmi_acpi_get_table (ctx, 1430: table_address, 1431: signature, 1432: acpi_table, 1433: acpi_table_length) < 0) 1434: continue; ... 1440: free (acpi_table); 1441: acpi_table = NULL; 1442: acpi_table_length = 0; 1443:} _ipmi_acpi_get_table() is documented as requiring malloc'd memory passed in via its acpi_table argument, and in fact asserts that it's non null before using it. So passing acpi_table=NULL is a programming error, yet it appears this is what happens via line 1387. I wonder if perhaps what was meant on line 1387 was: 1387: *acpi_table = NULL; If it was, that seems redundant with line 1308 so still seems odd. In any case, setting acpi_table = NULL and then passing that to _ipmi_acpi_get_table() seems very suspect. It might be interesting to see what would happen if you try commenting out line 1387 and trying to reproduce the crash? It looks like this code was added in 0.7.15-1 (Nov 2009). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
Marking as "confirmed" as it sounds as if Christian & Jeff are homing in on the root cause. ** Changed in: freeipmi (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
Yeah, there is no /sys/firmware/acpi/tables/SPMI* at all on that system. So the difference must be in the code that makes it reach that path with the Focal code but not on Bionic. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
Thanks Jeff! Fail at _ipmi_acpi_get_table 1031: *acpi_table = NULL; At this time we see acpi_table=0x0 So dereference 0x0 and segfault. Now how far up does this crash have data... _ipmi_acpi_get_firmware_table does 1485 uint8_t *acpi_table = NULL; ... 1498 if ((_ipmi_acpi_get_table_sysfs (ctx, signature, table_instance, 1499 &acpi_table, &acpi_table_length) != 0)) So if _ipmi_acpi_get_table_sysfs returns != 0 BUT keeps acpi_table unset our bug will happen. The crash no more holds the execution stack of _ipmi_acpi_get_table_sysfs as that is completed, but we can check the function if anything obvious is there (and different to Bionic). _ipmi_acpi_get_firmware_table (signature=0x7f731c71582e "SPMI", sign_table_data_length=, sign_table_data=, table_instance=0, ctx=0x55c6e4ab4510) To reach rv=0 it needs to reach 1233 *acpi_table = acpi_table_buf; The "malloc of" and "read into" of acpi_table_buf have to succeed to not hit "cleanup". But if acpi_table_length would be zero, then malloc can return NULL and read returning 0 would be accepted. acpi_table_length is from lseek (sysfs_acpi_fd, 0, SEEK_END) Theory: /sys/firmware/acpi/tables/SPMI* contains an empty file - that might lead to the crash. Example of a HP system: $ sudo cat /sys/firmware/acpi/tables/SPMI SPMIA�HPProLiantHP � Comparing Focal/Bionic in regard to _ipmi_acpi_get_firmware_table / _ipmi_acpi_get_table_sysfs doesn't point to anything obvious. I'd assume the change that makes one work is in a different place (e.g. not calling into the function at all). @Jeff - what does the system have at /sys/firmware/acpi/tables/SPMI ? file list and stat please $ ls -laF /sys/firmware/acpi/tables/SPMI* $ stat /sys/firmware/acpi/tables/SPMI* - if not too much attaching the file(s) here would be awesome -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
ahhh thanks. Here's a text dump of that adding --rebuild-package-info. On Tue, Sep 1, 2020 at 11:10 AM Christian Ehrhardt <1875...@bugs.launchpad.net> wrote: > > Just add --rebuild-package-info and it will add the Package data > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1875771 > > Title: > ipmi_locate segfault on Focal (Dell iDRAC6/9) > > Status in freeipmi package in Ubuntu: > Incomplete > > Bug description: > Ran ipmi-locate on a system running Focal. ipmi-locate returns the > info I expect to see, and then segfaults (no core dump that I'm aware > of). > > ubuntu@mayapple:~$ sudo ipmi-locate --version > ipmi-locate - 1.6.4 > Copyright (C) 2005-2015 FreeIPMI Core Team > This program is free software; you may redistribute it under the terms of > the GNU General Public License. This program has absolutely no warranty. > ubuntu@mayapple:~$ sudo ipmi-locate > Probing KCS device using DMIDECODE... done > IPMI Version: 2.0 > IPMI locate driver: DMIDECODE > IPMI interface: KCS > BMC driver device: > BMC I/O base address: 0xCA8 > Register spacing: 4 > > Probing SMIC device using DMIDECODE... FAILED > > Probing BT device using DMIDECODE... FAILED > > Probing SSIF device using DMIDECODE... FAILED > > Probing KCS device using SMBIOS... FAILED > > Probing SMIC device using SMBIOS... FAILED > > Probing BT device using SMBIOS... FAILED > > Probing SSIF device using SMBIOS... FAILED > > Segmentation fault > > > On a machine running Bionic, it returns similar data but does not segfault > afterwards: > bladernr@weavile:~$ sudo ipmi-locate --version > ipmi-locate - 1.4.11 > Copyright (C) 2005-2014 FreeIPMI Core Team > This program is free software; you may redistribute it under the terms of > the GNU General Public License. This program has absolutely no warranty. > bladernr@weavile:~$ sudo ipmi-locate > Probing KCS device using DMIDECODE... done > IPMI Version: 2.0 > IPMI locate driver: DMIDECODE > IPMI interface: KCS > BMC driver device: > BMC I/O base address: 0xCA2 > Register spacing: 1 > > Probing SMIC device using DMIDECODE... FAILED > > Probing BT device using DMIDECODE... FAILED > > Probing SSIF device using DMIDECODE... FAILED > > Probing KCS device using SMBIOS... FAILED > > Probing SMIC device using SMBIOS... FAILED > > Probing BT device using SMBIOS... FAILED > > Probing SSIF device using SMBIOS... FAILED > > Probing KCS device using ACPI... done > IPMI Version: 2.0 > IPMI locate driver: ACPI > IPMI interface: KCS > BMC driver device: > BMC I/O base address: 0xCA3 > Register spacing: 1 > > Probing SMIC device using ACPI... FAILED > > Probing BT device using ACPI... FAILED > > Probing SSIF device using ACPI... FAILED > > Probing KCS device using PCI... FAILED > > Probing SMIC device using PCI... FAILED > > Probing BT device using PCI... FAILED > > Probing SSIF device using PCI... FAILED > > ProblemType: Bug > DistroRelease: Ubuntu 20.04 > Package: freeipmi-tools 1.6.4-3ubuntu1 > ProcVersionSignature: User Name 5.4.0-26.30-generic 5.4.30 > Uname: Linux 5.4.0-26-generic x86_64 > ApportVersion: 2.20.11-0ubuntu27 > Architecture: amd64 > CasperMD5CheckResult: skip > Date: Tue Apr 28 22:56:41 2020 > ProcEnviron: >TERM=screen-256color >PATH=(custom, no user) >XDG_RUNTIME_DIR= >LANG=C.UTF-8 >SHELL=/bin/bash > SourcePackage: freeipmi > UpgradeStatus: No upgrade log present (probably fresh install) > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions > > Launchpad-Notification-Type: bug > Launchpad-Bug: distribution=ubuntu; sourcepackage=freeipmi; component=main; > status=Incomplete; importance=Medium; assignee=None; > Launchpad-Bug-Tags: amd64 apport-bug focal uec-images > Launchpad-Bug-Information-Type: Public > Launchpad-Bug-Private: no > Launchpad-Bug-Security-Vulnerability: no > Launchpad-Bug-Commenters: bladernr bryce janitor paelzer paride > Launchpad-Bug-Reporter: Jeff Lane (bladernr) > Launchpad-Bug-Modifier: Christian Ehrhardt (paelzer) > Launchpad-Message-Rationale: Subscriber > Launchpad-Message-For: bladernr -- Jeff Lane Engineering Manager IHV/OEM Alliances and Server Certification "Entropy isn't what it used to be." ** Attachment added: "apport-retrace-ipmi-locate.txt" https://bugs.launchpad.net/bugs/1875771/+attachment/5406589/+files/apport-retrace-ipmi-locate.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.
[Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
Just add --rebuild-package-info and it will add the Package data -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
And here's the crash file for ipmi-locate on the older iDRAC6 machine w/ Focal... Note, apport-retrace errors out saying: # apport-retrace /var/crash/_usr_sbin_ipmi-locate.0.crash --stdout ERROR: report file does not contain one of the required fields: Package ** Attachment added: "_usr_sbin_ipmi-locate.0.crash" https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+attachment/5406554/+files/_usr_sbin_ipmi-locate.0.crash -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
Sorry about that... I had the debug for freeipmi-tools installed, but not for libfreeipmi17. Corrected and here's the gdb trace. This is for 1.6.4 on Focal on an older Dell w/ iDRAC6 ** Attachment added: "gdb-ipmi-locate.txt" https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+attachment/5406552/+files/gdb-ipmi-locate.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
The log has no line numbers in most places. So I guess we need debug packages. I've looked at the bit we see, the call from ipmi-locate.c:283 is the same in Bionic and Focal. 275 static void 276 acpi_probe_display (ipmi_locate_ctx_t ctx) 277 { 278 struct ipmi_locate_info info; 279 280 assert (ctx); 281 282 printf ("Probing KCS device using ACPI... "); 283 if (!ipmi_locate_acpi_spmi_get_device_info (ctx, 284 IPMI_INTERFACE_KCS, 285 &info)) That function then in libfreeipmi/locate/ipmi-locate-acpi-spmi.c is the same (due to patches on top of Bionic that were later part of upstream). For better debug actually a debug build and then a core dump of it would be awesome (more knowledge, less guessing). Please: - use the package from this PPA [1] for further tests - also install debug symbols from the PPA [2] The interesting bits seem to happen in /lib/libfreeipmi.so.17 according to your dump. Please install these: $ apt install libfreeipmi17-dbgsym freeipmi-tools-dbgsym To ensure we get a core dump this might be helpful: $ apt install apport whoopsie With the above in place trigger the crash: - once as bryce showed with gdb and report the output file (hopefully with better info now) - once without gdb which should create a /var/crash/ file - use apport-retrace and report the output here $ apport-retrace /var/crash/.crash --stdout - attach the .crash file to this bug P.S. @Jeff/Michael is there any chance we could get a login to such a system for an hour to do some debugging in place? [1]: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4237 [2]: https://wiki.ubuntu.com/DebuggingProgramCrash#Installing_dbgsym_packages_from_a_PPA -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
One further comment, this was discovered while trying to do certification at the Dell labs in Austin. So unfortunately, I don't know that we have any avenue to involve them, but we can poke our contacts in the Dell testing team to see if they can assist further. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
Here's the gdb log from version 1.6.4 on groovy on the older iDRAC6 system. I'm waiting on Michael to get the same from the newer iDRAC9 system. ** Attachment added: "gdb-freeipmi-tools-1.6.4.txt" https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+attachment/5406202/+files/gdb-freeipmi-tools-1.6.4.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1875771] Re: ipmi_locate segfault on Focal (Dell iDRAC6/9)
** Summary changed: - ipmi_locate segfault on Focal + ipmi_locate segfault on Focal (Dell iDRAC6/9) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1875771 Title: ipmi_locate segfault on Focal (Dell iDRAC6/9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs