<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:宋体;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:等线;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@宋体";
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"\@等线";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
text-align:justify;
font-size:10.5pt;
font-family:等线;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:宋体;}
span.EmailStyle18
{mso-style-type:personal;
font-family:等线;
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal;
font-family:等线;
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:等线;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="ZH-CN" link="#0563C1" vlink="#954F72" style="text-justify-trim:punctuation">
<div class="WordSection1">
<p class="MsoNormal" align="left" style="text-align:left"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Hi Anderson,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">I want to introduce a patch to your crash tool project. It</span>’<span lang="EN-US">s a bugfix for a segfault in setup_ikconfig.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">We add an ikconfig entry only if ent[0] != '#', it is not an advisable condition because there is a potential segfault risk if ent is gibberish.
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">I explain the reproducing steps about this segfault case:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">I try to apply the following patch to crash 7.2.6++ code for a test.
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">--- a/arm64.c<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+++ b/arm64.c<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">@@ -32,6 +32,7 @@ static int verify_kimage_voffset(void);<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">static void arm64_calc_kimage_voffset(void);<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">static void arm64_calc_phys_offset(void);<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">static void arm64_calc_virtual_memory_ranges(void);<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+static void arm64_get_section_size_bits(void);<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">static int arm64_kdump_phys_base(ulong *);<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">static ulong arm64_processor_speed(void);<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">static void arm64_init_kernel_pgd(void);<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">@@ -375,7 +376,11 @@ arm64_init(int when)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> case POST_GDB:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> arm64_calc_virtual_memory_ranges();<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">- machdep->section_size_bits = _SECTION_SIZE_BITS;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ arm64_get_section_size_bits();<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ if (CRASHDEBUG(1)) {<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ fprintf(fp, "SECTION_SIZE_BITS: %ld\n", machdep->section_size_bits);<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ }<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> if (!machdep->max_physmem_bits) {<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> if ((string = pc->read_vmcoreinfo("NUMBER(MAX_PHYSMEM_BITS)"))) {<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> machdep->max_physmem_bits = atol(string);<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">@@ -1055,6 +1060,32 @@ arm64_calc_phys_offset(void)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> fprintf(fp, "using %lx as phys_offset\n", ms->phys_offset);<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">}<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+/*<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ * Determine SECTION_SIZE_BITS either by reading VMCOREINFO or the kernel<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ * config, otherwise borrow the 64-bit ARM default definiton.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ */<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+static void<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+arm64_get_section_size_bits(void)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+{<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ int ret;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ char *string;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ if ((string = pc->read_vmcoreinfo("NUMBER(SECTION_SIZE_BITS)"))) {<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ machdep->section_size_bits = atol(string);<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ free(string);<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ return;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ }<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ if ((ret = get_kernel_config("CONFIG_MEMORY_HOTPLUG", NULL)) == IKCONFIG_Y) {<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ if ((ret = get_kernel_config("CONFIG_HOTPLUG_SIZE_BITS", &string)) == IKCONFIG_STR) {<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ machdep->section_size_bits = atol(string);<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ free(string);<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ return;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ }<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ } else {<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ machdep->section_size_bits = _SECTION_SIZE_BITS;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ }<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+}<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Then I make and load the dumpfiles by crash, it occurs a segment fault as below:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:red">crash[31000]: segfault at 0 ip 00007f0fb24d98d1 sp 00007fff1703f7e8 error 4 in libc-2.26.so[7f0fb235b000+1d6000]<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">So I add debug to find out the segfault reason, It occurred in setup_ikconfig-> add_ikconfig_entry.
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">add_ikconfig_entry: </span><span lang="EN-US" style="font-family:"Times New Roman",serif">▒▒▒</span><span lang="EN-US">U //<span style="color:red">The last ent is a gibberish, lead to segfault</span><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">I think the most advisable judgement is if an ikconfig entry start with "CONFIG_". I debug by the following patch and never reproduce segfault again.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">diff --git a/kernel.c b/kernel.c<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">index 7804aef..d023c87 100644<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">--- a/kernel.c<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+++ b/kernel.c<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">@@ -10144,7 +10144,7 @@ static int setup_ikconfig(char *config)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> while (whitespace(*ent))<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> ent++;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">- if (ent[0] != '#') {<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ <span style="color:red">if (!strncmp(ent, "CONFIG_", strlen("CONFIG_")))
</span>{<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> add_ikconfig_entry(ent,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> &ikconfig_all[kt->ikconfig_ents++]);<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> if (kt->ikconfig_ents == IKCONFIG_MAX) {<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Thanks for your review. I</span>’<span lang="EN-US">m looking forward to your favourable reply!<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Times New Roman",serif;color:black">Best regards,
</span><span lang="EN-US" style="font-size:12.0pt;font-family:"Calibri",sans-serif;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Times New Roman",serif;color:black">Qiwu</span><span lang="EN-US" style="font-family:"Calibri",sans-serif;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
#/******本邮件及其附件含有小米公司的保密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制、或散发)本邮件中的信息。如果您错收了本邮件,请您立即电话或邮件通知发件人并删除本邮件! This e-mail and its attachments contain confidential information from XIAOMI, which is intended only for the person or entity whose address
is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in
error, please notify the sender by phone or email immediately and delete it!******/#
</body>
</html>