runtime error: initgroups(www-data, 33) failed (5: I/O error)

Submitted by Rich Felker on Oct. 9, 2020, 8:39 p.m.

Details

Message ID 20201009203919.GA17637@brightrain.aerifal.cx
State New
Series "runtime error: initgroups(www-data, 33) failed (5: I/O error)"
Headers show

Commit Message

Rich Felker Oct. 9, 2020, 8:39 p.m.
On Fri, Oct 02, 2020 at 10:37:03PM -0400, Rich Felker wrote:
> On Sat, Oct 03, 2020 at 09:06:50AM +0800, Static Php wrote:
> > I has this runtime error on Ubuntu 18.04.5 LTS, CPU is AMD EPYC Processor.
> > 
> > Kernel: 5.4.0-49-generic #53~18.04.1-Ubuntu (other kernel also has this
> > problem)
> > 
> > more details: https://github.com/richfelker/musl-cross-make/issues/107
> > 
> > strace:
> > 
> > execve("./a.out", ["./a.out"], 0x7fff12cd26d0 /* 20 vars */) = 0
> > >
> > > arch_prctl(ARCH_SET_FS, 0x7ff53bb3b618) = 0
> > >
> > > set_tid_address(0x7ff53bb3bbe8)         = 40778
> > >
> > > socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0) = 3
> > >
> > > brk(NULL)                               = 0x555556f23000
> > >
> > > brk(0x555556f25000)                     = 0x555556f25000
> > >
> > > mmap(0x555556f23000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS,
> > > -1, 0) = 0x555556f23000
> > >
> > > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> > > 0x7ff53bb39000
> > >
> > > connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 24) = 0
> > >
> > > sendmsg(3, {msg_name=NULL, msg_namelen=0,
> > > msg_iov=[{iov_base="\2\0\0\0\17\0\0\0\t\0\0\0", iov_len=12},
> > > {iov_base="www-data\0", iov_len=9}], msg_iovlen=2, msg_controllen=0,
> > > msg_flags=0}, MSG_NOSIGNAL) = 21
> > >
> > > readv(3, [{iov_base="\2\0\0\0\1\0\0\0\0\0\0", iov_len=11}, {iov_base="\0",
> > > iov_len=1024}], 2) = 12
> > >
> > > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> > > 0x7ff53bb38000
> > >
> > > close(3)                                = 0
> > >
> > > munmap(0x7ff53bb39000, 4096)            = 0
> > >
> > > munmap(0x7ff53bb38000, 4096)            = 0
> > >
> > > ioctl(1, TIOCGWINSZ, {ws_row=59, ws_col=225, ws_xpixel=1575,
> > > ws_ypixel=826}) = 0
> > >
> > > writev(1, [{iov_base="err=-1, errno=5", iov_len=15}, {iov_base="\n",
> > > iov_len=1}], 2err=-1, errno=5
> > >
> > > ) = 16
> > >
> > > exit_group(0)                           = ?
> > >
> > > +++ exited with 0 +++
> > >
> 
> Ah, this looks like a bug in musl causing a zero-groups response from
> nscd to be interpreted as an error rather than success with no
> members:
> 
> 	if (!fread(nscdbuf, sizeof(*nscdbuf)*resp[INITGRNGRPS], 1, f)) {
> 		if (!ferror(f)) errno = EIO;
> 		goto cleanup;
> 	}
> 
> The problem is that this code was written assuming the fread call
> returns 1 on success, but fread has a stupid corner case (which we
> used to get wrong) where a zero-length read is required by the
> standard to return 0 even though logically it should return nmemb.
> 
> You can work around the problem by adding www-data to a useless dummy
> group. I'll prepare a patch for musl, though, and post it here as a
> follow-up soon.
> 
> Thanks for the report!

I think the attached patch should work, but it's not tested since I
dont have an environment with nscd handy.

Rich

Patch hide | download patch | download mbox

diff --git a/src/passwd/getgrouplist.c b/src/passwd/getgrouplist.c
index 43e51824..44785e10 100644
--- a/src/passwd/getgrouplist.c
+++ b/src/passwd/getgrouplist.c
@@ -31,12 +31,13 @@  int getgrouplist(const char *user, gid_t gid, gid_t *groups, int *ngroups)
 	if (resp[INITGRFOUND]) {
 		nscdbuf = calloc(resp[INITGRNGRPS], sizeof(uint32_t));
 		if (!nscdbuf) goto cleanup;
-		if (!fread(nscdbuf, sizeof(*nscdbuf)*resp[INITGRNGRPS], 1, f)) {
+		size_t ngrps = resp[INITGRNGRPS];
+		if (ngrps && !fread(nscdbuf, sizeof(*nscdbuf)*ngrps, 1, f)) {
 			if (!ferror(f)) errno = EIO;
 			goto cleanup;
 		}
 		if (swap) {
-			for (i = 0; i < resp[INITGRNGRPS]; i++)
+			for (i = 0; i < ngrps; i++)
 				nscdbuf[i] = bswap_32(nscdbuf[i]);
 		}
 	}

Comments

Static Php Oct. 25, 2020, 6:03 a.m.
I am not sure which step I made wrong, but I still get this error.

1. make clean
2. make musl-1.2.1
3. patch -p1 < ../patches/musl-1.2.0/0002-group.diff
4. make all -j8
5. sudo make install

then I relink my php, test at  old server and get the same result.

On Sat, Oct 10, 2020 at 4:39 AM Rich Felker <dalias@libc.org> wrote:

> On Fri, Oct 02, 2020 at 10:37:03PM -0400, Rich Felker wrote:
> > On Sat, Oct 03, 2020 at 09:06:50AM +0800, Static Php wrote:
> > > I has this runtime error on Ubuntu 18.04.5 LTS, CPU is AMD EPYC
> Processor.
> > >
> > > Kernel: 5.4.0-49-generic #53~18.04.1-Ubuntu (other kernel also has this
> > > problem)
> > >
> > > more details: https://github.com/richfelker/musl-cross-make/issues/107
> > >
> > > strace:
> > >
> > > execve("./a.out", ["./a.out"], 0x7fff12cd26d0 /* 20 vars */) = 0
> > > >
> > > > arch_prctl(ARCH_SET_FS, 0x7ff53bb3b618) = 0
> > > >
> > > > set_tid_address(0x7ff53bb3bbe8)         = 40778
> > > >
> > > > socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0) = 3
> > > >
> > > > brk(NULL)                               = 0x555556f23000
> > > >
> > > > brk(0x555556f25000)                     = 0x555556f25000
> > > >
> > > > mmap(0x555556f23000, 4096, PROT_NONE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS,
> > > > -1, 0) = 0x555556f23000
> > > >
> > > > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
> -1, 0) =
> > > > 0x7ff53bb39000
> > > >
> > > > connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 24)
> = 0
> > > >
> > > > sendmsg(3, {msg_name=NULL, msg_namelen=0,
> > > > msg_iov=[{iov_base="\2\0\0\0\17\0\0\0\t\0\0\0", iov_len=12},
> > > > {iov_base="www-data\0", iov_len=9}], msg_iovlen=2, msg_controllen=0,
> > > > msg_flags=0}, MSG_NOSIGNAL) = 21
> > > >
> > > > readv(3, [{iov_base="\2\0\0\0\1\0\0\0\0\0\0", iov_len=11},
> {iov_base="\0",
> > > > iov_len=1024}], 2) = 12
> > > >
> > > > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
> -1, 0) =
> > > > 0x7ff53bb38000
> > > >
> > > > close(3)                                = 0
> > > >
> > > > munmap(0x7ff53bb39000, 4096)            = 0
> > > >
> > > > munmap(0x7ff53bb38000, 4096)            = 0
> > > >
> > > > ioctl(1, TIOCGWINSZ, {ws_row=59, ws_col=225, ws_xpixel=1575,
> > > > ws_ypixel=826}) = 0
> > > >
> > > > writev(1, [{iov_base="err=-1, errno=5", iov_len=15}, {iov_base="\n",
> > > > iov_len=1}], 2err=-1, errno=5
> > > >
> > > > ) = 16
> > > >
> > > > exit_group(0)                           = ?
> > > >
> > > > +++ exited with 0 +++
> > > >
> >
> > Ah, this looks like a bug in musl causing a zero-groups response from
> > nscd to be interpreted as an error rather than success with no
> > members:
> >
> >       if (!fread(nscdbuf, sizeof(*nscdbuf)*resp[INITGRNGRPS], 1, f)) {
> >               if (!ferror(f)) errno = EIO;
> >               goto cleanup;
> >       }
> >
> > The problem is that this code was written assuming the fread call
> > returns 1 on success, but fread has a stupid corner case (which we
> > used to get wrong) where a zero-length read is required by the
> > standard to return 0 even though logically it should return nmemb.
> >
> > You can work around the problem by adding www-data to a useless dummy
> > group. I'll prepare a patch for musl, though, and post it here as a
> > follow-up soon.
> >
> > Thanks for the report!
>
> I think the attached patch should work, but it's not tested since I
> dont have an environment with nscd handy.
>
> Rich
>
Static Php Oct. 25, 2020, 6:21 a.m.
I put the patch file into folder patches/musl-1.2.1 and rebuild, get the
same results.

On Sun, Oct 25, 2020 at 2:03 PM Static Php <phpstatic.com@gmail.com> wrote:

> I am not sure which step I made wrong, but I still get this error.
>
> 1. make clean
> 2. make musl-1.2.1
> 3. patch -p1 < ../patches/musl-1.2.0/0002-group.diff
> 4. make all -j8
> 5. sudo make install
>
> then I relink my php, test at  old server and get the same result.
>
> On Sat, Oct 10, 2020 at 4:39 AM Rich Felker <dalias@libc.org> wrote:
>
>> On Fri, Oct 02, 2020 at 10:37:03PM -0400, Rich Felker wrote:
>> > On Sat, Oct 03, 2020 at 09:06:50AM +0800, Static Php wrote:
>> > > I has this runtime error on Ubuntu 18.04.5 LTS, CPU is AMD EPYC
>> Processor.
>> > >
>> > > Kernel: 5.4.0-49-generic #53~18.04.1-Ubuntu (other kernel also has
>> this
>> > > problem)
>> > >
>> > > more details:
>> https://github.com/richfelker/musl-cross-make/issues/107
>> > >
>> > > strace:
>> > >
>> > > execve("./a.out", ["./a.out"], 0x7fff12cd26d0 /* 20 vars */) = 0
>> > > >
>> > > > arch_prctl(ARCH_SET_FS, 0x7ff53bb3b618) = 0
>> > > >
>> > > > set_tid_address(0x7ff53bb3bbe8)         = 40778
>> > > >
>> > > > socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0) = 3
>> > > >
>> > > > brk(NULL)                               = 0x555556f23000
>> > > >
>> > > > brk(0x555556f25000)                     = 0x555556f25000
>> > > >
>> > > > mmap(0x555556f23000, 4096, PROT_NONE,
>> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS,
>> > > > -1, 0) = 0x555556f23000
>> > > >
>> > > > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
>> -1, 0) =
>> > > > 0x7ff53bb39000
>> > > >
>> > > > connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"},
>> 24) = 0
>> > > >
>> > > > sendmsg(3, {msg_name=NULL, msg_namelen=0,
>> > > > msg_iov=[{iov_base="\2\0\0\0\17\0\0\0\t\0\0\0", iov_len=12},
>> > > > {iov_base="www-data\0", iov_len=9}], msg_iovlen=2, msg_controllen=0,
>> > > > msg_flags=0}, MSG_NOSIGNAL) = 21
>> > > >
>> > > > readv(3, [{iov_base="\2\0\0\0\1\0\0\0\0\0\0", iov_len=11},
>> {iov_base="\0",
>> > > > iov_len=1024}], 2) = 12
>> > > >
>> > > > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
>> -1, 0) =
>> > > > 0x7ff53bb38000
>> > > >
>> > > > close(3)                                = 0
>> > > >
>> > > > munmap(0x7ff53bb39000, 4096)            = 0
>> > > >
>> > > > munmap(0x7ff53bb38000, 4096)            = 0
>> > > >
>> > > > ioctl(1, TIOCGWINSZ, {ws_row=59, ws_col=225, ws_xpixel=1575,
>> > > > ws_ypixel=826}) = 0
>> > > >
>> > > > writev(1, [{iov_base="err=-1, errno=5", iov_len=15}, {iov_base="\n",
>> > > > iov_len=1}], 2err=-1, errno=5
>> > > >
>> > > > ) = 16
>> > > >
>> > > > exit_group(0)                           = ?
>> > > >
>> > > > +++ exited with 0 +++
>> > > >
>> >
>> > Ah, this looks like a bug in musl causing a zero-groups response from
>> > nscd to be interpreted as an error rather than success with no
>> > members:
>> >
>> >       if (!fread(nscdbuf, sizeof(*nscdbuf)*resp[INITGRNGRPS], 1, f)) {
>> >               if (!ferror(f)) errno = EIO;
>> >               goto cleanup;
>> >       }
>> >
>> > The problem is that this code was written assuming the fread call
>> > returns 1 on success, but fread has a stupid corner case (which we
>> > used to get wrong) where a zero-length read is required by the
>> > standard to return 0 even though logically it should return nmemb.
>> >
>> > You can work around the problem by adding www-data to a useless dummy
>> > group. I'll prepare a patch for musl, though, and post it here as a
>> > follow-up soon.
>> >
>> > Thanks for the report!
>>
>> I think the attached patch should work, but it's not tested since I
>> dont have an environment with nscd handy.
>>
>> Rich
>>
>
Rich Felker Oct. 25, 2020, 4:15 p.m.
On Sun, Oct 25, 2020 at 02:03:07PM +0800, Static Php wrote:
> I am not sure which step I made wrong, but I still get this error.
> 
> 1. make clean
> 2. make musl-1.2.1
> 3. patch -p1 < ../patches/musl-1.2.0/0002-group.diff
> 4. make all -j8
> 5. sudo make install
> 
> then I relink my php, test at  old server and get the same result.

It's not clear which directories you're running those commands in. It
should just be sufficient to put the patch in patches/musl-1.2.1 (note
you have 1.2.0 and 1.2.1 mismatched above) and re-run mcm from scratch
(or just rm -rf the obj_musl directory under build/local/$(TARGET) and
re-run an incremental make; no need to build gcc again.

Rich


> On Sat, Oct 10, 2020 at 4:39 AM Rich Felker <dalias@libc.org> wrote:
> 
> > On Fri, Oct 02, 2020 at 10:37:03PM -0400, Rich Felker wrote:
> > > On Sat, Oct 03, 2020 at 09:06:50AM +0800, Static Php wrote:
> > > > I has this runtime error on Ubuntu 18.04.5 LTS, CPU is AMD EPYC
> > Processor.
> > > >
> > > > Kernel: 5.4.0-49-generic #53~18.04.1-Ubuntu (other kernel also has this
> > > > problem)
> > > >
> > > > more details: https://github.com/richfelker/musl-cross-make/issues/107
> > > >
> > > > strace:
> > > >
> > > > execve("./a.out", ["./a.out"], 0x7fff12cd26d0 /* 20 vars */) = 0
> > > > >
> > > > > arch_prctl(ARCH_SET_FS, 0x7ff53bb3b618) = 0
> > > > >
> > > > > set_tid_address(0x7ff53bb3bbe8)         = 40778
> > > > >
> > > > > socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0) = 3
> > > > >
> > > > > brk(NULL)                               = 0x555556f23000
> > > > >
> > > > > brk(0x555556f25000)                     = 0x555556f25000
> > > > >
> > > > > mmap(0x555556f23000, 4096, PROT_NONE,
> > MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS,
> > > > > -1, 0) = 0x555556f23000
> > > > >
> > > > > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
> > -1, 0) =
> > > > > 0x7ff53bb39000
> > > > >
> > > > > connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 24)
> > = 0
> > > > >
> > > > > sendmsg(3, {msg_name=NULL, msg_namelen=0,
> > > > > msg_iov=[{iov_base="\2\0\0\0\17\0\0\0\t\0\0\0", iov_len=12},
> > > > > {iov_base="www-data\0", iov_len=9}], msg_iovlen=2, msg_controllen=0,
> > > > > msg_flags=0}, MSG_NOSIGNAL) = 21
> > > > >
> > > > > readv(3, [{iov_base="\2\0\0\0\1\0\0\0\0\0\0", iov_len=11},
> > {iov_base="\0",
> > > > > iov_len=1024}], 2) = 12
> > > > >
> > > > > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
> > -1, 0) =
> > > > > 0x7ff53bb38000
> > > > >
> > > > > close(3)                                = 0
> > > > >
> > > > > munmap(0x7ff53bb39000, 4096)            = 0
> > > > >
> > > > > munmap(0x7ff53bb38000, 4096)            = 0
> > > > >
> > > > > ioctl(1, TIOCGWINSZ, {ws_row=59, ws_col=225, ws_xpixel=1575,
> > > > > ws_ypixel=826}) = 0
> > > > >
> > > > > writev(1, [{iov_base="err=-1, errno=5", iov_len=15}, {iov_base="\n",
> > > > > iov_len=1}], 2err=-1, errno=5
> > > > >
> > > > > ) = 16
> > > > >
> > > > > exit_group(0)                           = ?
> > > > >
> > > > > +++ exited with 0 +++
> > > > >
> > >
> > > Ah, this looks like a bug in musl causing a zero-groups response from
> > > nscd to be interpreted as an error rather than success with no
> > > members:
> > >
> > >       if (!fread(nscdbuf, sizeof(*nscdbuf)*resp[INITGRNGRPS], 1, f)) {
> > >               if (!ferror(f)) errno = EIO;
> > >               goto cleanup;
> > >       }
> > >
> > > The problem is that this code was written assuming the fread call
> > > returns 1 on success, but fread has a stupid corner case (which we
> > > used to get wrong) where a zero-length read is required by the
> > > standard to return 0 even though logically it should return nmemb.
> > >
> > > You can work around the problem by adding www-data to a useless dummy
> > > group. I'll prepare a patch for musl, though, and post it here as a
> > > follow-up soon.
> > >
> > > Thanks for the report!
> >
> > I think the attached patch should work, but it's not tested since I
> > dont have an environment with nscd handy.
> >
> > Rich
> >