Debian Bug report logs - #764476
vde2: Segfaults due to race condition between find_in_hash() and hash_gc()

version graph

Package: vde2; Maintainer for vde2 is Debian VSquare Team <virtualsquare@cs.unibo.it>; Source for vde2 is src:vde2 (PTS, buildd, popcon).

Reported by: Bas van Sisseren <bas@quarantainenet.nl>

Date: Wed, 8 Oct 2014 13:42:01 UTC

Severity: important

Tags: patch, upstream

Found in version vde2/2.3.2-4.2

Fixed in version vde2/2.3.2+r586-1

Done: Ludovico Gardenghi <garden@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian VSquare Team <pkg-vsquare-devel@lists.alioth.debian.org>:
Bug#764476; Package vde2. (Wed, 08 Oct 2014 13:42:06 GMT) (full text, mbox, link).

Acknowledgement sent to Bas van Sisseren <bas@quarantainenet.nl>:
New Bug report received and forwarded. Copy sent to Debian VSquare Team <pkg-vsquare-devel@lists.alioth.debian.org>. (Wed, 08 Oct 2014 13:42:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Bas van Sisseren <bas@quarantainenet.nl>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: vde2: Segfaults due to race condition between find_in_hash() and hash_gc()
Date: Tue, 07 Oct 2014 14:18:39 +0200
[Message part 1 (text/plain, inline)]
Package: vde2
Version: 2.3.2-4.2
Severity: important
Tags: upstream patch

Hello,

We're using the vde2-switch as network switch for several qemu-processes. Lately we
noticed a lot of segfaults from the vde2-switch process. We were able to trigger the
segfaults more often when we generate a lot of random mac-addresses on the network,
combined with a lot of traffic.

After diving into the code, I noticed that the hash_gc() method is called from the
SIGALRM signal handler, which could happen at the same time as a find_in_hash() or
find_in_hash_update() lookup. The hash_gc() can then invalidate a pointer which the
find_in_hash() or find_in_hash_update() call is still using, which causes a segfault.

By simply delaying the hash_gc() to the next find_in_hash() or find_in_hash_update()
call, it is no longer possible to have invalid pointers. The suggested patch does this
by setting the new 'delayed_hash_gc' flag.


ps. Afaics, it is now also safe to remove all qtime_csenter()/qtime_csexit() calls
    in hash.c, but I'll leave that to the author of vde2 to verify that.


Regards,

Bas van Sisseren


-- System Information:
Debian Release: jessie/sid
  APT prefers squeeze-lts
  APT policy: (500, 'squeeze-lts'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 3.16-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages vde2 depends on:
ii  adduser      3.113+nmu3
ii  libc6        2.19-11
ii  libpcap0.8   1.6.2-1
ii  libvde0      2.3.2-4.2
ii  libvdeplug2  2.3.2-4.2

vde2 recommends no packages.

Versions of packages vde2 suggests:
ii  qemu           2.1+dfsg-5
pn  qemu-kvm       <none>
pn  vde2-cryptcab  <none>

-- no debconf information

[vde-2.3.2-fix-for-qtime-hash-gc-race-condition.patch (text/x-diff, attachment)]

Reply sent to Ludovico Gardenghi <garden@debian.org>:
You have taken responsibility. (Sun, 12 Oct 2014 22:03:25 GMT) (full text, mbox, link).

Notification sent to Bas van Sisseren <bas@quarantainenet.nl>:
Bug acknowledged by developer. (Sun, 12 Oct 2014 22:03:25 GMT) (full text, mbox, link).

Message #10 received at 764476-close@bugs.debian.org (full text, mbox, reply):

From: Ludovico Gardenghi <garden@debian.org>
To: 764476-close@bugs.debian.org
Subject: Bug#764476: fixed in vde2 2.3.2+r586-1
Date: Sun, 12 Oct 2014 22:00:19 +0000
Source: vde2
Source-Version: 2.3.2+r586-1

We believe that the bug you reported is fixed in the latest version of
vde2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 764476@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ludovico Gardenghi <garden@debian.org> (supplier of updated vde2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 12 Oct 2014 23:32:56 +0200
Source: vde2
Binary: vde2 vde2-cryptcab libvdeplug-dev libvdeplug2 libvde-dev libvde0
Architecture: source amd64
Version: 2.3.2+r586-1
Distribution: unstable
Urgency: medium
Maintainer: Debian VSquare Team <pkg-vsquare-devel@lists.alioth.debian.org>
Changed-By: Ludovico Gardenghi <garden@debian.org>
Description:
 libvde-dev - Virtual Distributed Ethernet - support libraries development file
 libvde0    - Virtual Distributed Ethernet - support libraries
 libvdeplug-dev - Virtual Distributed Ethernet - Plug development files
 libvdeplug2 - Virtual Distributed Ethernet - Plug library
 vde2       - Virtual Distributed Ethernet
 vde2-cryptcab - Virtual Distributed Ethernet - CryptCab
Closes: 682759 745430 764476
Changes:
 vde2 (2.3.2+r586-1) unstable; urgency=medium
 .
   * No new upstream version, packaging latest SVN revision.
   * Accept all NMU patches. Thank you Hector!
   * Fix segfault due to race condition in hash.c. Thank you Bas van Sisseren
     <bas@quarantainenet.nl> for the patch! (Closes: #764476)
   * Fix vdeterm not correctly restoring terminal when exiting on error. Thank
     you Serge Hallyn <serge.hallyn@ubuntu.com> for the patch!
     (Closes: #682759)
   * Fix FTBFS on hurd-any. Thanks Gabriele Giacone <1o5g4r8o@gmail.com> for
     the patch! (Closes: #745430)
Checksums-Sha1:
 d120b48c49697e83a52ca3e7b2c75bb6f5d806e2 2318 vde2_2.3.2+r586-1.dsc
 a16355bdf6df95886a1ec42191af38aa111a37dc 821910 vde2_2.3.2+r586.orig.tar.gz
 820d1c07fb660662c4b393670cb06b96dffd30b0 15125 vde2_2.3.2+r586-1.diff.gz
 5f04c881be7232a561e7c4a36fd7dc1de985bd9b 185196 vde2_2.3.2+r586-1_amd64.deb
 b4659ffdfb6f49e8639d7c0c05393bcbcb209bb3 26812 vde2-cryptcab_2.3.2+r586-1_amd64.deb
 542027fe51d0837564cf232f10e4c9217db83908 24786 libvdeplug-dev_2.3.2+r586-1_amd64.deb
 19426472df959435bb4fb47f3935d22850d2f946 23582 libvdeplug2_2.3.2+r586-1_amd64.deb
 09a1fddc11b52edb854fbc6a8371888683541df9 35678 libvde-dev_2.3.2+r586-1_amd64.deb
 8c8fd7c3bc84db6a04a1147496ec78e9a5c64649 34846 libvde0_2.3.2+r586-1_amd64.deb
Checksums-Sha256:
 b6a5eefce88678aae125778ead56be571a698daae1539f64b3b42a7d0ff24c5e 2318 vde2_2.3.2+r586-1.dsc
 3e9c1d196afdda275506639c850dd23404669e27192956bf676df2c3ae66ff2b 821910 vde2_2.3.2+r586.orig.tar.gz
 cc1ffb541b98406a89ebba007a7b561ca9853eb63a6c03b950258af272d6137c 15125 vde2_2.3.2+r586-1.diff.gz
 40e36c45b158fc566ac5a37dbcabb356c3dd9a231f15dddd7572d954253d95cb 185196 vde2_2.3.2+r586-1_amd64.deb
 be1df17c4a45f52420391f64bc81b3651af5923285ace5e871df26c24bb60374 26812 vde2-cryptcab_2.3.2+r586-1_amd64.deb
 16a656fdd537384708d3cfbd69a5697273741c2f9f5e69f388bdd2e4149f5f8c 24786 libvdeplug-dev_2.3.2+r586-1_amd64.deb
 d4c80a22fc3a65e42780e25e9e4d3e94f348059186c525bdf798b9529a65dac7 23582 libvdeplug2_2.3.2+r586-1_amd64.deb
 d67f371961786c43dbd28a645aceb65880cc1b3ed927e9a61a11387e651129f5 35678 libvde-dev_2.3.2+r586-1_amd64.deb
 1c9246f784504c2201fd8fbfeadef3c964b4fabd251bec2dc37f549e0822db1b 34846 libvde0_2.3.2+r586-1_amd64.deb
Files:
 f154edce232a44c11c953f1150d77a91 2318 net optional vde2_2.3.2+r586-1.dsc
 3ef9ade7aec559e406c4af3356235d08 821910 net optional vde2_2.3.2+r586.orig.tar.gz
 b06f69308f2373f6996fe6200c4d4160 15125 net optional vde2_2.3.2+r586-1.diff.gz
 aa5e4f3b78206270f468bf482ffaae3e 185196 net optional vde2_2.3.2+r586-1_amd64.deb
 eb7add3d9fdd48fbc0ac36c22afb1ea9 26812 net optional vde2-cryptcab_2.3.2+r586-1_amd64.deb
 ab0781c1324d1649dd3c47f6d23a8149 24786 libdevel optional libvdeplug-dev_2.3.2+r586-1_amd64.deb
 a79c0c7bf50d8af24167f7ecbb4cee68 23582 libs optional libvdeplug2_2.3.2+r586-1_amd64.deb
 d1f23d09fb2d6bd463cb055666992510 35678 libdevel optional libvde-dev_2.3.2+r586-1_amd64.deb
 5f4bfeba368447f87c0e00fe1e6cdc30 34846 libs optional libvde0_2.3.2+r586-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJUOvbTAAoJEPOdYfFCeOOa9mwP/1EI84d1FoqCDB+11z5Maysv
vmDcXzpxYHUFJvjusFGvOgu4PVxdWymYg8asToLQfD0RAVJZjuLQm9tvmTOOWZBv
+dEE9q3kyloTbNSmXWQ+cAJGA0PL9TcA7RWZScqBbbpZzgjImSmMbUnz4lKBj7nk
3AeAEmRwy/l2d1vIcxAof6Zv064OppDH21PyZbmysyQrll7Apdb1Zg4MOs0vAUjx
Lio6wXHBvO8XdNte0HVteSsFO31IMCTIvkwnktXJHMUU/1525IlvAF51BaqEk7NB
0AX9vX04srOVYsVSAs4KlysN0sH7HLpgFt1F1m0df5mN0bdE0W3ZObkNi4Mh8fS+
nag2Lv/HAC1HJOvAB25vx0xN4m+/KJ08iFMHViQay3+XAo97yniv+vuZ+wTYH7vL
ebeWoSWmJPY6L+P+IrIlisdCmCfT9wC0XN69GgbfY4sRcsc8Fi0lf+lrSmQ1kD2X
VvRmSlOaJaNQNwmYx9kwYMBBbWK+4FHHnXC2o4vlTZJtbMydKHyHoQmzoGdN/moO
ClKS9im1bHYsOagJFVoXrG00DBdJM4asaxKQUR78qWsadKEl53yw2M9Y35n87nZ6
/+NnWzJnvOMuoPi1BjzYQ94R5BVo8iPxeS1O9h/DnqvnzVwXRZdufimFuU3a3yej
3gyr50KfTmXUuiKHRVO1
=EbM6
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 20 Nov 2014 07:36:50 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Jul 2 04:04:52 2023; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.