[Crash-utility] [PATCH v2] Fixed the segment fault when ikconfig passed nonstandard values

Tue Jan 5 12:11:56 UTC 2021

在 2021/1/5 下午4:36, HAGIO KAZUHITO(萩尾 一仁) 写道:
> Hi Jackie,
>
> -----Original Message-----
>> From: Jackie Liu <liuyun01 at kylinos.cn>
>>
>> Some strange reasons may cause kcore to collect some strange
>> entries of ikconfig, such as CONFIG_SECU+[some hex data] causes
>> the 'val' to be NULL, and then crashes when strdup.
>>
>> CONFIG_SECU+[some hex data] to be **strings that don't
>> contain the delimitor string '='** and then strtok_r() interprets
>> it as consisting of a single token, hence val resulting in having NULL.
> Thanks for the update, I will modify the commit message a bit more
> as follows, I think you use arm64 kernels:

Aha, 100% correct. It's arm64 platform on Hisilicom hi1620.

> ---
> Fix for a segmentation fault when analyzing arm64 kernels that are
> configured with CONFIG_IKCONFIG and have a strange entry that does
> not contain the delimiter "=", such as "CONFIG_SECU+[some hex data]".
>
> Without the patch, in the add_ikconfig_entry() function, strtok_r()
> interprets it as consisting of a single token and the val variable
> is set to NULL, and then strdup() crashes.
> ---
>
> and
> Acked-by: Kazuhito Hagio <k-hagio-ab at nec.com>
>
> Please wait for another ack.

Sure. thanks. Jackie.

>
> Thanks,
> Kazu
>
>> [d.hatayama at fujitsu.com: rewrite comment]
>> Suggested-by: HAGIO KAZUHITO(萩尾 一仁) <k-hagio-ab at nec.com>
>> Signed-off-by: Jackie Liu <liuyun01 at kylinos.cn>
>> ---
>>   kernel.c | 14 +++++++++++---
>>   1 file changed, 11 insertions(+), 3 deletions(-)
>>
>> diff --git a/kernel.c b/kernel.c
>> index 9871637..c8182a6 100644
>> --- a/kernel.c
>> +++ b/kernel.c
>> @@ -10236,7 +10236,7 @@ static struct ikconfig_list {
>>   	char *val;
>>   } *ikconfig_all;
>>
>> -static void add_ikconfig_entry(char *line, struct ikconfig_list *ent)
>> +static int add_ikconfig_entry(char *line, struct ikconfig_list *ent)
>>   {
>>   	char *tokptr, *name, *val;
>>
>> @@ -10244,8 +10244,16 @@ static void add_ikconfig_entry(char *line, struct ikconfig_list *ent)
>>   	sscanf(name, "CONFIG_%s", name);
>>   	val = strtok_r(NULL, "", &tokptr);
>>
>> +	if (!val) {
>> +		if (CRASHDEBUG(2))
>> +			error(WARNING, "invalid ikconfig entry: %s\n", line);
>> +		return FALSE;
>> +	}
>> +
>>   	ent->name = strdup(name);
>>   	ent->val = strdup(val);
>> +
>> +	return TRUE;
>>   }
>>
>>   static int setup_ikconfig(char *config)
>> @@ -10265,8 +10273,8 @@ static int setup_ikconfig(char *config)
>>   			ent++;
>>
>>   		if (STRNEQ(ent, "CONFIG_")) {
>> -			add_ikconfig_entry(ent,
>> -					 &ikconfig_all[kt->ikconfig_ents++]);
>> +			if (add_ikconfig_entry(ent, &ikconfig_all[kt->ikconfig_ents]))
>> +				kt->ikconfig_ents++;
>>   			if (kt->ikconfig_ents == IKCONFIG_MAX) {
>>   				error(WARNING, "ikconfig overflow.\n");
>>   				return 1;
>> --
>> 2.17.1
>>
>>