[Crash-utility] [PATCH] netdump: bugfix for read elf header

Mon Nov 30 12:28:30 UTC 2020

Hi,

Am 30.11.20 um 11:56 schrieb Qianli Zhao:
> From: Qianli Zhao <zhaoqianli at xiaomi.com>
> 
> Without the patch,errors may occur in reading the ELF header,
> causing the parsing to fail.
> 
> Signed-off-by: Qianli Zhao <zhaoqianli at xiaomi.com>
> ---
> When i use crash to parsing a kdump,i got below error.
> This error occurs because of the read header less then SAFE_NETDUMP_ELF_HEADER_SIZE,
> But can read MIN_NETDUMP_ELF_HEADER_SIZE bytes from the file correctly.
> this issue is introduced due to commit:f42db6a33f0e0652df7cce8506352745b4794287
> 
> crash 7.2.9
> Copyright (C) 2002-2020  Red Hat, Inc.
> Copyright (C) 2004, 2005, 2006, 2010  IBM Corporation
> Copyright (C) 1999-2006  Hewlett-Packard Co
> Copyright (C) 2005, 2006, 2011, 2012  Fujitsu Limited
> Copyright (C) 2006, 2007  VA Linux Systems Japan K.K.
> Copyright (C) 2005, 2011  NEC Corporation
> Copyright (C) 1999, 2002, 2007  Silicon Graphics, Inc.
> Copyright (C) 1999, 2000, 2001, 2002  Mission Critical Linux, Inc.
> This program is free software, covered by the GNU General Public License,
> and you are welcome to change it and/or distribute copies of it under
> certain conditions.  Enter "help copying" to see the conditions.
> This program has absolutely no warranty.  Enter "help warranty" for details.
>  

> /var/tmp/ramdump_elf_B2R4cQ: ELF header read: No such file or directory
> crash: malformed ELF file: /var/tmp/ramdump_elf_B2R4cQ

This looks like an error to me. According to the above errno value, you
tried to read a file that's not there? But maybe it's just a stall errno
value as we don't reset it prior to calling read(). To clarify, can you
please provide the output of running 'strace crash ....'?

> 
> Usage:
> 
>   crash [OPTION]... NAMELIST MEMORY-IMAGE[@ADDRESS]	(dumpfile form)
>   crash [OPTION]... [NAMELIST]             		(live system form)
> 
> Enter "crash -h" for details.
> 
> ---
>  netdump.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/netdump.c b/netdump.c
> index c76d9dd..cb0af41 100644
> --- a/netdump.c
> +++ b/netdump.c
> @@ -142,7 +142,7 @@ is_netdump(char *file, ulong source_query)
>  		if (!read_flattened_format(fd, 0, eheader, size))
>  			goto bailout;
>  	} else {
> -		if (read(fd, eheader, size) != size) {
> +		if (read(fd, eheader, size) < MIN_NETDUMP_ELF_HEADER_SIZE) {

size -- which is set to SAFE_NETDUMP_ELF_HEADER_SIZE here -- is only 128
bytes more than MIN_NETDUMP_ELF_HEADER_SIZE. This means, if the above
change really fixes your issue, you're trying to open a very small file
that barely carries any useful information beside its header. Anyhow,
this change introduces a regression to the code that's following, which
assumes the full 'size' was read, like the sanity checks for finding the
PT_NOTE program header. So you should either update 'size' so it mirrors
the actual bytes read or double-check that the kdump file you're trying
to analyze is actually a real one.

Thanks,
Mathias

>  			sprintf(buf, "%s: ELF header read", file);
>  			perror(buf);
>  			goto bailout;
> 