1688725 – 'import dmidecode' shouldn't access memory

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1688725 - 'import dmidecode' shouldn't access memory

Summary: 'import dmidecode' shouldn't access memory

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	python-dmidecode
Sub Component:
Version:	7.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	lijiang
QA Contact:	Jeff Bastian
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1711208
TreeView+	depends on / blocked

Reported:	2019-03-14 10:24 UTC by Jaroslav Škarvada
Modified:	2020-06-17 10:20 UTC (History)
CC List:	7 users (show)
Fixed In Version:	python-dmidecode-3.12.2-4.el7
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-03-31 19:59:47 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Reproducer (36 bytes, text/x-python) 2019-03-14 10:25 UTC, Jaroslav Škarvada	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2020:1096	0	None	None	None	2020-03-31 19:59:50 UTC

Description Jaroslav Škarvada 2019-03-14 10:24:53 UTC

Description of problem:
Dmidecode is not supported on ppc64/ppc64le and just importing the python-dmidecode library results in strange behaviour.

Version-Release number of selected component (if applicable):
python-dmidecode-3.12.2-3.el7.ppc64le

How reproducible:
Always

Steps to Reproduce:
1. ./test.py
2. journalctl -b | grep test.py

Actual results:
** COLLECTED WARNINGS **
/dev/mem (mmap): Operation not permitted
No SMBIOS nor DMI entry point found, sorry.
** END OF WARNINGS **

bře 14 06:18:44 ibm-p8-kvm-09-guest-14.virt.pnr.lab.eng.rdu2.redhat.com kernel: Program test.py tried to access /dev/mem between f0000->100000.

Expected results:
No error

Additional info:
Maybe the library should be reworked not to access the /dev/mem just in the import and to check whether dmidecode is supported, but sufficient workaround is just not to ship the library on ppc64/ppc64le, it's useless there.

It's related to the bug 1688371.

Comment 2 Jaroslav Škarvada 2019-03-14 10:25:46 UTC

Created attachment 1543976 [details]
Reproducer

Comment 3 Jaroslav Škarvada 2019-03-14 13:25:01 UTC

The same problem happens on aarch64, so probably it shouldn't be shipped on non x86(64).

Comment 4 Jaroslav Škarvada 2019-03-14 13:27:10 UTC

It seems on RHEL-7 the spec has just:
ExcludeArch: s390x

I cannot see any exclude/exclusive keywordss on the RHEL-8, so the RHEL-8 is probably also affected.

Comment 5 Jaroslav Škarvada 2019-03-14 13:55:48 UTC

Maybe the dmidecode package is good for offline parsing, but just the 'import dmidecode' shouldn't access hardcoded memory addresses (see the reproducer).

Comment 6 Ondřej Lysoněk 2019-03-14 14:29:31 UTC

Ideally, the dmidecode module should not print anything to stdout/stderr under any circumstances. If it encounters an error, it should raise an exception instead. Also, IMHO it shouldn't do anything that requires privileges during import.

Comment 7 Jaroslav Škarvada 2019-03-18 12:30:17 UTC

(In reply to Ondřej Lysoněk from comment #6)
> Ideally, the dmidecode module should not print anything to stdout/stderr
> under any circumstances. If it encounters an error, it should raise an
> exception instead. Also, IMHO it shouldn't do anything that requires
> privileges during import.

+1 it shouldn't access the memory even on x86 during the import, this could lead to the following when running the reprodcuer as non-privileged:

** COLLECTED WARNINGS **
 /dev/mem (mmap): Operation not permitted

Comment 8 Jeff Bastian 2019-03-19 18:17:10 UTC

This is known bug 1509938 and, unfortunately, it will not be fixed since upstream has abandoned python-dmidecode.

We've been updating tools to use dmidecode directly instead of the python module.  See the dependencies attached to bug 1509938.

Ideally, dmidecode should be updated to have a machine-readable-output option like XML or JSON so that tools like subscription-manager and abrt do not need complex parsers.

Comment 9 Jeff Bastian 2019-03-19 18:26:48 UTC

Historically, tools like dmidecode had to scrub through the first 1MB of RAM to find the SMBIOS (DMI) tables.  Modern kernels export the tables in /sys/firmware/dmi/tables/* and /sys/firmware/dmi/entries/*, and dmidecode has been updated to read from /sys instead of /dev/mem.  But since the module python-dmidecode was abandoned, it was never updated to read from /sys, hence we have these bugs.

Comment 10 lijiang 2019-04-23 03:05:17 UTC

For rhel8, we have disabled build python-dmidecode package other than x86_64 architecture, please refer to the bz#1626424.

Can we close this bug? Or also do the same things for rhel7, do you have any suggestions?

Thanks.

Comment 11 lijiang 2019-04-23 08:33:54 UTC

Hi, Jeff

Also disable build this package other than x86_64 on rhel7.7, just like on rhel8.

If you agree, i can add the devel_ack, can you help me add the qa_ack?

Thanks.

Comment 12 Jeff Bastian 2019-06-25 16:45:13 UTC

Hello Lianbo,

I'm sorry, I didn't see your question in comment 11.

We cannot disable the package in RHEL-7 / RHEL-ALT-7 or we will create repoclosure problems with rhn-client-tools and subscription-manager:

~]# repoquery --repofrompath RHEL-ALT-7.6,/mnt/engarchive2/released/RHEL-ALT-7/7.6/Server/aarch64/os/ --whatrequires python-dmidecode
rhn-client-tools-0:2.0.2-24.el7.aarch64
subscription-manager-0:1.21.10-2.el7.aarch64


Instead, maybe we could modify python-dmidecode to just exit early if running on non-x86 architectures?  This would prevent it from trying to access /dev/mem and failing.

Comment 13 Jeff Bastian 2019-06-25 16:58:54 UTC

A better repoquery:

### RHEL-7.6

~]# for A in ppc64 ppc64le s390x x86_64 ; do
    echo ::$A::
    repoquery \
      --repofrompath RHEL-7.6,http://download.devel.redhat.com/released/RHEL-7/7.6/Server/$A/os/ \
      --repoid RHEL-7.6 \
      --archlist ppc64,ppc64le,s390x,x86_64,noarch \
      --whatrequires python-dmidecode
    echo
done
::ppc64::
rhn-client-tools-0:2.0.2-24.el7.ppc64

::ppc64le::
rhn-client-tools-0:2.0.2-24.el7.ppc64le
subscription-manager-0:1.21.10-2.el7.ppc64le

::s390x::

::x86_64::
rhn-client-tools-0:2.0.2-24.el7.x86_64
subscription-manager-0:1.21.10-2.el7.x86_64


### RHEL-ALT-7.6

~]# for A in aarch64 ppc64le s390x ; do
    echo ::$A::
    repoquery \
      --repofrompath RHEL-ALT-7.6,http://download.devel.redhat.com/released/RHEL-ALT-7/7.6/Server/$A/os \
      --repoid RHEL-ALT-7.6 \
      --archlist aarch64,ppc64le,s390x,noarch \
      --whatrequires python-dmidecode
    echo
done
::aarch64::
rhn-client-tools-0:2.0.2-24.el7.aarch64
subscription-manager-0:1.21.10-2.el7.aarch64

::ppc64le::
rhn-client-tools-0:2.0.2-24.el7.ppc64le
subscription-manager-0:1.21.10-2.el7.ppc64le

::s390x::

Comment 14 lijiang 2019-07-15 05:25:26 UTC

(In reply to Jeff Bastian from comment #12)
> Hello Lianbo,
> 
> I'm sorry, I didn't see your question in comment 11.
> 
Don't worry.

> We cannot disable the package in RHEL-7 / RHEL-ALT-7 or we will create
> repoclosure problems with rhn-client-tools and subscription-manager:
> 
OK, it seems that it has a dependency issue.

Can we add them to the bug email list and discuss with them here? If they would like to get rid of the dependency, i will disable build this package, just like on rhel8.

> ~]# repoquery --repofrompath
> RHEL-ALT-7.6,/mnt/engarchive2/released/RHEL-ALT-7/7.6/Server/aarch64/os/
> --whatrequires python-dmidecode
> rhn-client-tools-0:2.0.2-24.el7.aarch64
> subscription-manager-0:1.21.10-2.el7.aarch64
> 
> 
> Instead, maybe we could modify python-dmidecode to just exit early if
> running on non-x86 architectures?  This would prevent it from trying to
> access /dev/mem and failing.

If so, this won't need to consider about the dependency issue, but actually it
doesn't get any information(correct result) for all operations.

Thanks.

Comment 22 lijiang 2019-08-06 07:56:26 UTC

Hi,

Here is a build packages, please refer to the following link:
build task: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=22919907
build packages: http://brew-task-repos.usersys.redhat.com/repos/official/python-dmidecode/3.12.2/4.el7/

Thanks.

Comment 24 Jeff Bastian 2019-09-30 15:04:58 UTC

Verified with python-dmidecode-3.12.2-4.el7

::::::::::::
:: Before ::
::::::::::::

[root@ibm-p8-kvm-03-guest-07 ~]# rpm -q python-dmidecode
python-dmidecode-3.12.2-3.el7.ppc64le

[root@ibm-p8-kvm-03-guest-07 ~]# python -c 'import dmidecode'

** COLLECTED WARNINGS **
/dev/mem (mmap): Operation not permitted
No SMBIOS nor DMI entry point found, sorry.
** END OF WARNINGS **
[  675.564531] Program python tried to access /dev/mem between f0000->100000.

[root@ibm-p8-kvm-03-guest-07 ~]# 


:::::::::::
:: After ::
:::::::::::

[root@ibm-p8-kvm-03-guest-07 ~]# rpm -q python-dmidecode
python-dmidecode-3.12.2-4.el7.ppc64le

[root@ibm-p8-kvm-03-guest-07 ~]# python -c 'import dmidecode'

[root@ibm-p8-kvm-03-guest-07 ~]#

Comment 27 errata-xmlrpc 2020-03-31 19:59:47 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1096

Note You need to log in before you can comment on or make changes to this bug.