Bug 1763182

Summary: lsmem segfaults on Big Endian systems (s390x, PPC64, ...)
Product: Red Hat Enterprise Linux 7 Reporter: Renaud Métrich <rmetrich>
Component: util-linuxAssignee: Karel Zak <kzak>
Status: CLOSED DUPLICATE QA Contact: Radka Brychtova <rskvaril>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 7.7CC: hannsj_uhl
Target Milestone: rc   
Target Release: ---   
Hardware: s390x   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-10-22 08:39:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Renaud Métrich 2019-10-18 12:23:31 UTC 
Description of problem:

Running "lsmem -a -o RANGE,SIZE,STATE,REMOVABLE,ZONES,NODE,BLOCK" on big endian systems (s390x, ppc64, ...) segfaults because an invalid cast is made while calling string_add_to_idarray():

sys-utils/lsmem.c:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
141 static size_t ncolumns;
 :
642         if (outarg && string_add_to_idarray(outarg, columns, ARRAY_SIZE(columns),
643                                          (int *) &ncolumns, column_name_to_id) < 0)
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

On line 643, the 64bits variable "ncolumns" is passed as a 32bits pointer, causing the higher 32 bits of "ncolumns" to be assigned, instead of lower 32 bits.

Before line 642:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
(gdb) p/x ncolumns
$1 = 0x5
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

After line 643:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
(gdb) p/x ncolumns
$2 = 0x700000005
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------


Version-Release number of selected component (if applicable):

util-linux-2.23.2-61.el7


How reproducible:

Always on Big Endian systems


Additional info:

This was fixed on RHEL8 by changing prototype of string_add_to_idarray() (lib/strutils.c) to use "size_t *" 4th argument instead of "int *":

RHEL8:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
 642 int string_add_to_idarray(const char *list, int ary[], size_t arysz,
 643                         size_t *ary_pos, int (name2id)(const char *, size_t))
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

RHEL7:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
515 int string_add_to_idarray(const char *list, int ary[], size_t arysz,
516                         int *ary_pos, int (name2id)(const char *, size_t))
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
Comment 2 Renaud Métrich 2019-10-22 07:59:19 UTC 
I am increasing the Severity and Priority to "Urgent" because the "lsmem" command is used when creating the sosreport embedded in the ABRT report.
This makes sosreports be continuously created on impacted target architecture, until abrtd service is restarted.

Only possible workaround is to disable the sosreport's "memory" module used:

1. Backup /etc/libreport/events.d/abrt_event.conf

  -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
  # cp /etc/libreport/events.d/abrt_event.conf /etc/libreport/events.d/abrt_event.conf.orig
  -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

2. Edit /etc/libreport/events.d/abrt_event.conf and remove "--only=memory" on line 74

  Original line:
  -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
                  --only=memory --only=networking --only=nfsserver --only=pam \
  -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
 
  Modified line:
  -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
                  --only=networking --only=nfsserver --only=pam \
  -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

Will create a KCS asap.
Comment 3 Karel Zak 2019-10-22 08:39:50 UTC 
This is already reported and already fixed in RHEL-7.8

*** This bug has been marked as a duplicate of bug 1712768 ***