er-murazor root # lspci -vv 0000:00:00.0 Host bridge: Intel Corp. 82845 845 (Brookdale) Chipset Host Bridge (rev 03) Subsystem: GVC/BCM Advanced Research: Unknown device 2147 Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- Status: Cap+ 66Mhz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort+ >SERR- <PERR- Latency: 0 Region 0: Memory at e0000000 (32-bit, prefetchable) Capabilities: [e4] #09 [0104] Capabilities: [a0] AGP version 2.0 Status: RQ=32 Iso- ArqSz=0 Cal=0 SBA+ ITACoh- GART64- HTrans- 64bit- FW+ AGP3- Rate=x1,x2,x4 Command: RQ=1 ArqSz=0 Cal=0 SBA- AGP+ GART64- 64bit- FW- Rate=x4 lspci: stack smashing attack in function show_agp() Segmentation fault er-murazor root # emerge info Portage 2.0.50-r1 (default-x86-1.4, gcc-3.3.2, glibc-2.3.3_pre20040207-r0, 2.6.2-mm1) ================================================================= System uname: 2.6.2-mm1 i686 Intel(R) Pentium(R) 4 CPU 1600MHz Gentoo Base System version 1.4.3.13 distcc 2.12.1 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] Autoconf: sys-devel/autoconf-2.59 Automake: sys-devel/automake-1.8.2 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CFLAGS="-O2 -march=pentium4 -pipe -fomit-frame-pointer -frename-registers -fstack-protector" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-O2 -march=pentium4 -pipe -fomit-frame-pointer -frename-registers -fstack-protector" DISTDIR="/home/distfiles" FEATURES="autoaddcvs ccache" GENTOO_MIRRORS="http://gentoo.conectium.com http://gentoo.mirrors.pair.com http://gentoo.linux.no http://gentoo.oregonstate.edu" MAKEOPTS="-j2" PKGDIR="/home/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://gentoo.conectium.com/gentoo-portage" USE="X aalib acpi acpi4linux alsa apache2 apm arts artswrappersuid avi bcel berkdb bidi bsf bsh clamav crypt cscope cups dillo dnd encode ethereal fam foomaticdb freetype gd gdbm gif gpm gstreamer gtk gtk2 imap imlib innodb java javamail jdepend jikes jpeg js jsch junit justify jython kde lcms libwww lids log4j lufsusermount mad maildir md5sum mmx motif mozilla moznocompose moznoirc moznomail mpeg mule mysql ncurses nls nptl offensive oggvorbis opengl openssh optional-tasks oro oss pam pdflib perl pic png ppds python qt quicktime readline regexp samba sasl sdl skey slang slp snmp spell sse ssl svga tcltk tcpd tiff truetype usb vanilla vim-with-x x86 xalan xerces xface xml xml2 xmms xv zlib"
Adrian, Sorry nobody has reponded quicker. -------------------------------------------- Portage 2.0.50_pre22 (default-x86-1.4, gcc-3.3.2, glibc-2.3.3_pre20040117-r1, 2.4.24-grsec-1.9.13) ================================================================= System uname: 2.4.24-grsec-1.9.13 i686 Intel(R) Pentium(R) 4 CPU 1400MHz Gentoo Base System version 1.4.3.12 distcc 2.5 i686-pc-linux-gnu (protocol 1) (default port 3632) [disabled] Autoconf: sys-devel/autoconf-2.59 Automake: sys-devel/automake-1.7.8 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CFLAGS="-march=i686 -O3 -pipe -mcpu=pentium4 -fforce-addr -fPIC -fstack-protector" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-march=i686 -O3 -pipe -mcpu=pentium4 -fforce-addr -fPIC -fstack-protector" DISTDIR="/usr/portage/distfiles" FEATURES="buildpkg ccache cvs flawfinder noauto noautoaddcvs rats sfperms strict strip suidctl usersandbox" GENTOO_MIRRORS="http://gentoo.oregonstate.edu http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/home/cvsroot/gentoo-x86/" PORTDIR_OVERLAY="" SYNC="rsync://192.168.1.1/gentoo-portage" USE="3dfx X aalib acpi apic apm avi berkdb bonobo cdr clflush cmov crypt cx8 de dts encode esd etdyn evo foomaticdb fpu fxsr gd gdbm gnome gnomedb gpm gtkhtml guile ht imlib jpeg justify ldap libg++ libwww mad mca mce mikmod mmx motif mozilla moznocompose moznoirc moznomail mozxmlterm mpeg msr mtrr mysql ncurses nls oggvorbis opengl oss pae pam pat pdflib perl pge pic pie png prelude pse pse36 python quicktime readline sdl sep slang snmp spell ss sse sse2 ssl svga tcpd tetex tm truetype tsc ungif vme voodoo3 x86 xinerama xml2 xmms xv zlib" -------------------------------------------- lspci -vv | grep -i agp 00:01.0 PCI bridge: Intel Corp. 82850 850 (Tehama) Chipset AGP Bridge (rev 02) (prog-if 00 [Normal decode]) -march=i686 -O3 -pipe -mcpu=pentium4 -fforce-addr -fPIC -fomit-frame-pointer -fstack-protector solar@simple / $ lspci -vv> /dev/null ; echo $? ; lspci --version 0 lspci version 2.1.11 all looks good for me with these settings , so I tested with yours. CFLAGS="-O2 -march=pentium4 -pipe -fomit-frame-pointer -frename-registers -fstack-protector" emerge pciutils I just cant get this to trigger. What version of pciutils is this? Could you also please attach the file in which the show_agp() function comes from.
Solar: This is on another machine, and i have the same problem !! weird ! angmar root # lspci -vv> /dev/null ; echo $? ; lspci --version lspci: stack smashing attack in function show_agp() Segmentation fault 139 lspci version 2.1.11
strace -i -f lspci -vv
Created attachment 26228 [details] lspci.strace.log
This happens for me as well on my system. I've tried the code from the mainline distribution of pciutils. This does not occur on there. The differences between that and gentoo for lspci appear to simply be: 3des pciutils-2.1.11 # diff lspci.c.orig lspci.c 193a194,197 > if (a->domain < b->domain) > return -1; > if (a->domain > b->domain) > return 1; 245c249,250 < printf("%02x:%02x.%x %s: %s", --- > printf("%04x:%02x:%02x.%x %s: %s", > p->domain, Anyone see an overflow? Not an isolated incident. Fails in almost exactly the same way for me: 3des pciutils-2.1.11 # lspci -vv 0000:00:00.0 Host bridge: Intel Corp. 82845G/GL[Brookdale-G]/GE/PE DRAM Controller/Host-Hub Interface (rev 01) Subsystem: Micro-Star International Co., Ltd.: Unknown device 5770 Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- Status: Cap+ 66Mhz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort+ >SERR- <PERR- Latency: 0 Region 0: Memory at d8000000 (32-bit, prefetchable) Capabilities: [e4] #09 [0105] Capabilities: [a0] AGP version 2.0 Status: RQ=32 Iso- ArqSz=0 Cal=0 SBA+ ITACoh- GART64- HTrans- 64bit- FW+ AGP3- Rate=x1,x2,x4 Command: RQ=1 ArqSz=0 Cal=0 SBA- AGP+ GART64- 64bit- FW- Rate=x4 lspci: stack smashing attack in function show_caps() Segmentation fault Different function named as the culprit though... same version of lspci. Probably similar hardware.
Re: comment #4 (the strace output did not provide any usefull info) FEATURES="nostrip keepwork" CFLAGS="-g -ggdb" emerge pciutils ulimit -c unlimited lspci -vv Do whatever you need to do to get this thing to drop a core then type. # gdb -q `which lspci` core # bt full # disass $eip-0x20 $eip+0x20 Then paste in here.
Want to help me help you? I still need more debug info here...
Ok, i compiled pciutils with FEATURES="nostrip keepwork" CFLAGS="-g -ggdb" emerge pciutils and it no longer get the stack smashing problem, now its working perfectly. It very strange...
Compiled again with my default CFLAGS and it got broken again. got a core file and running gdb on it: angmar root # gdb -q `which lspci` core (no debugging symbols found)...Using host libthread_db library "/lib/libthread_db.so.1". Core was generated by `lspci -vv'. Program terminated with signal 6, Aborted. warning: current_sos: Can't read pathname for load map: Input/output error Reading symbols from /lib/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/ld-linux.so.2 #0 0xffffe410 in ?? () (gdb) bt full #0 0xffffe410 in ?? () No symbol table info available. #1 0xbffff5d8 in ?? () No symbol table info available. #2 0x40130100 in ?? () from /lib/libc.so.6 No symbol table info available. #3 0x00000006 in ?? () No symbol table info available. #4 0x40050e06 in kill () from /lib/libc.so.6 No symbol table info available. #5 0x4003ea21 in __stack_smash_handler () from /lib/libc.so.6 No symbol table info available. #6 0x08049a04 in ?? () No symbol table info available. #7 0x0805098f in _IO_stdin_used () No symbol table info available. #8 0xae22a500 in ?? () No symbol table info available. #9 0x00000000 in ?? () No symbol table info available. #10 0x00000000 in ?? () No symbol table info available. #11 0x0000002d in ?? () No symbol table info available. #12 0x0000002d in ?? () No symbol table info available. #13 0x0000002d in ?? () No symbol table info available. #14 0x0000002d in ?? () No symbol table info available. #15 0x0000002d in ?? () No symbol table info available. #16 0xbffff628 in ?? () No symbol table info available. #17 0x0000002b in ?? () No symbol table info available. #18 0x0000002d in ?? () No symbol table info available. ---Type <return> to continue, or q <return> to quit--- #19 0xbffff628 in ?? () No symbol table info available. #20 0xbffff62c in ?? () No symbol table info available. #21 0x4008541d in __overflow () from /lib/libc.so.6 No symbol table info available. Previous frame inner to this frame (corrupt stack?) (gdb) disass $eip-0x20 $eip+0x20 Dump of assembler code from 0xffffe3f0 to 0xffffe430: 0xffffe3f0: add %al,(%eax) 0xffffe3f2: add %al,(%eax) 0xffffe3f4: add %al,(%eax) 0xffffe3f6: add %al,(%eax) 0xffffe3f8: add %al,(%eax) 0xffffe3fa: add %al,(%eax) 0xffffe3fc: add %al,(%eax) 0xffffe3fe: add %al,(%eax) 0xffffe400: push %ecx 0xffffe401: push %edx 0xffffe402: push %ebp 0xffffe403: mov %esp,%ebp 0xffffe405: sysenter 0xffffe407: nop 0xffffe408: nop 0xffffe409: nop 0xffffe40a: nop 0xffffe40b: nop 0xffffe40c: nop 0xffffe40d: nop 0xffffe40e: jmp 0xffffe403 0xffffe410: pop %ebp 0xffffe411: pop %edx 0xffffe412: pop %ecx 0xffffe413: ret 0xffffe414: add %al,(%eax) 0xffffe416: add %al,(%eax) 0xffffe418: add %al,(%eax) 0xffffe41a: add %al,(%eax) 0xffffe41c: add %al,(%eax) 0xffffe41e: add %al,(%eax) 0xffffe420: pop %eax 0xffffe421: mov $0x77,%eax 0xffffe426: int $0x80 0xffffe428: nop 0xffffe429: nop 0xffffe42a: nop ---Type <return> to continue, or q <return> to quit--- 0xffffe42b: nop 0xffffe42c: nop 0xffffe42d: nop 0xffffe42e: nop 0xffffe42f: nop End of assembler dump. (gdb)
patch will be going in portage which resolves this problem shortly. http://marc.theaimsgroup.com/?t=109080349600004&r=1&w=2
Updated in pciutils-2.1.11-r1.ebuild Please confirm this fixes the problem for you.
Since Adrian hasn't confirmed, I will as I saw the same error a while back, seeing this I built it with debug as commented above to work around it. With the -r1 ebuild, the "lspci -vv" not longer smashes. Kev. # emerge --oneshot =sys-apps/pciutils-2.1.11 # lspci -vvv 00:00.0 Host bridge: Silicon Integrated Systems [SiS] 741/741GX/M741 Host (rev 03) Subsystem: Unknown device 1849:0741 Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort+ >SERR- <PERR- Latency: 0 Region 0: Memory at d0000000 (32-bit, non-prefetchable) [size=64M] Capabilities: [c0] AGP version 3.5 Status: RQ=32 Iso- ArqSz=0 Cal=0 SBA+ ITACoh- GART64- HTrans- 64bit- FW+ AGP3- Rate=x1,x2,x4 Command: RQ=1 ArqSz=0 Cal=0 SBA- AGP+ GART64- 64bit- FW- Rate=x4 lspci: stack smashing attack in function show_agp() Aborted # emerge --oneshot =sys-apps/pciutils-2.1.11-r1 # lspci -vv 0000:00:00.0 Host bridge: Silicon Integrated Systems [SiS] 741/741GX/M741 Host (rev 03) Subsystem: Unknown device 1849:0741 Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort+ >SERR- <PERR- Latency: 0 Region 0: Memory at d0000000 (32-bit, non-prefetchable) Capabilities: [c0] AGP version 3.5 Status: RQ=32 Iso- ArqSz=0 Cal=0 SBA+ ITACoh- GART64- HTrans- 64bit- FW+ AGP3- Rate=x1,x2,x4 Command: RQ=1 ArqSz=0 Cal=0 SBA- AGP+ GART64- 64bit- FW- Rate=x4 0000:00:01.0 PCI bridge: Silicon Integrated Systems [SiS]: Unknown device 0003 (prog-if 00 [Normal decode]) [...rest snipped - no smash!]
I cant confirm about this bug, cause im on AMD64 now i no longer have x86 hardware to test it. Sorry.
Closing bug as FIXED
closed