Bug 1410582

Summary: vmmouse_detect enters a SIGSEGV loop on physical systems
Product: Red Hat Enterprise Linux 7 Reporter: Kyle Walker <kwalker>
Component: xorg-x11-drv-vmmouseAssignee: Peter Hutterer <peter.hutterer>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: high Docs Contact:
Priority: unspecified    
Version: 7.4CC: kwalker, tpelka, yundtj
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: xorg-x11-drv-vmmouse-13.1.0-1.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 12:18:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1401645    
Bug Blocks:    
Attachments:
Description Flags
Corrected patch to include the config.h header file. none

Description Kyle Walker 2017-01-05 19:46:31 UTC 
Description of problem:
 The vmmouse_detect utility enters a SIGSEGV loop on physical systems with the package installed. An strace of the process shows the following:

	7104  12:12:42.823562 readlink("/sys/devices/virtual/input/input13/event13", 0x7fff1231e650, 1024) = -1 EINVAL (Invalid argument) <0.000009>
	7104  12:12:42.823582 stat("/sys/devices/virtual/input/input13/event13/uevent", {st_dev=makedev(0, 17), st_ino=33266, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=0, st_size=4
	7104  12:12:42.823627 lstat("/sys/devices/virtual/input/input13/event13/name", 0x7fff1231d5d0) = -1 ENOENT (No such file or directory) <0.000009>
	7104  12:12:42.823680 readlink("/sys/devices/virtual/input/mice", 0x7fff1231e650, 1024) = -1 EINVAL (Invalid argument) <0.000022>
	7104  12:12:42.823714 stat("/sys/devices/virtual/input/mice/uevent", {st_dev=makedev(0, 17), st_ino=20861, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=0, st_size=4096, st_ati
	7104  12:12:42.823743 lstat("/sys/devices/virtual/input/mice/name", 0x7fff1231d5d0) = -1 ENOENT (No such file or directory) <0.000010>
	7104  12:12:42.823784 rt_sigaction(SIGSEGV, {0x400c30, [SEGV], SA_RESTORER|SA_RESTART, 0x7f4286aa9250}, {SIG_DFL, [], 0}, 8) = 0 <0.000018>
	7104  12:12:42.823831 iopl(0x3)         = -1 EPERM (Operation not permitted) <0.000006>
	7104  12:12:42.823851 --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=0} ---
	7104  12:12:42.823865 rt_sigreturn()    = 1447909480 <0.000006>


The above continues on repeatedly:

	7104  12:15:06.525764 --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=0} ---
	7104  12:15:06.525777 rt_sigreturn()    = 1447909480 <0.000007>
	7104  12:15:06.525797 --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=0} ---
	7104  12:15:06.525828 rt_sigreturn()    = 1447909480 <0.000006>
	7104  12:15:06.525867 --- SIGINT {si_signo=SIGINT, si_code=SI_KERNEL, si_value={int=603113048, ptr=0x7f4f23f2c658}} ---
	7104  12:15:06.526032 +++ killed by SIGINT +++


Version-Release number of selected component (if applicable):
 xorg-x11-drv-vmmouse-13.0.0-12.el7

How reproducible:
 Easily

Steps to Reproduce:
1. Install the latest version of xorg-x11-drv-vmmouse
2. Issue a "strace /usr/bin/vmmouse_detect"
3. Observe the operation

Actual results:
 The process endlessly encounters a SIGSEGV

Expected results:
 Exit with 0 or 1

Additional info:
 If uncorrected, the issue above causes the boot process to stall for an exceptional amount of time, before systemd issues a SIGKILL to vmmouse_detect.
Comment 1 Kyle Walker 2017-01-05 19:50:48 UTC 
Looking at the end binary, it looks like the segvCB() signal handler is compiled out to a NOP.

	(gdb) disassemble segvCB
	Dump of assembler code for function segvCB:
	   0x0000000000400c30 <+0>:     repz retq 
	End of assembler dump.


It looks like the macro below, is not defined at compile time:

	void
	segvCB(int sig)
	{
	#if defined HAVE_XORG_SERVER_1_1_0
	   exit(1);
	#endif
	}


I'm attaching a patch to move the macro to the signal handler registration. That way, if the macro is not defined, the end result would be a death by SIGSEGV, instead of the endless loop.

- Kyle Walker
Comment 3 Kyle Walker 2017-01-05 21:32:23 UTC 
Marking Regression, as the issue is not present in:

    xorg-x11-drv-vmmouse-13.0.0-11.el7

$ gdb ./usr/bin/vmmouse_detect
(gdb) disassemble segvCB
Dump of assembler code for function segvCB:
   0x0000000000400670 <+0>:     sub    $0x8,%rsp
   0x0000000000400674 <+4>:     mov    $0x1,%edi
   0x0000000000400679 <+9>:     callq  0x400530 <exit@plt>
End of assembler dump.

- Kyle Walker
Comment 6 Kyle Walker 2017-01-06 16:41:32 UTC 
Redacted the previous patch.

The source of the failure is that in the latest update the following patch was backported:

    Subject: [PATCH vmmouse] Back off if we detect a vmmouse kernel driver v3

    If a vmmouse kernel driver is active, vmmouse input is handled by the Xorg
    evdev driver and not by the vmmouse driver, so make sure the vmmouse_detect
    utility doesn't detect a vmmouse if a kernel driver is active.

    v2: Change the vmmouse kernel device name, fix comment.
    v3: Fix up libudev error handling.


In that patch, the following is present:

	diff --git a/tools/vmmouse_detect.c b/tools/vmmouse_detect.c
	index cfb92e1..6402b16 100644
	--- a/tools/vmmouse_detect.c
	+++ b/tools/vmmouse_detect.c
	@@ -30,9 +30,7 @@
	 #include <signal.h>
	 #include "vmmouse_client.h"

	-#ifdef HAVE_CONFIG_H
	-#include "config.h"
	-#endif
	+extern int vmmouse_uses_kernel_driver(void);

	 void
	 segvCB(int sig)


The above erroneously removes the "ifdef HAVE_CONFIG_H" include statement. When the above is reverted, the previous behaviour is present. Soon to append a corrected patch for the above.

- Kyle Walker
Comment 7 Kyle Walker 2017-01-06 17:04:23 UTC 
Created attachment 1238054 [details]
Corrected patch to include the config.h header file.

Attaching patch to correct the missing config.h header file. Test build running below:

build (rhel-7.3-z-test, /rpms/xorg-x11-drv-vmmouse:6b363d659e84289bc5f75e4529c4b112c34bda54) | Task Info | Brew
https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=12315189

Testing results:

	xorg-x11-drv-vmmouse-13.0.0-12.el7_3.bz1410582.x86_64.rpm

	$ rpm2cpio xorg-x11-drv-vmmouse-13.0.0-12.el7_3.bz1410582.x86_64.rpm | cpio -idmv
	./usr/bin/vmmouse_detect
	./usr/lib/udev/rules.d/69-xorg-vmmouse.rules
	./usr/lib64/xorg/modules/input/vmmouse_drv.so
	./usr/share/X11/xorg.conf.d/50-vmmouse.conf
	./usr/share/man/man1/vmmouse_detect.1.gz
	./usr/share/man/man4/vmmouse.4.gz
	69 blocks

	$ ./usr/bin/vmmouse_detect 
	$ echo $?
	1

With the binary function disassembly:

	$ gdb ./usr/bin/vmmouse_detect
	<snip>
	(gdb) disassem segvCB
	Dump of assembler code for function segvCB:
	   0x0000000000400c80 <+0>:	sub    $0x8,%rsp
	   0x0000000000400c84 <+4>:	mov    $0x1,%edi
	   0x0000000000400c89 <+9>:	callq  0x400b40 <exit@plt>
	End of assembler dump.

- Kyle Walker
Comment 8 Adam Jackson 2017-02-02 17:53:39 UTC 
Rebased driver appears to have the right code in place.
Comment 11 errata-xmlrpc 2017-08-01 12:18:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1905