Re: [vserver] Any chance of an update to the hardened patch?

>> Upgraded to 0.30.216_pre2841, but now it segfaults when I try to start
>> a vserver... (actually when I do nearly anything)
>>
>
> any messages in dmesg maybe?
>

Nothing related sadly - however, I have now got a good core dump - I
mailed it to Daniel offlist, but now I look it's pretty small and could
easily be mailed on line - the backtrace is below in any case:

>> Note, I now switched to using a non hardened kernel also. I have
>> 2.6.29.5 with matching VS patch (on intel core2 hardware with 64bit
>> kernel). Toolchain is still gcc3.4 hardened though (gentoo)
>>
>
> hmm, so an older gcc, but with 'gentoo hardened'
> patches? or was that a typo?
>

Correct - the gentoo hardened patches only apply to gcc 3.4 sadly...

Note I recently recompiled util-vserver with debug symbols using the non
hardened gcc 3.4 compiler - extremely similar problems (assume unchanged
in fact), so don't believe hardened gcc is directly responsible

However, I have recently updated glibc to 2.9 (in gentoo numbering?) and
I can't easily roll that change back to see if it's a factor (I could
switch back to my old kernel though)

> what does `vserver-info - SYSINFO` give?
>

# vserver-info - SYSINFO
Versions:
                   Kernel: 2.6.29.5-vs2.3.0.36.14
                   VS-API: 0x00020304
             util-vserver: 0.30.216-pre2841; Jul 7 2009, 13:34:35

Features:
               CC: x86_64-pc-linux-gnu-gcc, x86_64-pc-linux-gnu-gcc
(GCC) 3.4.6 (Gentoo Hardened 3.4.6-r2 p1.5, ssp-3.4.6-1.0, pie-8.7.10)
                      CXX: x86_64-pc-linux-gnu-g++,
x86_64-pc-linux-gnu-g++ (GCC) 3.4.6 (Gentoo Hardened 3.4.6-r2 p1.5,
ssp-3.4.6-1.0, pie-8.7.10)
                 CPPFLAGS: ''
                   CFLAGS: '-march=nocona -O2 -pipe -ggdb -std=c99 -Wall
-pedantic -W -funit-at-a-time'
                 CXXFLAGS: '-march=nocona -O2 -pipe -ggdb -ansi -Wall
-pedantic -W -fmessage-length=0 -funit-at-a-time'
               build/host: x86_64-pc-linux-gnu/x86_64-pc-linux-gnu
             Use dietlibc: yes
       Build C++ programs: yes
       Build C99 programs: yes
           Available APIs: v13,net,v21,v22,v23,netv2
            ext2fs Source: e2fsprogs
    syscall(2) invocation: alternative
      vserver(2) syscall#: 236/glibc
               crypto api: beecrypt
          python bindings: yes
   use library versioning: yes

Paths:
                   prefix: /usr
        sysconf-Directory: /etc
            cfg-Directory: /etc/vservers
         initrd-Directory: $(sysconfdir)/init.d
       pkgstate-Directory: /var/run/vservers
          vserver-Rootdir: /vservers/images

>> How can I check which app it's actually a coredump for? How can I test
>> I have proper debug symbols on that app?
>>

OK, so using the latest util-vserver from Daniel (as above), compiled
with a vanilla gcc 3.4.6 and debug symbols

# vserver www1 restart
(..boots up...)
/usr/sbin/chbind: line 135: 29542 Segmentation fault (core dumped)
"${create_cmd[@]}" "${chain_cmd[@]}" -- "$@"

# gdb /usr/sbin/vspace /vservers/images/www1/core
GNU gdb 6.8
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu"...
Core was generated by `/usr/sbin/vspace --new --default --
/usr/sbin/vcontext --create --silent --xid'.
Program terminated with signal 11, Segmentation fault.
[New process 29542]
#0 0x0000000000400877 in vc_ctx_kill (ctx=4196440, pid=-1, sig=29543)
at lib/syscall_kill.c:46
46 lib/syscall_kill.c: No such file or directory.
    in lib/syscall_kill.c
(gdb) thread apply all bt full

Thread 1 (process 29542):
#0 0x0000000000400877 in vc_ctx_kill (ctx=4196440, pid=-1, sig=29543)
at lib/syscall_kill.c:46
No locals.
#1 0x000000000040050a in main (argc=90, argv=0x7fff054c9418) at
src/vspace.c:141
    do_new = true
    do_enter = false
    do_set = false
    mask = 469762048
    index = 0
    xid = 4294967295
    sum = -1

----------------

Then I do (this only happens every 1 in 3 times ish - frequently it
works without a seg fault):

# vserver www1 enter
Segmentation fault (core dumped)

However, the core dump shows nothing helpful under gdb (shadow also
compiled with debug, unstripped, vanilla gcc)

# /login /vservers/images/www1/core
GNU gdb 6.8
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu"...

warning: core file may not match specified executable file.
Core was generated by
`login
'.
Program terminated with signal 11, Segmentation fault.
[New process 548]
#0 0x0000000000401343 in ?? ()
(gdb) thread apply all bt full

Thread 1 (process 548):
#0 0x0000000000401343 in ?? ()
No symbol table info available.
#1 0x0f0000000fc0c748 in ?? ()
No symbol table info available.
#2 0x0000000000000000 in ?? ()
No symbol table info available.
Received on Tue Jul 7 15:43:06 2009