Bug 860834

Summary: Grub2 crashes fetching the kernel from http on F18
Product: [Fedora] Fedora Reporter: IBM Bug Proxy <bugproxy>
Component: grub2Assignee: Peter Jones <pjones>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 18CC: bcl, dcantrell, dennis, gustavold, jkachuck, mads, pjones, wgomerin
Target Milestone: ---   
Target Release: ---   
Hardware: ppc64   
OS: All   
Whiteboard:
Fixed In Version: grub2-2.00-10.fc18 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-10-30 20:29:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 846990    
Attachments:
Description Flags
Fix crash on http none

Description IBM Bug Proxy 2012-09-26 20:20:46 UTC 
== Comment: #0 - Gustavo Luiz Duarte <gusld.com> - 2012-09-25 11:05:25 ==
Description of problem:

Grub2 crashes fetching the kernel using http with the following error:


                             GNU GRUB  version 2.00

 +--------------------------------------------------------------------------+
 | setparams 'Linux Chukar Netboot'                                         | 
 |         insmod http                                                      |
 |         echo   'Loading linux...'                                        |
 |         set root=http,9.5.250.185                                        |
 |         linux   /gustavold/vmlinuz  ro repo=http://ppc.koji.fedoraproje\ |
 | ct.org/stage/f18-alpha-rc2/Fedora/ppc64/os vnc                           |
 |         echo   'Loading initial ramdisk...'                              |
 |         initrd  /gustavold/initrd.img                                    |
 |         echo   'Booting...'                                              |
 |                                                                          |
 |                                                                          |
 |                                                                          | 
 +--------------------------------------------------------------------------+

      Minimum Emacs-like screen editing is supported. TAB lists      
      completions. Press Ctrl-x or F10 to boot, Ctrl-c or F2 for      
      a command-line or ESC to discard edits and return to the GRUB menu.      
      

                        Booting a command list

Loading linux...
DEFAULT CATCH!, exception-handler=fff00300 
at   %SRR0: 00000000001eec20   %SRR1: 0000000000003002 
Open Firmware exception handler entered from non-OF code

Client's Fix Pt Regs:
 00 00000000001a81dc 0000000001a3fc10 0000000000000000 0000000070633634
 04 0000000000000002 0000000000145fa0 0000000000001972 0000000000001974
 08 0000000000004000 0000000000000000 0000000000000000 0000000001a3fc40
 0c 0000000040002082 0000000000000000 0000000000800050 0000000000190000
 10 00000000001807b0 000000000018ef42 000000000018efb8 000000000018efa0
 14 0000000002000063 00000000ffffffff 00000000001e38d0 0000000000000000
 18 000000000000000a 00000000001d20a0 0000000000000004 00000000001d20d4
 1c 00000000001ab08c 0000000000174b20 000000000015f7b0 0000000070633634
Special Regs:
    %IV: 00000300     %CR: 40002082    %XER: 00000000  %DSISR: 42000000 
  %SRR0: 00000000001eec20   %SRR1: 0000000000003002 
    %LR: 00000000001a81dc    %CTR: 00000000001a81a8 
   %DAR: 000000007063367c 
Virtual PID = 0 
 ofdbg
0 > 

Version-Release number of selected component (if applicable):
grub2-2.00-8.fc18.ppc64   (locally built)
Comment 1 IBM Bug Proxy 2012-09-26 20:21:11 UTC 
------- Comment From baude.com 2012-09-26 20:14 EDT-------
patch coming, need to mirror first to add bugz # into patch
Comment 2 Gustavo Luiz Duarte 2012-09-27 18:17:52 UTC 
Created attachment 618226 [details]
Fix crash on http

This patch fixes the crashes on http.

The crashes are cause by freeing file->data on receiving TCP FIN flag, since file->data is used all over without checking. http_close() will be called later to free that memory anyway and there is no need for action from the http side on receiving the FIN flag.

I've only tested on ppc64, but this issue probably affects all arches, since the code is not arch-specific.

You may not see this issue if your http server keeps the connection alive between several requests.

Patch sent upstream: http://lists.gnu.org/archive/html/grub-devel/2012-09/msg00081.html
Comment 3 Fedora Update System 2012-10-18 18:07:09 UTC 
grub2-2.00-10.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/grub2-2.00-10.fc18
Comment 4 Fedora Update System 2012-10-19 15:41:13 UTC 
Package grub2-2.00-10.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing grub2-2.00-10.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-16471/grub2-2.00-10.fc18
then log in and leave karma (feedback).
Comment 5 Fedora Update System 2012-10-22 19:53:34 UTC 
grub2-2.00-11.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/grub2-2.00-11.fc18
Comment 6 Gustavo Luiz Duarte 2012-10-30 20:29:36 UTC 
Tested grub2-2.00-11.fc18 and it works fine.