[Crash-utility] [External Mail][????] Re: [PATCH] netdump: bugfix for read elf header
赵乾利
zhaoqianli at xiaomi.com
Mon Nov 30 13:50:28 UTC 2020
Hi,
> This looks like an error to me. According to the above errno value, you
> tried to read a file that's not there? But maybe it's just a stall errno
> value as we don't reset it prior to calling read(). To clarify, can you
> please provide the output of running 'strace crash ....'?
Please found below strace,read size only 232,it's less then "SAFE_NETDUMP_ELF_HEADER_SIZE".
open("DDRCS0_0.BIN", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0744, st_size=2147483648, ...}) = 0
open("DDRCS1_0.BIN", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0744, st_size=2147483648, ...}) = 0
open("/var/tmp/ramdump_elf_viw34m", O_RDWR|O_CREAT|O_EXCL, 0600) = 5
write(5, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\4\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 232) = 232
close(5) = 0
open("/var/tmp/ramdump_elf_viw34m", O_RDWR) = 5
read(5, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\4\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 304) = 232
dup(2) = 6
fcntl(6, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE)
fstat(6, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
write(6, "/var/tmp/ramdump_elf_viw34m: ELF"..., 72/var/tmp/ramdump_elf_viw34m: ELF header read: No such file or directory
) = 72
close(6) = 0
close(5) = 0
write(1, "crash: malformed ELF file: /var/"..., 55crash: malformed ELF file: /var/tmp/ramdump_elf_viw34m
) = 55
write(1, "\nUsage:\n\n", 9
Usage:
) = 9
write(1, " crash [OPTION]... NAMELIST MEM"..., 68 crash [OPTION]... NAMELIST MEMORY-IMAGE[@ADDRESS] (dumpfile form)
) = 68
write(1, " crash [OPTION]... [NAMELIST] "..., 64 crash [OPTION]... [NAMELIST] (live system form)
) = 64
write(1, "\n", 1
) = 1
write(1, "Enter \"crash -h\" for details.\n", 30Enter "crash -h" for details.
) = 30
unlink("/var/tmp/ramdump_elf_viw34m") = 0
exit_group(1) = ?
+++ exited with 1 +++
> Anyhow,this change introduces a regression to the code that's following, which
> assumes the full 'size' was read, like the sanity checks for finding the
> PT_NOTE program header. So you should either update 'size' so it mirrors
> the actual bytes read or double-check that the kdump file you're trying
> to analyze is actually a real one.
After apply the patch,issue is gone,so it's not kdump files problem.
How about below patch set?
commit 8daecb704fa37a17e3c5294e35e593bfc1545016
Author: Qianli Zhao <zhaoqianli at xiaomi.com>
Date: Mon Nov 30 17:17:32 2020 +0800
netdump: bugfix for read elf header
Without the patch,errors may occur in reading the ELF header,
causing the parsing to fail.header file size may smaller than
SAFE_NETDUMP_ELF_HEADER_SIZE
Signed-off-by: Qianli Zhao <zhaoqianli at xiaomi.com>
diff --git a/netdump.c b/netdump.c
index c76d9dd..2e3e255 100644
--- a/netdump.c
+++ b/netdump.c
@@ -142,7 +142,7 @@ is_netdump(char *file, ulong source_query)
if (!read_flattened_format(fd, 0, eheader, size))
goto bailout;
} else {
- if (read(fd, eheader, size) != size) {
+ if ((size = read(fd, eheader, size)) < MIN_NETDUMP_ELF_HEADER_SIZE) {
sprintf(buf, "%s: ELF header read", file);
perror(buf);
goto bailout;
________________________________
From: crash-utility-bounces at redhat.com <crash-utility-bounces at redhat.com> on behalf of Mathias Krause <minipli at grsecurity.net>
Sent: Monday, November 30, 2020 20:28
To: Qianli Zhao; crash-utility at redhat.com
Subject: [External Mail][????] Re: [Crash-utility] [PATCH] netdump: bugfix for read elf header
Hi,
Am 30.11.20 um 11:56 schrieb Qianli Zhao:
> From: Qianli Zhao <zhaoqianli at xiaomi.com>
>
> Without the patch,errors may occur in reading the ELF header,
> causing the parsing to fail.
>
> Signed-off-by: Qianli Zhao <zhaoqianli at xiaomi.com>
> ---
> When i use crash to parsing a kdump,i got below error.
> This error occurs because of the read header less then SAFE_NETDUMP_ELF_HEADER_SIZE,
> But can read MIN_NETDUMP_ELF_HEADER_SIZE bytes from the file correctly.
> this issue is introduced due to commit:f42db6a33f0e0652df7cce8506352745b4794287
>
> crash 7.2.9
> Copyright (C) 2002-2020 Red Hat, Inc.
> Copyright (C) 2004, 2005, 2006, 2010 IBM Corporation
> Copyright (C) 1999-2006 Hewlett-Packard Co
> Copyright (C) 2005, 2006, 2011, 2012 Fujitsu Limited
> Copyright (C) 2006, 2007 VA Linux Systems Japan K.K.
> Copyright (C) 2005, 2011 NEC Corporation
> Copyright (C) 1999, 2002, 2007 Silicon Graphics, Inc.
> Copyright (C) 1999, 2000, 2001, 2002 Mission Critical Linux, Inc.
> This program is free software, covered by the GNU General Public License,
> and you are welcome to change it and/or distribute copies of it under
> certain conditions. Enter "help copying" to see the conditions.
> This program has absolutely no warranty. Enter "help warranty" for details.
>
> /var/tmp/ramdump_elf_B2R4cQ: ELF header read: No such file or directory
> crash: malformed ELF file: /var/tmp/ramdump_elf_B2R4cQ
This looks like an error to me. According to the above errno value, you
tried to read a file that's not there? But maybe it's just a stall errno
value as we don't reset it prior to calling read(). To clarify, can you
please provide the output of running 'strace crash ....'?
>
> Usage:
>
> crash [OPTION]... NAMELIST MEMORY-IMAGE[@ADDRESS] (dumpfile form)
> crash [OPTION]... [NAMELIST] (live system form)
>
> Enter "crash -h" for details.
>
> ---
> netdump.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/netdump.c b/netdump.c
> diff --git a/netdump.c b/netdump.c
> index c76d9dd..cb0af41 100644
> --- a/netdump.c
> +++ b/netdump.c
> @@ -142,7 +142,7 @@ is_netdump(char *file, ulong source_query)
> if (!read_flattened_format(fd, 0, eheader, size))
> goto bailout;
> } else {
> - if (read(fd, eheader, size) != size) {
> + if (read(fd, eheader, size) < MIN_NETDUMP_ELF_HEADER_SIZE) {
size -- which is set to SAFE_NETDUMP_ELF_HEADER_SIZE here -- is only 128
bytes more than MIN_NETDUMP_ELF_HEADER_SIZE. This means, if the above
change really fixes your issue, you're trying to open a very small file
that barely carries any useful information beside its header. Anyhow,
this change introduces a regression to the code that's following, which
assumes the full 'size' was read, like the sanity checks for finding the
PT_NOTE program header. So you should either update 'size' so it mirrors
the actual bytes read or double-check that the kdump file you're trying
to analyze is actually a real one.
Thanks,
Mathias
> sprintf(buf, "%s: ELF header read", file);
> perror(buf);
> goto bailout;
>
--
Crash-utility mailing list
Crash-utility at redhat.com
https://www.redhat.com/mailman/listinfo/crash-utility
#/******本邮件及其附件含有小米公司的保密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制、或散发)本邮件中的信息。如果您错收了本邮件,请您立即电话或邮件通知发件人并删除本邮件! This e-mail and its attachments contain confidential information from XIAOMI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!******/#
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/crash-utility/attachments/20201130/90848543/attachment.htm>
More information about the Crash-utility
mailing list