CRAS: Add mremap in seccomp policy |
||
Issue descriptionChrome Version: 71 OS: R71-11151.6.0 Device: eve-arcnext What steps will reproduce the problem? (1) restart cras (2) cras_test_client --dump_server_info What is the expected result? cras_test_client should be able to print out server info What happens instead? Failed to connect to server. But using command $ cras to start cras is fine.
,
Nov 2
Use gdb to track the call of mremap: Thread 1 "cras" hit Catchpoint 1 (call to syscall 25), 0x00007ffff713c76a in mremap () at ../sysdeps/unix/syscall-template.S:84 84 ../sysdeps/unix/syscall-template.S: No such file or directory. (gdb) bt #0 0x00007ffff713c76a in mremap () at ../sysdeps/unix/syscall-template.S:84 #1 0x00007ffff70c0337 in mremap_chunk (p=p@entry=0x7ffff5a42000, new_size=4096, new_size@entry=32) at malloc.c:2875 #2 0x00007ffff70c5109 in __GI___libc_realloc (oldmem=0x7ffff5a42010, bytes=8) at malloc.c:3023 #3 0x00007ffff7f1022d in _dbus_string_compact () from /usr/lib64/libdbus-1.so.3 #4 0x00007ffff7f020ed in _dbus_message_loader_queue_messages () from /usr/lib64/libdbus-1.so.3 #5 0x00007ffff7f0a83e in ?? () from /usr/lib64/libdbus-1.so.3 #6 0x00007fffffffe0e0 in ?? () #7 0x0000000000000001 in ?? () #8 0x00007fffffffe060 in ?? () #9 0x0000000000000000 in ?? () Mremap is used when libdbus is calling realloc in dbus_string_compact(), which might not happen from a fresh restart.
,
Nov 2
Gdb command for debugging: $ gdb cras (gdb) catch syscall 25 (gdb) r
,
Nov 2
gdb with nostrip cras and dbus
Thread 1 "cras" hit Catchpoint 1 (call to syscall 25), 0x00007ffff713c76a in mremap () at ../sysdeps/unix/syscall-template.S:84
84 ../sysdeps/unix/syscall-template.S: No such file or directory.
(gdb) bt
#0 0x00007ffff713c76a in mremap () at ../sysdeps/unix/syscall-template.S:84
#1 0x00007ffff70c0337 in mremap_chunk (p=p@entry=0x7ffff5a42000, new_size=4096, new_size@entry=32) at malloc.c:2875
#2 0x00007ffff70c5109 in __GI___libc_realloc (oldmem=0x7ffff5a42010, bytes=8) at malloc.c:3023
#3 0x00007ffff7f1022d in compact (real=0x555555765d68, max_waste=<optimized out>) at ../../dbus-1.10.12/dbus/dbus-string.c:294
#4 _dbus_string_compact (str=0x555555765d68, max_waste=<optimized out>) at ../../dbus-1.10.12/dbus/dbus-string.c:394
#5 0x00007ffff7f020ed in load_message (loader=<optimized out>, message=0x555555765dd0, byte_order=<optimized out>,
fields_array_len=<optimized out>, header_len=80, body_len=<optimized out>) at ../../dbus-1.10.12/dbus/dbus-message.c:4333
#6 _dbus_message_loader_queue_messages (loader=0x555555765d60) at ../../dbus-1.10.12/dbus/dbus-message.c:4404
#7 0x00007ffff7f0a83e in _dbus_transport_get_dispatch_status (transport=0x55555581aef0)
at ../../dbus-1.10.12/dbus/dbus-transport.c:1122
#8 0x00007ffff7f0a8df in _dbus_transport_queue_messages (transport=0x55555581aef0)
at ../../dbus-1.10.12/dbus/dbus-transport.c:1149
#9 0x00007ffff7f0bce7 in do_reading (transport=0x55555581aef0) at ../../dbus-1.10.12/dbus/dbus-transport-socket.c:891
#10 0x00007ffff7f0b3c0 in socket_handle_watch (transport=0x55555581aef0, watch=0x555555783dc0, flags=1)
at ../../dbus-1.10.12/dbus/dbus-transport-socket.c:972
#11 0x00007ffff7f0a5d4 in _dbus_transport_handle_watch (transport=<optimized out>, watch=<optimized out>, condition=4096)
at ../../dbus-1.10.12/dbus/dbus-transport.c:910
#12 0x00007ffff7eeea03 in _dbus_connection_handle_watch (watch=0x555555783dc0, condition=1, data=0x555555783a00)
at ../../dbus-1.10.12/dbus/dbus-connection.c:1509
#13 0x0000555555564538 in dbus_watch_callback (arg=0x555555783dc0) at server/cras_dbus.c:37
#14 0x000055555555cd36 in cras_server_run (profile_disable_mask=<optimized out>) at server/cras_server.c:611
#15 0x000055555555c11e in main (argc=<optimized out>, argv=0x7fffffffe628) at server/cras.c:141
,
Nov 2
Send out CL (crrev.com/c/1314268) to fix this.
,
Nov 2
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/adhd/+/e3b0bbc1487c486e503e828d75962882a7f71d8a commit e3b0bbc1487c486e503e828d75962882a7f71d8a Author: paulhsia <paulhsia@chromium.org> Date: Fri Nov 02 21:50:44 2018 seccomp: Add mremap to policy file Mremap is used when libdbus call realloc in __dbus_string_compact, which might happen sometimes. BUG= chromium:901225 TEST=On a broken DUT $ restart cras and check if syscall 25 is blocked by seccomp in dmesg Change-Id: Iaae7dc3e541305af66175bff39fcb481f636c403 Reviewed-on: https://chromium-review.googlesource.com/1314268 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Tested-by: Chih-Yang Hsia <paulhsia@chromium.org> Reviewed-by: Cheng-Yi Chiang <cychiang@chromium.org> [modify] https://crrev.com/e3b0bbc1487c486e503e828d75962882a7f71d8a/seccomp/cras-seccomp-arm64.policy [modify] https://crrev.com/e3b0bbc1487c486e503e828d75962882a7f71d8a/seccomp/cras-seccomp-amd64.policy [modify] https://crrev.com/e3b0bbc1487c486e503e828d75962882a7f71d8a/seccomp/cras-seccomp-arm.policy
,
Nov 7
|
||
►
Sign in to add a comment |
||
Comment 1 by paulhsia@chromium.org
, Nov 2