This bug was fixed in the package freeipmi - 1.6.4-3ubuntu1.1
---
freeipmi (1.6.4-3ubuntu1.1) focal; urgency=medium
* d/p/lp-1875771-libfreeipmi-fix-segfault-in-SPMI-parsing.patch: fix
crash on Dell iDRAC6/9 (LP: #1875771)
-- Christian Ehrhardt Mon, 07 Sep
2020 09:02:06
Pre:
ii freeipmi-common 1.6.4-3ubuntu1 all GNU implementation of the IPMI
protocol - common files
ii freeipmi-tools 1.6.4-3ubuntu1 amd64GNU implementation of the IPMI
protocol - tools
ii libfreeipmi17 1.6.4-3ubuntu1 amd64GNU IPMI - libraries
ii libipmiconsole2
Hello Jeff, or anyone else affected,
Accepted freeipmi into focal-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/freeipmi/1.6.4-3ubuntu1.1 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
** Description changed:
- Ran ipmi-locate on a system running Focal. ipmi-locate returns the info
- I expect to see, and then segfaults (no core dump that I'm aware of).
+ [Impact]
+
+ * A variable was badly initialized leading to a 0x0 pointer that was
+accessed and segfaulting the
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu/+source/freeipmi/+git/freeipmi/+merge/390350
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1875771
Title:
ipmi_locate
Upstream as
commit 7afb97681d5ccdc237891a8d2a3ec1c994958dd0
Author: Christian Ehrhardt
Date: Thu Sep 3 03:48:57 2020 -0700
libfreeipmi: fix segfault in SPMI parsing
on branch:
upstream/freeipmi-1-6-0-stable
Prepping this for Focal
=>
This bug was fixed in the package freeipmi - 1.6.4-3ubuntu2
---
freeipmi (1.6.4-3ubuntu2) groovy; urgency=medium
* d/p/lp-1875771-libfreeipmi-fix-segfault-in-SPMI-parsing.patch: fix
crash on Dell iDRAC6/9 (LP: #1875771
-- Christian Ehrhardt Thu, 03 Sep
2020 09:25:11 +0200
Jeff, thanks for testing that, and yeah that confirms the line in
question is in error.
Christian, good work on the additional archaeology which reveals how
this error originated, and on the packaging to get this into the distro.
Removing the bad line seems like the good fix/workaround for this
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu/+source/freeipmi/+git/freeipmi/+merge/390219
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1875771
Title:
ipmi_locate
Now that we have the root cause and also explain why we see it now and not in
the past I have prepped this as a fix and submitted it:
https://lists.gnu.org/archive/html/freeipmi-devel/2020-09/msg1.html
Let us see what the response there is and then consider applying the fix
in Focal and
Way back it seems it set this to zero for a reason.
http://git.savannah.gnu.org/cgit/freeipmi.git/commit/?id=68ed819225bdb529f34baca74e499a9645da5197
acpi_table was a global vaiable before and the predecessor of
"_ipmi_acpi_get_table" called "ipmi_acpi_get_table" was called with an &
On Wed, Sep 2, 2020 at 1:20 PM Bryce Harrington
<1875...@bugs.launchpad.net> wrote:
> If it was, that seems redundant with line 1308 so still seems odd. In
> any case, setting acpi_table = NULL and then passing that to
> _ipmi_acpi_get_table() seems very suspect. It might be interesting to
>
1260: static int
1261: _ipmi_acpi_get_table_dev_mem (ipmi_locate_ctx_t ctx,
1262: char *signature,
1263: unsigned int table_instance,
1264: uint8_t **acpi_table,
1265: uint32_t
Marking as "confirmed" as it sounds as if Christian & Jeff are homing in
on the root cause.
** Changed in: freeipmi (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Yeah, there is no /sys/firmware/acpi/tables/SPMI* at all on that system.
So the difference must be in the code that makes it reach that path with the
Focal code but not on Bionic.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Thanks Jeff!
Fail at _ipmi_acpi_get_table
1031: *acpi_table = NULL;
At this time we see acpi_table=0x0
So dereference 0x0 and segfault.
Now how far up does this crash have data...
_ipmi_acpi_get_firmware_table does
1485 uint8_t *acpi_table = NULL;
...
1498 if
ahhh thanks.
Here's a text dump of that adding --rebuild-package-info.
On Tue, Sep 1, 2020 at 11:10 AM Christian Ehrhardt
<1875...@bugs.launchpad.net> wrote:
>
> Just add --rebuild-package-info and it will add the Package data
>
> --
> You received this bug notification because you are
Just add --rebuild-package-info and it will add the Package data
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1875771
Title:
ipmi_locate segfault on Focal (Dell iDRAC6/9)
To manage notifications
And here's the crash file for ipmi-locate on the older iDRAC6 machine w/
Focal...
Note, apport-retrace errors out saying:
# apport-retrace /var/crash/_usr_sbin_ipmi-locate.0.crash --stdout
ERROR: report file does not contain one of the required fields: Package
** Attachment added:
Sorry about that... I had the debug for freeipmi-tools installed, but
not for libfreeipmi17. Corrected and here's the gdb trace.
This is for 1.6.4 on Focal on an older Dell w/ iDRAC6
** Attachment added: "gdb-ipmi-locate.txt"
The log has no line numbers in most places.
So I guess we need debug packages.
I've looked at the bit we see, the call from ipmi-locate.c:283 is the
same in Bionic and Focal.
275 static void
276 acpi_probe_display
One further comment, this was discovered while trying to do
certification at the Dell labs in Austin. So unfortunately, I don't
know that we have any avenue to involve them, but we can poke our
contacts in the Dell testing team to see if they can assist further.
--
You received this bug
Here's the gdb log from version 1.6.4 on groovy on the older iDRAC6
system. I'm waiting on Michael to get the same from the newer iDRAC9
system.
** Attachment added: "gdb-freeipmi-tools-1.6.4.txt"
** Summary changed:
- ipmi_locate segfault on Focal
+ ipmi_locate segfault on Focal (Dell iDRAC6/9)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1875771
Title:
ipmi_locate segfault on Focal (Dell
24 matches
Mail list logo