Bug 12696

Created attachment 4968 [details]
gdb trace (broken kwrite with nvidia current 325.15)

Created attachment 4969 [details]
last lines gdb bt full (broken kwrite with nvidia current 325.15)

The p11 code is buggy.

mmap man page:
On error, the value MAP_FAILED (that is, (void *) -1) is returned, and errno is set appropriately.

The code does:
        map->data = mmap (NULL, map->size, PROT_READ, MAP_PRIVATE, map->fd, 0);
        if (map->data == NULL) {
                close (map->fd);
                free (map);
                return NULL;
        }

        *data = map->data;
        *size = map->size;
        return map;

But map->data will never be NULL, it will be either the address or -1.

When the file is empty, mmap fails but it doesn't notice and will try to munmap(-1, 0) later.

Not sure what happen next, maybe some signal is triggered and then we hit the famous "nvidia driver breaks signals".

I submitted p11-kit-0.20.1-4.mga5 to cauldron with a patch

Patch applied for mga4 too, submitted into updates_testing.

CC: (none) => mageia

Package in updates_testing for Mageia 4: p11-kit-0.20.1-3.1.mga4

CC: (none) => stormi

Rpms in updates_testing for Mageia 4, from the SRPM mentioned at comment #6:

p11-kit-0.20.1-3.1.mga4.i586.rpm
lib{,64}p11-kit0-0.20.1-3.1.mga4.i586.rpm
lib{,64}p11-kit-devel-0.20.1-3.1.mga4.i586.rpm
p11-kit-trust-0.20.1-3.1.mga4.i586.rpm

Wow I was expecting someone to test before preparing an update :)

Well, it's not a bad idea to test in Mageia 4 where the userbase is bigger :)

It was not handled to QA yet.

(In reply to Pascal Terjan from comment #8)
> Wow I was expecting someone to test before preparing an update :)

Well, it's updates_testing, how do you test if you don't have anything to test with? ;) Now they have :P

(In reply to Pascal Terjan from comment #4)
> I submitted p11-kit-0.20.1-4.mga5 to cauldron with a patch

I confirm that it fixes the issue in Cauldron (at least for digikam, I had no issue prior to the update with kate or kwrite).

CC: (none) => remi

(In reply to Pascal Terjan from comment #4)
> I submitted p11-kit-0.20.1-4.mga5 to cauldron with a patch

The patch fixes the issue, but now a warning appears (at least when using urpmf and urpmq), and it can be pretty annoying:

[akien@cauldron ~]$ urpmq -i null
p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Invalid argument

[akien@cauldron ~]$ urpmf /dev/null
p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Invalid argument
p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Invalid argument
iraf:/usr/lib6/iraf/dev/null
bind:/var/lib/named/dev/null
p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Invalid argument
p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Invalid argument
p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Invalid argument
p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Invalid argument
p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Invalid argument

Yes the empty config file is invalid, we should not create it.

p11-kit contains pkcs11.conf.example (http://svnweb.mageia.org/packages/cauldron/p11-kit/current/SPECS/p11-kit.spec?revision=587833&view=markup#l95)

It should be safe to install this one as pkcs11.conf - but this won't fix the problem for current users as if I'm correct urpmi will install new conf as conf.rpmnew. Tho' patch from Pascal will probably fix the major problem, the annoying message will remain until users replace the faulty conf file.

I can think of 2 solutions:

1/
- no longer marking it as ghost
- removing the posttrans
- having a pretrans removing the file if empty
- shipping the example as the config file

2/
- no longer marking it as ghost
- removing the posttrans
- having a pretrans removing the file if empty
- not ship a config file


In the first case, people who modify it and remove the package will have it renamed as rpmsave. In the second case, people who create the config file will have it staying around.

I'd probably go with the first option as there seems to be no way to remove it :) You may try but AFAIK urpme won't let you :)

Removal in pretrans is unneeded, rpm knows if the file is unmodified and replaces it silently with the new one. Same applies if we decide to not ship .conf file at all, rpm silently removes the file if it's unmodified.

I think in most cases the file is untouched. And if it's not, then one did most probably know what he/she was doing.

Except that it is currently a ghost file, meaning that rpm does not track its md5 and has no idea if it is modified.

Ah, yes. Did some local testing and if we don't ship the config file at all, pretrans is needed. If we use the example as new config, it works without removal in pretrans.

However, we can play on safe side and use removal in pretrans just to be sure.

One mere spam: I'd vote for solution 1.

@Pascal, many thanks for the help and the patch.
to remove the empty config file in pretrans,
if [ -f /etc/pkcs11/pkcs11.conf -a ! -s /etc/pkcs11/pkcs11.conf ]; then
    rm -f /etc/pkcs11/pkcs11.conf
fi
should to the trick ?

Between the 2 solutions, I don't have a strong opinion; 2/ strictly follows the upstream install, 1/ is fine too.

Yes that looks correct

Patch sent upstream https://bugs.freedesktop.org/show_bug.cgi?id=74773

I submitted p11-kit-0.20.1-5.mga5 in cauldron and p11-kit-0.20.1-3.2.mga4 in 4/updates_testing, using solution 1/ from comment 15. Please review.
http://svnweb.mageia.org/packages?view=revision&revision=589572
http://svnweb.mageia.org/packages?view=revision&revision=589576

We can start to test them.
When it seems OK, I'll write advisory, RPMs list, ... for QA.

Looks good, thanks!

I confirm that the package in Cauldron fixes the issue, and there is no annoying warning anymore. Will soon test mga4 i586.

Yesterday, I forgot to remove "Requires(posttrans): rpm-helper" after the posttrans removal. Fixed in p11-kit-0.20.1-6.mga5 in cauldron and p11-kit-0.20.1-3.3.mga4.

Updated packages in mga 4 core/updates_testing:

SRPM
p11-kit-0.20.1-3.3.mga4.src.rpm

i586
p11-kit-0.20.1-3.3.mga4.i586.rpm
p11-kit-trust-0.20.1-3.3.mga4.i586.rpm
libp11-kit0-0.20.1-3.3.mga4.i586.rpm
libp11-kit-devel-0.20.1-3.3.mga4.i586.rpm

x86_64
p11-kit-0.20.1-3.3.mga4.x86_64.rpm
p11-kit-trust-0.20.1-3.3.mga4.x86_64.rpm
lib64p11-kit0-0.20.1-3.3.mga4.x86_64.rpm
lib64p11-kit-devel-0.20.1-3.3.mga4.x86_64.rpm

========================================

Suggested advisory:

This update fixes a bug in p11-kit that prevents many applications (kwrite, kdenlive, digikam, xbmc, claws-mail, ...) to start and run properly, mainly when using the Nvidia drivers (mga#12696, mga#11193, mga#11666, mga#11946, mga#12021).

References:
- https://bugs.mageia.org/show_bug.cgi?id=12696
- https://bugs.freedesktop.org/show_bug.cgi?id=74773

========================================

Testing procedures:

The updated packages provides 2 fixes:
- it replaces our previous empty and so invalid config file /etc/pkcs11/pkcs11.conf by a valid one, 
- even in case of empty /etc/pkcs11/pkcs11.conf, the library (lib64p11-kit0) now handles properly this case of empty file (patch from Pascal Terjan).

Some tests could be done on every systems:
- an empty /etc/pkcs11/pkcs11.conf (installed by default by p11-kit-0.20.1-3.mga4.x86_64.rpm and not modified) is replaced by a valid config file non empty,
- if /etc/pkcs11/pkcs11.conf was modified by users (= not empty anymore), it stays unchanged.

Some tests must be done on systems with nvidia video card using nvidia drivers:
- previously kwrite, kdenlive, digikam, xbmc, claws-mail, ... doesn't start,
- now they start and run.

URL: (none) => https://bugs.freedesktop.org/show_bug.cgi?id=74773
Assignee: bugsquad => qa-bugs

Thanks Luc

Whiteboard: (none) => has_procedure

Upstream adapted my patch to also accept empty files:

https://bugs.freedesktop.org/attachment.cgi?id=93989

Testing complete on Mageia 4 i586. I could test against some applications that would not run prior to the update and now work great with nvidia GPU. I also checked that the handling of /etc/pkcs11/pkcs11.conf is done as described in comment 28.

Whiteboard: has_procedure => has_procedure MGA4-32-OK

Mag 4 Testing on real 64-bit hardware, but NO nvidia graphics. OK with this constraint.
I never had problems with any of the applications cited.

From comment 28:
> Some tests could be done on every systems:
> - an empty /etc/pkcs11/pkcs11.conf (installed by default by p11-kit-0.20.1-3.mga4.x86_64.rpm and not modified) is replaced by a valid config file non empty

Confirmed.
Before: p11-kit-0.20.1-3.mga4
        lib64p11-kit0-0.20.1-3.mga4
ls -l /etc/pkcs11/
drwxr-xr-x 2 root root 4096 Hyd  29 00:47 modules/
-rw-r--r-- 1 root root    0 Chw   7 11:02 pkcs11.conf    <<<
-rw-r--r-- 1 root root  390 Hyd  29 00:47 pkcs11.conf.example

After: p11-kit-0.20.1-3.3.mga4
       lib64p11-kit0-0.20.1-3.3.mga4
ls -l /etc/pkcs11/
drwxr-xr-x 2 root root 4096 Chw  12 22:53 modules/
-rw-r--r-- 1 root root  390 Chw  12 22:53 pkcs11.conf    <<<

Not enough for mga4-64-ok, but should help.

CC: (none) => lewyssmith

Attempting to update this x86_64 gave the following warning:

The following packages have to be removed for others to be upgraded:

libcups2-1.7.0-7.mga4.i586
 (due to missing libgnutls.so.28)
libgnutls28-3.2.7-1.mga4.i586
 (due to missing libp11-kit.so.0)
libgtk+-x11-2.0_0-2.24.22-3.mga4.i586
 (due to unsatisfied libgtk+2.0_0 == 2.24.22)
libgtk+2.0_0-2.24.22-3.mga4.i586
 (due to missing libcups.so.2,
  due to missing libgtk-x11-2.0.so.0,
  due to missing libgdk-x11-2.0.so.0)
liboxygen-gtk-1.4.2-0.rc1.1.mga4.i586
 (due to missing libgtk-x11-2.0.so.0,
  due to missing libgdk-x11-2.0.so.0)
libp11-kit0-0.20.1-3.mga4.i586
 (due to unsatisfied p11-kit == 0.20.1-3.mga4)

CC: (none) => wrw105

(In reply to Bill Wilkinson from comment #33)
> Attempting to update this x86_64 gave the following warning:
> 
> The following packages have to be removed for others to be upgraded:
> 
> libcups2-1.7.0-7.mga4.i586
>  (due to missing libgnutls.so.28)
> libgnutls28-3.2.7-1.mga4.i586
>  (due to missing libp11-kit.so.0)
> libgtk+-x11-2.0_0-2.24.22-3.mga4.i586
>  (due to unsatisfied libgtk+2.0_0 == 2.24.22)
> libgtk+2.0_0-2.24.22-3.mga4.i586
>  (due to missing libcups.so.2,
>   due to missing libgtk-x11-2.0.so.0,
>   due to missing libgdk-x11-2.0.so.0)
> liboxygen-gtk-1.4.2-0.rc1.1.mga4.i586
>  (due to missing libgtk-x11-2.0.so.0,
>   due to missing libgdk-x11-2.0.so.0)
> libp11-kit0-0.20.1-3.mga4.i586
>  (due to unsatisfied p11-kit == 0.20.1-3.mga4)


you need to select the x86_64 packages, not the i586 ones during testing on x86_64

So far so good in MGA4 64 but I don't want to say testing complete yet, because I don't know what that package does at all in my system, and almost every package depends on it directly or indirectly :)

Any clues about what I could check?

It does fix the nvidia issue, though.

(In reply to Thomas Backlund from comment #34)
> (In reply to Bill Wilkinson from comment #33)
> > Attempting to update this x86_64 gave the following warning:
> > 
> > The following packages have to be removed for others to be upgraded:
> > 
> > libcups2-1.7.0-7.mga4.i586
> >  (due to missing libgnutls.so.28)
> > libgnutls28-3.2.7-1.mga4.i586
> >  (due to missing libp11-kit.so.0)
> > libgtk+-x11-2.0_0-2.24.22-3.mga4.i586
> >  (due to unsatisfied libgtk+2.0_0 == 2.24.22)
> > libgtk+2.0_0-2.24.22-3.mga4.i586
> >  (due to missing libcups.so.2,
> >   due to missing libgtk-x11-2.0.so.0,
> >   due to missing libgdk-x11-2.0.so.0)
> > liboxygen-gtk-1.4.2-0.rc1.1.mga4.i586
> >  (due to missing libgtk-x11-2.0.so.0,
> >   due to missing libgdk-x11-2.0.so.0)
> > libp11-kit0-0.20.1-3.mga4.i586
> >  (due to unsatisfied p11-kit == 0.20.1-3.mga4)
> 
> 
> you need to select the x86_64 packages, not the i586 ones during testing on
> x86_64

Hum, the 32 bit library libp11-kit0-0.20.1-3.mga4.i586 is installed on this x86_64 system.
In order to update, you should update at the same time p11-kit-0.20.1-3.3.mga4.x86_64, and 32 bit and 64 bit libraries libp11-kit0-0.20.1-3.3.mga4.i586 and lib64p11-kit0-0.20.1-3.3.mga4.x86_64.

(In reply to Pascal Terjan from comment #30)
> Upstream adapted my patch to also accept empty files:
> 
> https://bugs.freedesktop.org/attachment.cgi?id=93989

I will use this upstream patch in cauldron.

For mga4, as QA team have already started the tests of the updated packages, I think it's better to stay with the current patch (from pterjan). WDYT? QA team?

I believe it's fine, the only difference will be the message if people create an empty configuration file themselves which is very unlikely.

(In reply to Samuel VERSCHELDE from comment #35)

> 
> Any clues about what I could check?

sorry, personally I can't help much regarding this question.
testing that 'p11-kit list-modules' still works ?

Tested on x86_64 with nvidia 304 video.

Prior to update, kwrite does not open.
After update, kwrite, kate, kdenlive, digikam all open, kdewallet ok.

If we need to push out quickly, feel free to OK, otherwise I'll give it some time for others to test.

I've tested it too on Mageia 4 x86_64 with nvidia-current through bumblebee.

--

Validating update. Advisory has been uploaded. Please push to 4 core/updates.

Keywords: (none) => validated_update
Whiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK MGA4-64-OK advisory
CC: (none) => sysadmin-bugs

Update pushed:
http://advisories.mageia.org/MGAA-2014-0047.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

I can't use the nvidia driver itself, but deleting the empty pkcs11.conf fixed the bug while the nvidia driver was installed but not being used (on Mga4 i586.)

CC: (none) => laidlaws