kernel-packages team mailing list archive

Thread
Date

[Bug 1420366] Re: kernel null pointer dereference after setsockopt(…IP_ADD_MEMBERSHIP…)

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: "Florian W." <1420366@xxxxxxxxxxxxxxxxxx>
Date: Thu, 12 Feb 2015 22:53:33 -0000
Reply-to: Bug 1420366 <1420366@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I have now verified that building the goldfish kernel from git with the
upstream commit cherry-picked, and then booting that kernel in the
emulator, solves my issue with libupnp.

** Summary changed:

- kernel null pointer dereference after setsockopt(…IP_ADD_MEMBERSHIP…)
+ [fixed-upstream] kernel null pointer dereference after setsockopt(…IP_ADD_MEMBERSHIP…)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-goldfish in Ubuntu.
https://bugs.launchpad.net/bugs/1420366

Title:
  [fixed-upstream] kernel null pointer dereference after
  setsockopt(…IP_ADD_MEMBERSHIP…)

Status in linux-goldfish package in Ubuntu:
  New

Bug description:
  Update: The "freeze" I explain in this bug is not an emulator freeze
  (which I thought at first), but a goldfish kernel panic.

  --------------------------------

  This might be a bug in one of the products the ubuntu emulator is
  based on, or maybe it's a configuration issue. I don't know so I
  report this here.

  I'm trying to use libupnp in the Ubuntu emulator (My app was compiled
  using a 15.04 framework / i386 "kit" chroot created through ubuntu-sdk
  on Ubuntu 14.04, the emulator runs the "devel" i386 system image, I
  think r1, and libupnp is statically linked against my c++ backend
  module).

  My system is 14.04 and I use the SDK PPA, so…
  ubuntu-emulator is version 0.10-0ubuntu1
  ubuntu-emulator-runtime is version 20140922-1903-0ubuntu3

  There is a problem because InitUpnp() freezes the emulator instead of
  initializing the library correctly.

  By single-stepping through that library function and the functions called by that function, I figured out that it probably freezes in a setsockopt() call: (*)
  > ret = setsockopt(*ssdpSock, IPPROTO_IP, IP_ADD_MEMBERSHIP,
  >			 (char *)&ssdpMcastAddr, sizeof(struct ip_mreq));

  Line 846:
  > http://sourceforge.net/p/pupnp/code/ci/master/tree/upnp/src/ssdp/ssdp_server.c#l846

  * (That guess is based on the fact that after entering
  create_ssdp_sock_v4(), there's a sequence of socket(), setsockopt(),
  bind(), inet_addr(), inet_addr(), setsockopt() and then it freezes
  when typing "fin" in gdb to return from the last setsockopt call – I
  don't have enough debug information in the binary to know exactly, and
  I'm looking at libupnp git master but linking against a precompiled
  libupnp.a supplied by Ubuntu.)

  That system call apparently changes the socket to receive multicast
  packets.

  Related: http://sourceforge.net/p/pupnp/mailman/message/18352779/
  states that the same line of code caused issues for another qemu-based
  emulator, but that was in 2008 and AIUI qemu is supposed to support
  IP_ADD_MEMBERSHIP since 2009.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-goldfish/+bug/1420366/+subscriptions