[Crash-utility] [PATCH] Fix a segfault in setup_ikconfig.
anderson at prospeed.net
anderson at prospeed.net
Sat Sep 7 17:58:48 UTC 2019
Hello Qiwu,
I will be out of the office until Monday September 16th. I'll
review your 2 patches at that time.
Thanks,
Dave
>
> Hi Anderson,
> I want to introduce a patch to your crash tool project. Itâs a bugfix
> for a segfault in setup_ikconfig.
> We add an ikconfig entry only if ent[0] != '#', it is not an advisable
> condition because there is a potential segfault risk if ent is gibberish.
> I explain the reproducing steps about this segfault case:
> I try to apply the following patch to crash 7.2.6++ code for a test.
> --- a/arm64.c
> +++ b/arm64.c
> @@ -32,6 +32,7 @@ static int verify_kimage_voffset(void);
> static void arm64_calc_kimage_voffset(void);
> static void arm64_calc_phys_offset(void);
> static void arm64_calc_virtual_memory_ranges(void);
> +static void arm64_get_section_size_bits(void);
> static int arm64_kdump_phys_base(ulong *);
> static ulong arm64_processor_speed(void);
> static void arm64_init_kernel_pgd(void);
> @@ -375,7 +376,11 @@ arm64_init(int when)
>
> case POST_GDB:
> arm64_calc_virtual_memory_ranges();
> - machdep->section_size_bits = _SECTION_SIZE_BITS;
> + arm64_get_section_size_bits();
> + if (CRASHDEBUG(1)) {
> + fprintf(fp, "SECTION_SIZE_BITS: %ld\n",
> machdep->section_size_bits);
> + }
> +
> if (!machdep->max_physmem_bits) {
> if ((string =
> pc->read_vmcoreinfo("NUMBER(MAX_PHYSMEM_BITS)")))
> {
> machdep->max_physmem_bits = atol(string);
> @@ -1055,6 +1060,32 @@ arm64_calc_phys_offset(void)
> fprintf(fp, "using %lx as phys_offset\n",
> ms->phys_offset);
> }
>
> +/*
> + * Determine SECTION_SIZE_BITS either by reading VMCOREINFO or the
> kernel
> + * config, otherwise borrow the 64-bit ARM default definiton.
> + */
> +static void
> +arm64_get_section_size_bits(void)
> +{
> + int ret;
> + char *string;
> +
> + if ((string = pc->read_vmcoreinfo("NUMBER(SECTION_SIZE_BITS)")))
> {
> + machdep->section_size_bits = atol(string);
> + free(string);
> + return;
> + }
> +
> + if ((ret = get_kernel_config("CONFIG_MEMORY_HOTPLUG", NULL)) ==
> IKCONFIG_Y) {
> + if ((ret = get_kernel_config("CONFIG_HOTPLUG_SIZE_BITS",
> &string)) == IKCONFIG_STR) {
> + machdep->section_size_bits = atol(string);
> + free(string);
> + return;
> + }
> + } else {
> + machdep->section_size_bits = _SECTION_SIZE_BITS;
> + }
> +}
>
> Then I make and load the dumpfiles by crash, it occurs a segment fault as
> below:
> crash[31000]: segfault at 0 ip 00007f0fb24d98d1 sp 00007fff1703f7e8 error
> 4 in libc-2.26.so[7f0fb235b000+1d6000]
>
> So I add debug to find out the segfault reason, It occurred in
> setup_ikconfig-> add_ikconfig_entry.
> add_ikconfig_entry: âââU //The last ent is a
> gibberish, lead to segfault
>
> I think the most advisable judgement is if an ikconfig entry start with
> "CONFIG_". I debug by the following patch and never reproduce segfault
> again.
> diff --git a/kernel.c b/kernel.c
> index 7804aef..d023c87 100644
> --- a/kernel.c
> +++ b/kernel.c
> @@ -10144,7 +10144,7 @@ static int setup_ikconfig(char *config)
> while (whitespace(*ent))
> ent++;
>
> - if (ent[0] != '#') {
> + if (!strncmp(ent, "CONFIG_", strlen("CONFIG_"))) {
> add_ikconfig_entry(ent,
> &ikconfig_all[kt->ikconfig_ents++]);
> if (kt->ikconfig_ents == IKCONFIG_MAX) {
>
> Thanks for your review. Iâm looking forward to your favourable reply!
>
> Best regards,
> Qiwu
>
>
>
>
> #/******æ¬é®ä»¶åå
¶é件å«æå°ç±³å
¬å¸çä¿å¯ä¿¡æ¯ï¼ä»
éäºåéç»ä¸é¢å°åä¸ååºç个人æ群ç»ãç¦æ¢ä»»ä½å
¶ä»äººä»¥ä»»ä½å½¢å¼ä½¿ç¨ï¼å
æ¬ä½ä¸éäºå
¨é¨æé¨åå°æ³é²ãå¤å¶ãææ£åï¼æ¬é®ä»¶ä¸çä¿¡æ¯ãå¦ææ¨éæ¶äºæ¬é®ä»¶ï¼è¯·æ¨ç«å³çµè¯æé®ä»¶éç¥å件人并å é¤æ¬é®ä»¶ï¼
> This e-mail and its attachments contain confidential information from
> XIAOMI, which is intended only for the person or entity whose address is
> listed above. Any use of the information contained herein in any way
> (including, but not limited to, total or partial disclosure, reproduction,
> or dissemination) by persons other than the intended recipient(s) is
> prohibited. If you receive this e-mail in error, please notify the sender
> by phone or email immediately and delete it!******/#
> --
> Crash-utility mailing list
> Crash-utility at redhat.com
> https://www.redhat.com/mailman/listinfo/crash-utility
More information about the Crash-utility
mailing list