Bug 484871

Summary: linux-2.6-misc-utrace-update.patch contains incorrect optimization
Product: [Fedora] Fedora Reporter: Vitaly Mayatskikh <vmayatsk>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 10CC: anton, jmarchan, kernel-maint, kolyshkin, quintela, roland, vmayatsk
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
URL: http://bugzilla.openvz.org/show_bug.cgi?id=1150
Whiteboard:
Fixed In Version: 2.6.27.19-170.2.35.fc10 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 481682 Environment:
Last Closed: 2009-03-02 16:56:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 481682    
Bug Blocks:    

Description Vitaly Mayatskikh 2009-02-10 12:46:07 UTC 
+++ This bug was initially created as a clone of Bug #481682 +++

Created an attachment (id=330051)
proposed fix

in kernel-2.6.18-128.el5 and prior versions, arch/x86_64/ia32/ia32entry.S hunk of the linux-2.6-misc-utrace-update.patch contains incorrect optimization.
As result, out-of-table 32-bit syscalls on the x86_64 kernel do not return ENOSYS (unless the caller is being ptraced).

For example, glibc-2.9+ popen() goes mad when pipe2 syscall returns its number 331 instead of fail with ENOSYS.
As result, FC10+ 32-bit processes on RHEL5 x86_64 kernel break once popen(3) is called.

--- Additional comment from kir on 2009-01-27 04:29:59 EDT ---

The issue was found while running Fedora 10 containers on an RHEL5+OpenVZ kernel.

Relative OpenVZ bug: http://bugzilla.openvz.org/show_bug.cgi?id=1150

--- Additional comment from roland on 2009-02-06 20:59:52 EDT ---

Created an attachment (id=331182)
test case source

Simple test case, compile with -m32 and run on x86-64 kernel.

The RHEL5 code is the same (broken) as upstream.  I'll fix it upstream and then RHEL5 should backport the change so it continues to match upstream.

--- Additional comment from roland on 2009-02-06 21:02:48 EDT ---

Created an attachment (id=331183)
test case source

Test case fixed to exit 0 for correct and nonzero for bug.

Also, I forgot to note that to reproduce you have to have auditd disabled:
/sbin/chkconfig auditd off; reboot

--- Additional comment from roland on 2009-02-06 21:34:13 EDT ---

Created an attachment (id=331187)
fix posted upstream

Wait to see if upstream takes this as is, but almost certain they will.
With s,/x86/,/x86_64/,g this same patch applies to RHEL5 fine.

--- Additional comment from vmayatsk on 2009-02-07 04:57:47 EDT ---

> The RHEL5 code is the same (broken) as upstream.

RHEL5 is not broken, I wasn't able to reproduce it. As I understood,  this is due to this check:

        testl $(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT|_TIF_SECCOMP),threadinfo_flags(%r10)
        jnz ia32_tracesys

And we have TIF_SYSCALL_AUDIT set.

Also, it's possible to make the patch shorter:

--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -417,6 +417,7 @@ ENTRY(ia32_syscall)
        GET_THREAD_INFO(%r10)
        orl   $TS_COMPAT,TI_status(%r10)
        testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10)
+       movq $-ENOSYS,RAX-ARGOFFSET(%rsp)
        jnz ia32_tracesys
 ia32_do_syscall:
        cmpl $(IA32_NR_syscalls-1),%eax

I've tested it yesterday, but didn't post upstream yet.

--- Additional comment from roland on 2009-02-07 17:21:41 EDT ---

It is broken.  See comment#3 on how to reproduce it.
Shorter patch does not mean shorter code path, which is what matters.
Anyway, I've already posted upstream.

--- Additional comment from roland on 2009-02-07 17:25:55 EDT ---

Upstream fix was merged: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c09249f8d1b84344eca882547afdbffee8c09d14
Comment 1 Roland McGrath 2009-02-10 20:15:14 UTC 
I don't know what the point of this bug report is.  The fix is already in upstream, and rawhide rebases from upstream daily.
Comment 2 Chuck Ebbert 2009-02-10 21:34:21 UTC 
I think you want to file this bug against Fedora 10 ??
Comment 3 Vitaly Mayatskikh 2009-02-12 15:28:24 UTC 
(In reply to comment #2)
> I think you want to file this bug against Fedora 10 ??

Yes. I don't know if this will be backported to 2.6.27.x
Comment 4 Chuck Ebbert 2009-02-18 07:57:17 UTC 
Fixed in 2.6.27.18-170.2.28 and will send to -stable.
Comment 5 Fedora Update System 2009-02-24 20:53:34 UTC 
kernel-2.6.27.19-170.2.35.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update kernel'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-2003
Comment 6 Fedora Update System 2009-03-02 16:56:38 UTC 
kernel-2.6.27.19-170.2.35.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.