SEGV로 인해 Tang 실패

tag-icon tag-icon segmentation-fault
SEGV로 인해 Tang 실패

Tang 서버가 있습니다(U자형 클립/탱) Linux 컨테이너(LXD)에서.

tangd.socket 구성에 따르면 tangd 서버는 TCP 포트 80을 통해 연결을 수신할 때 시작됩니다.

root@tang2:~# systemctl cat tangd.socket
# /lib/systemd/system/tangd.socket
[Unit]
Description=Tang Server socket
Requires=tangd-update.service
Requires=tangd-update.path
After=tangd-update.service

[Socket]
ListenStream=80
Accept=true

[Install]
WantedBy=multi-user.target

연결 시 서버가 시작되지만 분할 오류로 인해 즉시 종료됩니다.

Jan 21 16:10:19 tang2 systemd[1]: Started Tang Server (10.0.0.122:50186).
Jan 21 16:10:19 tang2 systemd[1]: [email protected]:80-10.0.0.122:50186.service: Main process exited, code=killed, status=11/SEGV
Jan 21 16:10:19 tang2 systemd[1]: [email protected]:80-10.0.0.122:50186.service: Failed with result 'signal'.

컨테이너에 충분한 여유 메모리가 있는 것 같습니다.

root@tang2:~# free -h
              total        used        free      shared  buff/cache   available
Mem:          7.8Gi        32Mi       7.6Gi       6.0Mi       184Mi       7.8Gi
Swap:            0B          0B          0B

추가 정보:

root@tang2:~# ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 31790
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1048576
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) unlimited
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

SO는 Debian Linux 10(Buster)입니다.

root@tang2:~# cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

탕바오 정보:

Package: tang
Version: 7-1+deb10u1
State: installed
Automatically installed: no
Priority: optional
Section: net
Maintainer: Christoph Biedl <[email protected]>
Architecture: amd64
Uncompressed Size: 66.6 k
Depends: libc6 (>= 2.8), libhttp-parser2.8 (>= 2.1), libjansson4 (>= 2.10~), libjose0 (>= 10), jose
Description: network-based cryptographic binding server
 Tang is a service for binding cryptographic keys to network presence. It offers a secure, stateless, anonymous
 alternative to key escrow services.
Homepage: https://github.com/latchset/tang

root@tang2:~# ldd /usr/lib/x86_64-linux-gnu/tangd
        linux-vdso.so.1 (0x00007fffb88f6000)
        libjose.so.0 => /usr/lib/x86_64-linux-gnu/libjose.so.0 (0x00007f1df6639000)
        libjansson.so.4 => /usr/lib/x86_64-linux-gnu/libjansson.so.4 (0x00007f1df662a000)
        libhttp_parser.so.2.8 => /usr/lib/x86_64-linux-gnu/libhttp_parser.so.2.8 (0x00007f1df661f000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f1df645e000)
        libcrypto.so.1.1 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007f1df6175000)
        libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f1df5f57000)
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f1df5f34000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f1df6864000)
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f1df5f2f000)

Telnet을 사용하여 Tang 서버에 연결하고 서버를 추적해 보았습니다.

root@tang2:~# telnet localhost 80
Trying ::1...
Connected to localhost.
Escape character is '^]'.
GET /adv HTTP/1.0
Connection closed by foreign host.

이것은 추적 출력입니다.

root@tang2:~# ps ax|grep tang
  995 ?        Ss     0:00 /usr/lib/x86_64-linux-gnu/tangd /var/cache/tang
  997 pts/2    S+     0:00 grep tang
root@tang2:~# strace -f -p 995
strace: Process 995 attached
read(0, "GET /adv HTTP/1.0\r\n", 4095)  = 19
--- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} ---
+++ killed by SIGSEGV +++

tangd 서버가 왜 죽었는지 아시나요?

다음은 실행 중인 Tang 서버의 추적입니다.

read(0, "GET /adv HTTP/1.0\r\n", 4095)  = 19
read(0, "\r\n", 4095)                   = 2
write(2, "::1 GET /adv", 12)            = 12
open("/var/cache/tang/default.jws", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=956, ...}) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=956, ...}) = 0
read(3, "{\"payload\":\"eyJrZXlzIjpbeyJhbGci"..., 4096) = 956
write(2, " => 200 (src/tangd.c:85)\n", 25) = 25
fstat(1, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lseek(1, 0, SEEK_CUR)                   = -1 ESPIPE (Illegal seek)
write(1, "HTTP/1.1 200 OK\r\n", 17)     = 17
fstat(1, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lseek(1, 0, SEEK_CUR)                   = -1 ESPIPE (Illegal seek)
write(1, "Content-Type: application/jose+j"..., 1016) = 1016
close(3)                                = 0
read(0, "\r\n", 4095)                   = 2
read(0, "", 4095)                       = 0
exit_group(0)                           = ?
+++ exited with 0 +++

인사,

답변1

좋아요, 그래서 시스템을 Buster에서 Bullseye로 업데이트했고 tangd 서버가 작동하기 시작했습니다. 아마도 이전 버전의 Buster tangd에는 일부 버그가 있을 수 있습니다.

관련 정보