Bug 14537 - IP checksum calculation produces wrong result when compiled with gcc 10 and -O3 optimization
Summary: IP checksum calculation produces wrong result when compiled with gcc 10 and -...
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: CTDB (show other bugs)
Version: 4.12.8
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-10-20 07:15 UTC by Amitay Isaacs
Modified: 2020-11-19 09:53 UTC (History)
2 users (show)

See Also:


Attachments
Patch for v4-13, v4-12 and v4-11 (4.20 KB, patch)
2020-10-28 04:54 UTC, Amitay Isaacs
martins: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Amitay Isaacs 2020-10-20 07:15:04 UTC
This is evident from the test failure:

$ ./tests/run_tests.sh tests/UNIT/cunit/system_socket_test_002.sh 
--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--
Running test tests/UNIT/cunit/system_socket_test_002.sh (18:13:58)
--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--
==================================================
Running "system_socket_test tcp 192.168.1.25:445 192.168.2.75:54321 0 0 0"
--------------------------------------------------
Output (Exit status: 0):
--------------------------------------------------
000000 45 00 00 08 00 00 00 00 ff 06 00 00 c0 a8 01 19
000010 c0 a8 02 4b 01 bd d4 31 00 00 00 00 00 00 00 00
000020 50 10 04 d2 d5 14 00 00
000028
--------------------------------------------------
Required output (Exit status: 0):
--------------------------------------------------
000000 45 00 00 08 00 00 00 00 ff 06 00 00 c0 a8 01 19
000010 c0 a8 02 4b 01 bd d4 31 00 00 00 00 00 00 00 00
000020 50 10 04 d2 50 5f 00 00
000028

FAILED
==========================================================================
TEST FAILED: tests/UNIT/cunit/system_socket_test_002.sh (status 1) (duration: 0s)
==========================================================================

*FAILED*   tests/UNIT/cunit/system_socket_test_002.sh
Comment 1 Samba QA Contact 2020-10-21 05:53:18 UTC
This bug was referenced in samba master:

6aa396b0cd1f83f45cb76a4f3123d99135e8dd8c
Comment 2 Amitay Isaacs 2020-10-28 04:54:57 UTC
Created attachment 16315 [details]
Patch for v4-13, v4-12 and v4-11
Comment 3 Martin Schwenke 2020-10-28 10:18:41 UTC
Hi Karolin,

This is ready for 4.13 and 4.12.  It also applies to 4.11.

We understand that 4.11 is security only.  This is an annoying bug because it is only exposed by the most recent versions of gcc.  If anyone compiles with these versions then the previously working code will silently generate incorrect packets that might be dropped, causing unexpected results.  However, if security-only is security-only then we understand.  :-)

Thanks...
Comment 4 Karolin Seeger 2020-10-30 12:24:20 UTC
(In reply to Martin Schwenke from comment #3)
Pushed to autobuild-v4-{13,12}-test.
Thinking of another 4.11 release.
Maybe others would like to comment?
Comment 5 Samba QA Contact 2020-10-30 13:54:22 UTC
This bug was referenced in samba v4-13-test:

6521b0ff5e23dea526f3c0cf9c5843bbb07adcec
Comment 6 Samba QA Contact 2020-10-30 15:25:16 UTC
This bug was referenced in samba v4-12-test:

7e955ca5cf91a3cfdc53132c362de0b6c4ffa64b
Comment 7 Amitay Isaacs 2020-11-02 05:51:28 UTC
(In reply to Karolin Seeger from comment #4)

If a compiler version can generate wrong code (for whatever reason), then it definitely needs fixing in the currently supported releases.  It's actually worse than a security issue because correctness of the program is affected.

I think this patch must be added to 4.11 as long as it's a supported release.
Comment 8 Karolin Seeger 2020-11-03 07:52:51 UTC
(In reply to Amitay Isaacs from comment #7)
Hi Amitay,
ok, thanks for clarifying!
There will be a 4.11 bugfix release asap.
Comment 9 Karolin Seeger 2020-11-03 07:57:38 UTC
Pushed to autobuild-v4-11-test.
Comment 10 Samba QA Contact 2020-11-03 11:31:05 UTC
This bug was referenced in samba v4-11-test:

4352c99b18ff4d89de53927a8f07634f3abd94cf
Comment 11 Samba QA Contact 2020-11-03 12:36:57 UTC
This bug was referenced in samba v4-13-stable (Release samba-4.13.2):

6521b0ff5e23dea526f3c0cf9c5843bbb07adcec
Comment 12 Andrew Bartlett 2020-11-03 22:29:33 UTC
Is there a good reason this is embargoed, particularly now it is shipped?

Otherwise we should remove the samba-team and vendors only restriction.
Comment 13 Samba QA Contact 2020-11-04 10:34:32 UTC
This bug was referenced in samba v4-11-stable (Release samba-4.11.16):

4352c99b18ff4d89de53927a8f07634f3abd94cf
Comment 14 Samba QA Contact 2020-11-05 10:02:22 UTC
This bug was referenced in samba v4-12-stable (Release samba-4.12.10):

7e955ca5cf91a3cfdc53132c362de0b6c4ffa64b
Comment 15 Karolin Seeger 2020-11-05 10:52:13 UTC
(In reply to Andrew Bartlett from comment #12)
Re-assigning to Amitay to answer this question.
Comment 16 Amitay Isaacs 2020-11-05 22:25:48 UTC
(In reply to Karolin Seeger from comment #15)

There is no reason for embargo on this one as this is not a security issue.  We can definitely remove the samba-team and vendor restrictions.  People definitely need to know about this defect to avoid non-working ctdb if compiled with gcc 10.
Comment 17 Amitay Isaacs 2020-11-11 05:30:07 UTC
Hi Karolin,

Re-assigning this to you, so you can close it when the backport process is complete.

Thanks.

Amitay.