[prev in list] [next in list] [prev in thread] [next in thread]
List: openser-devel
Subject: [sr-dev] [kamailio/kamailio] Regression on app_lua after ASLR enable (Issue #3202)
From: Boris Korzun <notifications () github ! com>
Date: 2022-07-27 9:04:28
Message-ID: kamailio/kamailio/issues/3202 () github ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
### Description
There's a regression after enabling Address Space Layout Randomization (ASLR). \
Kamailio causes SIGSEGV while loading `app_lua` (or other KEMI Interpreters \
probably).
### Troubleshooting
#### Reproduction
The regression has appeared after update FreeBSD kernel to \
https://github.com/freebsd/freebsd-src/commit/10192e77cfacd1f27601882af61883be4d3ec58d
Kamailio falls after `loadmodule "app_lua.so"` in `kamailio.cfg`.
#### Debugging Data
```
root@server:/usr/jails/containers/kamailio/var/coredump/986# jexec kamailio lldb -c \
/var/coredump/986/kamailio.13521.core -- /usr/local/sbin/kamailio (lldb) target \
create "/usr/local/sbin/kamailio" --core "/var/coredump/986/kamailio.13521.core" Core \
file '/var/coredump/986/kamailio.13521.core' (x86_64) was loaded. (lldb) bt all
* thread #1, name = 'kamailio', stop reason = signal SIGSEGV
* frame #0: 0x0000000825b61350 libc.so.7`strncmp(s1=<unavailable>, \
s2=<unavailable>, n=<unavailable>) at strncmp.c:47:7 frame #1: 0x00000000003fc394 \
kamailio`sr_kemi_modules_add(klist=0x0000000861afb410) at kemi.c:3392:8 frame #2: \
0x0000000861ae6154 app_lua.so`mod_register(path="/usr/local/lib/kamailio/modules/app_lua.so", \
dlflags=0x0000000821805b48, p1=0x0000000000000000, p2=0x0000000000000000) at \
app_lua_mod.c:605:2 frame #3: 0x00000000005e4b30 \
kamailio`load_module(mod_path="app_lua.so") at sr_module.c:592:7 frame #4: \
0x0000000000885936 kamailio`yyparse at cfg.y:1965:8 frame #5: 0x00000000002ff384 \
kamailio`main(argc=7, argv=0x000000082180a848) at main.c:2506:6 frame #6: \
0x00000000002ddd90 kamailio`_start(ap=<unavailable>, cleanup=<unavailable>) at \
crt1_c.c:75:7 ```
`_sr_kemi_modules[].mname.s` for `app_lua` points to incorrect data after second call \
`mod_register()@app_lua_mod.c` from `load_module()@sr_module.c` (reloading the module \
for setting correct `dlflags`).
#### Log Messages
```
08:35:53.689647 DEBUG: <core> [core/cfg.y:1964]: yyparse(): loading module kemix.so
08:35:53.689684 DEBUG: <core> [core/sr_module.c:516]: ksr_locate_module(): found \
module to load </usr/local/lib/kamailio/modules/kemix.so> 08:35:53.689698 DEBUG: \
<core> [core/sr_module.c:566]: load_module(): trying to load \
</usr/local/lib/kamailio/modules/kemix.so> 08:35:53.689796 DEBUG: <core> \
[core/kemi.c:3398]: sr_kemi_modules_add(): adding module: kx 08:35:53.689847 DEBUG: \
<core> [core/cfg.lex:2039]: pp_define(): defining id: MOD_kemix 08:35:53.689895 \
DEBUG: <core> [core/cfg.y:1964]: yyparse(): loading module app_lua.so 08:35:53.689931 \
DEBUG: <core> [core/sr_module.c:516]: ksr_locate_module(): found module to load \
</usr/local/lib/kamailio/modules/app_lua.so> 08:35:53.689948 DEBUG: <core> \
[core/sr_module.c:566]: load_module(): trying to load \
</usr/local/lib/kamailio/modules/app_lua.so> 08:35:53.690418 DEBUG: <core> \
[core/kemi.c:3494]: sr_kemi_eng_register(): registered config routing enginge [lua] \
08:35:53.690444 DEBUG: <core> [core/kemi.c:3398]: sr_kemi_modules_add(): adding \
module: app_lua ```
### Possible Solutions
Temporary solution is disabling ASLR, ex. FreeBSD:
```
# sysctl kern.elf64.aslr.enable=0
# sysctl kern.elf64.aslr.pie_enable=0
```
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
```
version: kamailio 5.6.1 (x86_64/freebsd) b36a13
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, \
USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, \
DBG_SR_MEMORY, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, \
USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED ADAPTIVE_WAIT_LOOPS \
1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT \
PKG_SIZE 8MB poll method support: poll, select, kqueue.
id: b36a13
compiled on 08:12:34 Jul 27 2022 with cc FreeBSD clang version 14.0.5 \
(https://github.com/llvm/llvm-project.git llvmorg-14.0.5-0-gc12386ae247c) ```
5.5.4 is affected too
* **Operating System**:
```
FreeBSD 13/stable
```
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3202
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3202@github.com>
[Attachment #5 (text/html)]
<p></p>
<h3 dir="auto">Description</h3>
<p dir="auto">There's a regression after enabling Address Space Layout Randomization \
(ASLR). Kamailio causes SIGSEGV while loading <code \
class="notranslate">app_lua</code> (or other KEMI Interpreters probably).</p> <h3 \
dir="auto">Troubleshooting</h3> <h4 dir="auto">Reproduction</h4>
<p dir="auto">The regression has appeared after update FreeBSD kernel to <a \
class="commit-link" data-hovercard-type="commit" \
data-hovercard-url="https://github.com/freebsd/freebsd-src/commit/10192e77cfacd1f27601882af61883be4d3ec58d/hovercard" \
href="https://github.com/freebsd/freebsd-src/commit/10192e77cfacd1f27601882af61883be4d3ec58d">freebsd/freebsd-src@<tt>10192e7</tt></a></p>
<p dir="auto">Kamailio falls after <code class="notranslate">loadmodule \
"app_lua.so"</code> in <code class="notranslate">kamailio.cfg</code>.</p> <h4 \
dir="auto">Debugging Data</h4> <pre class="notranslate"><code \
class="notranslate">root@server:/usr/jails/containers/kamailio/var/coredump/986# \
jexec kamailio lldb -c /var/coredump/986/kamailio.13521.core -- \
/usr/local/sbin/kamailio (lldb) target create "/usr/local/sbin/kamailio" --core \
"/var/coredump/986/kamailio.13521.core" Core file \
'/var/coredump/986/kamailio.13521.core' (x86_64) was loaded. (lldb) bt all
* thread #1, name = 'kamailio', stop reason = signal SIGSEGV
* frame #0: 0x0000000825b61350 libc.so.7`strncmp(s1=<unavailable>, \
s2=<unavailable>, n=<unavailable>) at strncmp.c:47:7 frame #1: \
0x00000000003fc394 kamailio`sr_kemi_modules_add(klist=0x0000000861afb410) at \
kemi.c:3392:8 frame #2: 0x0000000861ae6154 \
app_lua.so`mod_register(path="/usr/local/lib/kamailio/modules/app_lua.so", \
dlflags=0x0000000821805b48, p1=0x0000000000000000, p2=0x0000000000000000) at \
app_lua_mod.c:605:2 frame #3: 0x00000000005e4b30 \
kamailio`load_module(mod_path="app_lua.so") at sr_module.c:592:7 frame #4: \
0x0000000000885936 kamailio`yyparse at cfg.y:1965:8 frame #5: 0x00000000002ff384 \
kamailio`main(argc=7, argv=0x000000082180a848) at main.c:2506:6 frame #6: \
0x00000000002ddd90 kamailio`_start(ap=<unavailable>, \
cleanup=<unavailable>) at crt1_c.c:75:7 </code></pre>
<p dir="auto"><code class="notranslate">_sr_kemi_modules[].mname.s</code> for <code \
class="notranslate">app_lua</code> points to incorrect data after second call <code \
class="notranslate">mod_register()@app_lua_mod.c</code> from <code \
class="notranslate">load_module()@sr_module.c</code> (reloading the module for \
setting correct <code class="notranslate">dlflags</code>).</p> <h4 dir="auto">Log \
Messages</h4> <pre class="notranslate"><code class="notranslate">08:35:53.689647 \
DEBUG: <core> [core/cfg.y:1964]: yyparse(): loading module kemix.so \
08:35:53.689684 DEBUG: <core> [core/sr_module.c:516]: ksr_locate_module(): \
found module to load </usr/local/lib/kamailio/modules/kemix.so> 08:35:53.689698 \
DEBUG: <core> [core/sr_module.c:566]: load_module(): trying to load \
</usr/local/lib/kamailio/modules/kemix.so> 08:35:53.689796 DEBUG: <core> \
[core/kemi.c:3398]: sr_kemi_modules_add(): adding module: kx 08:35:53.689847 DEBUG: \
<core> [core/cfg.lex:2039]: pp_define(): defining id: MOD_kemix 08:35:53.689895 \
DEBUG: <core> [core/cfg.y:1964]: yyparse(): loading module app_lua.so \
08:35:53.689931 DEBUG: <core> [core/sr_module.c:516]: ksr_locate_module(): \
found module to load </usr/local/lib/kamailio/modules/app_lua.so> \
08:35:53.689948 DEBUG: <core> [core/sr_module.c:566]: load_module(): trying to \
load </usr/local/lib/kamailio/modules/app_lua.so> 08:35:53.690418 DEBUG: \
<core> [core/kemi.c:3494]: sr_kemi_eng_register(): registered config routing \
enginge [lua] 08:35:53.690444 DEBUG: <core> [core/kemi.c:3398]: \
sr_kemi_modules_add(): adding module: app_lua </code></pre>
<h3 dir="auto">Possible Solutions</h3>
<p dir="auto">Temporary solution is disabling ASLR, ex. FreeBSD:</p>
<pre class="notranslate"><code class="notranslate"># sysctl kern.elf64.aslr.enable=0
# sysctl kern.elf64.aslr.pie_enable=0
</code></pre>
<h3 dir="auto">Additional Information</h3>
<ul dir="auto">
<li><strong>Kamailio Version</strong> - output of <code class="notranslate">kamailio \
-v</code></li> </ul>
<pre class="notranslate"><code class="notranslate">version: kamailio 5.6.1 \
(x86_64/freebsd) b36a13
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, \
USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, \
DBG_SR_MEMORY, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, \
USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED ADAPTIVE_WAIT_LOOPS \
1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT \
PKG_SIZE 8MB poll method support: poll, select, kqueue.
id: b36a13
compiled on 08:12:34 Jul 27 2022 with cc FreeBSD clang version 14.0.5 \
(https://github.com/llvm/llvm-project.git llvmorg-14.0.5-0-gc12386ae247c) \
</code></pre> <p dir="auto">5.5.4 is affected too</p>
<ul dir="auto">
<li><strong>Operating System</strong>:</li>
</ul>
<pre class="notranslate"><code class="notranslate">FreeBSD 13/stable
</code></pre>
<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br \
/>Reply to this email directly, <a \
href="https://github.com/kamailio/kamailio/issues/3202">view it on GitHub</a>, or <a \
href="https://github.com/notifications/unsubscribe-auth/ABO7UZPHFBZTD6GIDOUVEM3VWD3RZANCNFSM54YZSKCA">unsubscribe</a>.<br \
/>You are receiving this because you are subscribed to this thread.<img \
src="https://github.com/notifications/beacon/ABO7UZIY4LPNWOGS4SK2KO3VWD3RZA5CNFSM54YZSKCKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4TVCECGA.gif" \
height="1" width="1" alt="" /><span style="color: transparent; font-size: 0; display: \
none; visibility: hidden; overflow: hidden; opacity: 0; width: 0; height: 0; \
max-width: 0; max-height: 0; mso-hide: all">Message ID: \
<span><kamailio/kamailio/issues/3202</span><span>@</span><span>github</span><span>.</span><span>com></span></span></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/kamailio/kamailio/issues/3202",
"url": "https://github.com/kamailio/kamailio/issues/3202",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>
_______________________________________________
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic