Bug 1486233
| Summary: | vlock spins on the CPU when console or terminal is closed abruptly | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Renaud Métrich <rmetrich> | ||||||
| Component: | kbd | Assignee: | Vitezslav Crhonek <vcrhonek> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Jakub Haruda <jharuda> | ||||||
| Severity: | high | Docs Contact: | |||||||
| Priority: | high | ||||||||
| Version: | 7.9 | CC: | jharuda, myrond, ovasik, peter.vreman, timothy.mullican | ||||||
| Target Milestone: | rc | Keywords: | Reopened, Triaged | ||||||
| Target Release: | --- | Flags: | pm-rhel:
mirror+
|
||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | kbd-1.15.5-16.el7_9 | Doc Type: | If docs needed, set a value | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2021-11-23 17:16:16 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Thanks, reproduced. The issue is also reproducible in text console, for example with 'systemctl stop getty', where X is the number of tty locked previously by vlock. I see two possible ways how to fix that: a) simply don't ignore SIGHUP b) check whether STDIN_FILENO still refers to a terminal in "default" switch case (patch attached) I would go with the latter, because it allows us to log cancel of lock easily. And to be honest, I don't understand the reasons why the authors of vlock set up SIGHUP to be ignored. Just a side note - in Fedora, only text console is affected, because similar check is performed in "default" switch case, which terminates vlock if the program wasn't started in text console and STDIN_FILENO is not a terminal. Created attachment 1325829 [details]
proposed patch
If running a terminal under screen AND the environmental variable LOCKPRG is set such as LOCKPRG=/bin/vlock AND the controlling terminal goes away after vlock is called. vlock does not have any error checking regarding return values of printf. When vlock asks for credentials it immediately gets a return value of EIO. This causes vlock to cycle immediately. In the end it uses 100% of the cpu. I added a short patch which looks for the return value of EIO from the printf. This patch also disables some logging as the patch introduces a small delay between asking for credentials again and currently logs each attempt. I do NOT recommend applying this patch to the mainline kbd package without cleanup. It does however "fix" the interaction between screen and vlock, and illustrate where the problem is occurring. Created attachment 1507725 [details]
vlock and screen interaction fix regarding 100% cpu spin when controlling terminal disappears
This patch adds error checking to return values of printf in order to check for the EIO return value. When the controlling terminal goes away and when vlock is running under screen an error msg EIO is returned. vlock needs to deal with this error condition.
The above patch will remove the 100% cpu spin that occurs by adding some error checking to parts of vlock. Additionally it removes the syslog messages as it still spams the syslog server. Likely some more intelligence needs to be added in order to restore syslog behavior.
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release. Therefore, it is being closed. If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened. This issue seems to have been resolved starting with KBD v2.0.90. See https://git.kernel.org/pub/scm/linux/kernel/git/legion/kbd.git/commit/?id=afb661b80441b6e3fa8cfa3b69f50e4805ebf8be. It seems like the fix could be backported to v2.0.4 that RHEL8 uses. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (kbd bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:4789 |
Description of problem: vlock spins on the CPU when console or terminal is closed abruptly. Additionally, this makes the journal fill with the following message: vlock[13266]: pam_sss(vlock:auth): authentication failure; logname=XXX uid=XXX euid=XXX tty=pts/4 ruser= rhost= user=XXX vlock[13266]: pam_sss(vlock:auth): received for user XXX: 7 (Authentication failure) When closing the terminal abruptly, while vlock is running, pam_authenticate() (auth.c@101) returns PAM_AUTH_ERR, but this case is not handled properly (it falls into "default"): 58 int 59 get_password (pam_handle_t * pamh, const char *username, const char *tty) 60 { 61 uid_t uid = getuid (); 62 63 for (;;) 64 { ... 101 rc = pam_authenticate (pamh, 0); 102 103 switch (rc) 104 { ... 162 default: 163 printf ("%s.\n\n\n", pam_strerror (pamh, rc)); 164 fflush (stdout); 165 } 166 } The "for()" loops spins indefinitely, pam_authenticate() returning the same error. Version-Release number of selected component (if applicable): kbd-1.15.5-13.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. Open a terminal 2. Execute "vlock" 3. Close the terminal Actual results: vlock spins on the CPU and messages are logged indefinitely Expected results: vlock exits