From 93a80de1d8034171918f6271cd7c423ee765031f Mon Sep 17 00:00:00 2001 From: Lianbo Jiang Date: Fri, 10 Dec 2021 15:49:33 +0800 Subject: [PATCH] Fix segmentation fault caused by extension modules Release: crash-8.0.0-4 Signed-off-by: Lianbo Jiang --- 0001-arm64-Support-overflow-stack-panic.patch | 379 ++++++++++++++++++ ...age-of-compatibility-of-struct-machd.patch | 41 ++ ...age-of-compatibility-of-struct-symbo.patch | 41 ++ crash.spec | 12 +- 4 files changed, 472 insertions(+), 1 deletion(-) create mode 100644 0001-arm64-Support-overflow-stack-panic.patch create mode 100644 0002-defs.h-fix-breakage-of-compatibility-of-struct-machd.patch create mode 100644 0003-defs.h-fix-breakage-of-compatibility-of-struct-symbo.patch diff --git a/0001-arm64-Support-overflow-stack-panic.patch b/0001-arm64-Support-overflow-stack-panic.patch new file mode 100644 index 0000000..4022297 --- /dev/null +++ b/0001-arm64-Support-overflow-stack-panic.patch @@ -0,0 +1,379 @@ +From 995db8ab88916b6397676b67be98c0a4f82cca49 Mon Sep 17 00:00:00 2001 +From: Hong YANG +Date: Mon, 15 Nov 2021 15:41:01 +0800 +Subject: [PATCH 1/3] arm64: Support overflow stack panic + +Kernel commit <872d8327ce89> ("arm64: add VMAP_STACK overflow detection") +has supported the overflow stack exception handling. Without the patch, the +"bt" command will make crash generate a core dump because of segmentation +fault. With the patch, the "bt" command can display the overflow stack. + +Before: +crash> bt +PID: 3607 TASK: ffffffcbf9a4da00 CPU: 2 COMMAND: "sh" +Segmentation fault (core dumped) + +After: +crash> bt +PID: 3607 TASK: ffffffcbf9a4da00 CPU: 2 COMMAND: "sh" + #0 [ffffffccbfd85f50] __delay at ffffff8008ceded8 +... + #5 [ffffffccbfd85fd0] emergency_restart at ffffff80080d49fc + #6 [ffffffccbfd86140] panic at ffffff80080af4c0 + #7 [ffffffccbfd86150] nmi_panic at ffffff80080af150 + #8 [ffffffccbfd86190] handle_bad_stack at ffffff800808b0b8 + #9 [ffffffccbfd862d0] __bad_stack at ffffff800808285c + PC: ffffff8008082e80 [el1_sync] + LR: ffffff8000d6c214 [stack_overflow_demo+84] + SP: ffffff1a79930070 PSTATE: 204003c5 + X29: ffffff8011b03d00 X28: ffffffcbf9a4da00 X27: ffffff8008e02000 + X26: 0000000000000040 X25: 0000000000000124 X24: ffffffcbf9a4da00 + X23: 0000007daec2e288 X22: ffffffcbfe03b800 X21: 0000007daec2e288 + X20: 0000000000000002 X19: 0000000000000002 X18: 0000000000000002 + X17: 00000000000003e7 X16: 0000000000000000 X15: 0000000000000000 + X14: ffffffcc17facb00 X13: ffffffccb4c25c00 X12: 0000000000000000 + X11: ffffffcc17fad660 X10: 0000000000000af0 X9: 0000000000000000 + X8: ffffff1a799334f0 X7: 0000000000000000 X6: 000000000000003f + X5: 0000000000000040 X4: 0000000000000010 X3: 00000065981d07f0 + X2: 00000065981d07f0 X1: 0000000000000000 X0: ffffff1a799334f0 + +Signed-off-by: Hong YANG +--- + arm64.c | 169 ++++++++++++++++++++++++++++++++++++++++++++++++++------ + defs.h | 6 ++ + 2 files changed, 159 insertions(+), 16 deletions(-) + +diff --git a/arm64.c b/arm64.c +index 94681d1a37db..23c3d75d85aa 100644 +--- a/arm64.c ++++ b/arm64.c +@@ -45,6 +45,7 @@ static int arm64_vtop_3level_4k(ulong, ulong, physaddr_t *, int); + static int arm64_vtop_4level_4k(ulong, ulong, physaddr_t *, int); + static ulong arm64_get_task_pgd(ulong); + static void arm64_irq_stack_init(void); ++static void arm64_overflow_stack_init(void); + static void arm64_stackframe_init(void); + static int arm64_eframe_search(struct bt_info *); + static int arm64_is_kernel_exception_frame(struct bt_info *, ulong); +@@ -63,6 +64,7 @@ static int arm64_get_dumpfile_stackframe(struct bt_info *, struct arm64_stackfra + static int arm64_in_kdump_text(struct bt_info *, struct arm64_stackframe *); + static int arm64_in_kdump_text_on_irq_stack(struct bt_info *); + static int arm64_switch_stack(struct bt_info *, struct arm64_stackframe *, FILE *); ++static int arm64_switch_stack_from_overflow(struct bt_info *, struct arm64_stackframe *, FILE *); + static int arm64_get_stackframe(struct bt_info *, struct arm64_stackframe *); + static void arm64_get_stack_frame(struct bt_info *, ulong *, ulong *); + static void arm64_gen_hidden_frame(struct bt_info *bt, ulong, struct arm64_stackframe *); +@@ -78,8 +80,11 @@ static int arm64_get_smp_cpus(void); + static void arm64_clear_machdep_cache(void); + static int arm64_on_process_stack(struct bt_info *, ulong); + static int arm64_in_alternate_stack(int, ulong); ++static int arm64_in_alternate_stackv(int cpu, ulong stkptr, ulong *stacks, ulong stack_size); + static int arm64_on_irq_stack(int, ulong); ++static int arm64_on_overflow_stack(int, ulong); + static void arm64_set_irq_stack(struct bt_info *); ++static void arm64_set_overflow_stack(struct bt_info *); + static void arm64_set_process_stack(struct bt_info *); + static int arm64_get_kvaddr_ranges(struct vaddr_range *); + static void arm64_get_crash_notes(void); +@@ -463,6 +468,7 @@ arm64_init(int when) + machdep->hz = 100; + + arm64_irq_stack_init(); ++ arm64_overflow_stack_init(); + arm64_stackframe_init(); + break; + +@@ -1715,6 +1721,49 @@ arm64_irq_stack_init(void) + } + } + ++/* ++ * Gather Overflow stack values. ++ * ++ * Overflow stack supported since 4.14, in commit 872d8327c ++ */ ++static void ++arm64_overflow_stack_init(void) ++{ ++ int i; ++ struct syment *sp; ++ struct gnu_request request, *req; ++ struct machine_specific *ms = machdep->machspec; ++ req = &request; ++ ++ if (symbol_exists("overflow_stack") && ++ (sp = per_cpu_symbol_search("overflow_stack")) && ++ get_symbol_type("overflow_stack", NULL, req)) { ++ if (CRASHDEBUG(1)) { ++ fprintf(fp, "overflow_stack: \n"); ++ fprintf(fp, " type: %x, %s\n", ++ (int)req->typecode, ++ (req->typecode == TYPE_CODE_ARRAY) ? ++ "TYPE_CODE_ARRAY" : "other"); ++ fprintf(fp, " target_typecode: %x, %s\n", ++ (int)req->target_typecode, ++ req->target_typecode == TYPE_CODE_INT ? ++ "TYPE_CODE_INT" : "other"); ++ fprintf(fp, " target_length: %ld\n", ++ req->target_length); ++ fprintf(fp, " length: %ld\n", req->length); ++ } ++ ++ if (!(ms->overflow_stacks = (ulong *)malloc((size_t)(kt->cpus * sizeof(ulong))))) ++ error(FATAL, "cannot malloc overflow_stack addresses\n"); ++ ++ ms->overflow_stack_size = ARM64_OVERFLOW_STACK_SIZE; ++ machdep->flags |= OVERFLOW_STACKS; ++ ++ for (i = 0; i < kt->cpus; i++) ++ ms->overflow_stacks[i] = kt->__per_cpu_offset[i] + sp->value; ++ } ++} ++ + /* + * Gather and verify all of the backtrace requirements. + */ +@@ -1960,6 +2009,7 @@ static char *arm64_exception_functions[] = { + "do_mem_abort", + "do_el0_irq_bp_hardening", + "do_sp_pc_abort", ++ "handle_bad_stack", + NULL + }; + +@@ -1978,7 +2028,10 @@ arm64_in_exception_text(ulong ptr) + if ((ptr >= ms->__exception_text_start) && + (ptr < ms->__exception_text_end)) + return TRUE; +- } else if ((name = closest_symbol(ptr))) { /* Linux 5.5 and later */ ++ } ++ ++ name = closest_symbol(ptr); ++ if (name != NULL) { /* Linux 5.5 and later */ + for (func = &arm64_exception_functions[0]; *func; func++) { + if (STREQ(name, *func)) + return TRUE; +@@ -2252,15 +2305,14 @@ arm64_unwind_frame(struct bt_info *bt, struct arm64_stackframe *frame) + if ((frame->fp == 0) && (frame->pc == 0)) + return FALSE; + +- if (!(machdep->flags & IRQ_STACKS)) +- return TRUE; +- +- if (!(machdep->flags & IRQ_STACKS)) ++ if (!(machdep->flags & (IRQ_STACKS | OVERFLOW_STACKS))) + return TRUE; + + if (machdep->flags & UNW_4_14) { +- if ((bt->flags & BT_IRQSTACK) && +- !arm64_on_irq_stack(bt->tc->processor, frame->fp)) { ++ if (((bt->flags & BT_IRQSTACK) && ++ !arm64_on_irq_stack(bt->tc->processor, frame->fp)) || ++ ((bt->flags & BT_OVERFLOW_STACK) && ++ !arm64_on_overflow_stack(bt->tc->processor, frame->fp))) { + if (arm64_on_process_stack(bt, frame->fp)) { + arm64_set_process_stack(bt); + +@@ -2677,6 +2729,9 @@ arm64_back_trace_cmd(struct bt_info *bt) + if (arm64_on_irq_stack(bt->tc->processor, bt->frameptr)) { + arm64_set_irq_stack(bt); + bt->flags |= BT_IRQSTACK; ++ } else if (arm64_on_overflow_stack(bt->tc->processor, bt->frameptr)) { ++ arm64_set_overflow_stack(bt); ++ bt->flags |= BT_OVERFLOW_STACK; + } + stackframe.sp = bt->stkptr; + stackframe.pc = bt->instptr; +@@ -2731,7 +2786,9 @@ arm64_back_trace_cmd(struct bt_info *bt) + break; + + if (arm64_in_exception_text(bt->instptr) && INSTACK(stackframe.fp, bt)) { +- if (!(bt->flags & BT_IRQSTACK) || ++ if (bt->flags & BT_OVERFLOW_STACK) { ++ exception_frame = stackframe.fp - KERN_EFRAME_OFFSET; ++ } else if (!(bt->flags & BT_IRQSTACK) || + ((stackframe.sp + SIZE(pt_regs)) < bt->stacktop)) { + if (arm64_is_kernel_exception_frame(bt, stackframe.fp - KERN_EFRAME_OFFSET)) + exception_frame = stackframe.fp - KERN_EFRAME_OFFSET; +@@ -2745,6 +2802,12 @@ arm64_back_trace_cmd(struct bt_info *bt) + break; + } + ++ if ((bt->flags & BT_OVERFLOW_STACK) && ++ !arm64_on_overflow_stack(bt->tc->processor, stackframe.fp)) { ++ bt->flags &= ~BT_OVERFLOW_STACK; ++ if (arm64_switch_stack_from_overflow(bt, &stackframe, ofp) == USER_MODE) ++ break; ++ } + + level++; + } +@@ -3131,6 +3194,43 @@ arm64_switch_stack(struct bt_info *bt, struct arm64_stackframe *frame, FILE *ofp + return KERNEL_MODE; + } + ++static int ++arm64_switch_stack_from_overflow(struct bt_info *bt, struct arm64_stackframe *frame, FILE *ofp) ++{ ++ int i; ++ ulong stacktop, words, addr; ++ ulong *stackbuf; ++ char buf[BUFSIZE]; ++ struct machine_specific *ms = machdep->machspec; ++ ++ if (bt->flags & BT_FULL) { ++ stacktop = ms->overflow_stacks[bt->tc->processor] + ms->overflow_stack_size; ++ words = (stacktop - bt->bptr) / sizeof(ulong); ++ stackbuf = (ulong *)GETBUF(words * sizeof(ulong)); ++ readmem(bt->bptr, KVADDR, stackbuf, words * sizeof(long), ++ "top of overflow stack", FAULT_ON_ERROR); ++ ++ addr = bt->bptr; ++ for (i = 0; i < words; i++) { ++ if (!(i & 1)) ++ fprintf(ofp, "%s %lx: ", i ? "\n" : "", addr); ++ fprintf(ofp, "%s ", format_stack_entry(bt, buf, stackbuf[i], 0)); ++ addr += sizeof(ulong); ++ } ++ fprintf(ofp, "\n"); ++ FREEBUF(stackbuf); ++ } ++ fprintf(ofp, "--- ---\n"); ++ ++ if (frame->fp == 0) ++ return USER_MODE; ++ ++ if (!(machdep->flags & UNW_4_14)) ++ arm64_print_exception_frame(bt, frame->sp, KERNEL_MODE, ofp); ++ ++ return KERNEL_MODE; ++} ++ + static int + arm64_get_dumpfile_stackframe(struct bt_info *bt, struct arm64_stackframe *frame) + { +@@ -3682,6 +3782,16 @@ arm64_display_machine_stats(void) + machdep->machspec->irq_stacks[i]); + } + } ++ if (machdep->machspec->overflow_stack_size) { ++ fprintf(fp, "OVERFLOW STACK SIZE: %ld\n", ++ machdep->machspec->overflow_stack_size); ++ fprintf(fp, " OVERFLOW STACKS:\n"); ++ for (i = 0; i < kt->cpus; i++) { ++ pad = (i < 10) ? 3 : (i < 100) ? 2 : (i < 1000) ? 1 : 0; ++ fprintf(fp, "%s CPU %d: %lx\n", space(pad), i, ++ machdep->machspec->overflow_stacks[i]); ++ } ++ } + } + + static int +@@ -3875,24 +3985,41 @@ arm64_on_process_stack(struct bt_info *bt, ulong stkptr) + } + + static int +-arm64_on_irq_stack(int cpu, ulong stkptr) ++arm64_in_alternate_stackv(int cpu, ulong stkptr, ulong *stacks, ulong stack_size) + { +- return arm64_in_alternate_stack(cpu, stkptr); ++ if ((cpu >= kt->cpus) || (stacks == NULL) || !stack_size) ++ return FALSE; ++ ++ if ((stkptr >= stacks[cpu]) && ++ (stkptr < (stacks[cpu] + stack_size))) ++ return TRUE; ++ ++ return FALSE; + } + + static int + arm64_in_alternate_stack(int cpu, ulong stkptr) ++{ ++ return (arm64_on_irq_stack(cpu, stkptr) || ++ arm64_on_overflow_stack(cpu, stkptr)); ++} ++ ++static int ++arm64_on_irq_stack(int cpu, ulong stkptr) + { + struct machine_specific *ms = machdep->machspec; + +- if (!ms->irq_stack_size || (cpu >= kt->cpus)) +- return FALSE; ++ return arm64_in_alternate_stackv(cpu, stkptr, ++ ms->irq_stacks, ms->irq_stack_size); ++} + +- if ((stkptr >= ms->irq_stacks[cpu]) && +- (stkptr < (ms->irq_stacks[cpu] + ms->irq_stack_size))) +- return TRUE; ++static int ++arm64_on_overflow_stack(int cpu, ulong stkptr) ++{ ++ struct machine_specific *ms = machdep->machspec; + +- return FALSE; ++ return arm64_in_alternate_stackv(cpu, stkptr, ++ ms->overflow_stacks, ms->overflow_stack_size); + } + + static void +@@ -3905,6 +4032,16 @@ arm64_set_irq_stack(struct bt_info *bt) + alter_stackbuf(bt); + } + ++static void ++arm64_set_overflow_stack(struct bt_info *bt) ++{ ++ struct machine_specific *ms = machdep->machspec; ++ ++ bt->stackbase = ms->overflow_stacks[bt->tc->processor]; ++ bt->stacktop = bt->stackbase + ms->overflow_stack_size; ++ alter_stackbuf(bt); ++} ++ + static void + arm64_set_process_stack(struct bt_info *bt) + { +diff --git a/defs.h b/defs.h +index a2f30853a4b1..7e2a16e34a59 100644 +--- a/defs.h ++++ b/defs.h +@@ -3218,6 +3218,7 @@ typedef signed int s32; + #define UNW_4_14 (0x200) + #define FLIPPED_VM (0x400) + #define HAS_PHYSVIRT_OFFSET (0x800) ++#define OVERFLOW_STACKS (0x1000) + + /* + * Get kimage_voffset from /dev/crash +@@ -3260,6 +3261,7 @@ typedef signed int s32; + + #define ARM64_STACK_SIZE (16384) + #define ARM64_IRQ_STACK_SIZE ARM64_STACK_SIZE ++#define ARM64_OVERFLOW_STACK_SIZE (4096) + + #define _SECTION_SIZE_BITS 30 + #define _SECTION_SIZE_BITS_5_12 27 +@@ -3332,6 +3334,9 @@ struct machine_specific { + char *irq_stackbuf; + ulong __irqentry_text_start; + ulong __irqentry_text_end; ++ ulong overflow_stack_size; ++ ulong *overflow_stacks; ++ char *overflow_stackbuf; + /* for exception vector code */ + ulong exp_entry1_start; + ulong exp_entry1_end; +@@ -5770,6 +5775,7 @@ ulong cpu_map_addr(const char *type); + #define BT_CPUMASK (0x1000000000000ULL) + #define BT_SHOW_ALL_REGS (0x2000000000000ULL) + #define BT_REGS_NOT_FOUND (0x4000000000000ULL) ++#define BT_OVERFLOW_STACK (0x8000000000000ULL) + #define BT_SYMBOL_OFFSET (BT_SYMBOLIC_ARGS) + + #define BT_REF_HEXVAL (0x1) +-- +2.20.1 + diff --git a/0002-defs.h-fix-breakage-of-compatibility-of-struct-machd.patch b/0002-defs.h-fix-breakage-of-compatibility-of-struct-machd.patch new file mode 100644 index 0000000..e875f2d --- /dev/null +++ b/0002-defs.h-fix-breakage-of-compatibility-of-struct-machd.patch @@ -0,0 +1,41 @@ +From c477b04aee34d4f4784c326ed715e91b2c43eb3e Mon Sep 17 00:00:00 2001 +From: HATAYAMA Daisuke +Date: Thu, 9 Dec 2021 01:05:07 +0000 +Subject: [PATCH 2/3] defs.h: fix breakage of compatibility of struct + machdep_table for extension modules + +Commit <2f967fb5ebd7> ("crash_taget: fetch_registers support") added new +member get_cpu_reg in the middle of struct machdep_table, which breaks +compatibility of struct machdep_table for extension modules. As the result, +crash gcore command results in unexpected behavior, furthermore may cause +segmentation fault. + +Fixes: 2f967fb5ebd7 ("crash_taget: fetch_registers support") +Signed-off-by: HATAYAMA Daisuke +--- + defs.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/defs.h b/defs.h +index 7e2a16e34a59..7d3ed78fcd23 100644 +--- a/defs.h ++++ b/defs.h +@@ -1013,7 +1013,6 @@ struct machdep_table { + ulong (*processor_speed)(void); + int (*uvtop)(struct task_context *, ulong, physaddr_t *, int); + int (*kvtop)(struct task_context *, ulong, physaddr_t *, int); +- int (*get_cpu_reg)(int, int, const char *, int, void *); + ulong (*get_task_pgd)(ulong); + void (*dump_irq)(int); + void (*get_stack_frame)(struct bt_info *, ulong *, ulong *); +@@ -1063,6 +1062,7 @@ struct machdep_table { + void (*get_irq_affinity)(int); + void (*show_interrupts)(int, ulong *); + int (*is_page_ptr)(ulong, physaddr_t *); ++ int (*get_cpu_reg)(int, int, const char *, int, void *); + }; + + /* +-- +2.20.1 + diff --git a/0003-defs.h-fix-breakage-of-compatibility-of-struct-symbo.patch b/0003-defs.h-fix-breakage-of-compatibility-of-struct-symbo.patch new file mode 100644 index 0000000..c28e59f --- /dev/null +++ b/0003-defs.h-fix-breakage-of-compatibility-of-struct-symbo.patch @@ -0,0 +1,41 @@ +From 6968345893178d2750b8872055498d2a6010a861 Mon Sep 17 00:00:00 2001 +From: HATAYAMA Daisuke +Date: Wed, 8 Dec 2021 12:07:34 +0000 +Subject: [PATCH 3/3] defs.h: fix breakage of compatibility of struct + symbol_table_data for extension modules + +Commit <2fab8fbc0c4f> ("symbols: Implement install and remove operations +for mod_symname_hash") added new member variable mod_symname_hash in the +middle of struct symbol_table_date, which breaks compatibility of struct +symbol_table_data for extension modules. As the result, crash trace command +results in segmentation fault. + +Fixes: 2fab8fbc0c4f ("symbols: Implement install and remove operations for mod_symname_hash") +Signed-off-by: HATAYAMA Daisuke +--- + defs.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/defs.h b/defs.h +index 7d3ed78fcd23..b63741c7d78b 100644 +--- a/defs.h ++++ b/defs.h +@@ -2753,7 +2753,6 @@ struct symbol_table_data { + double val_hash_searches; + double val_hash_iterations; + struct syment *symname_hash[SYMNAME_HASH]; +- struct syment *mod_symname_hash[SYMNAME_HASH]; + struct symbol_namespace kernel_namespace; + struct syment *ext_module_symtable; + struct syment *ext_module_symend; +@@ -2780,6 +2779,7 @@ struct symbol_table_data { + ulong kaiser_init_vmlinux; + int kernel_symbol_type; + ulong linux_banner_vmlinux; ++ struct syment *mod_symname_hash[SYMNAME_HASH]; + }; + + /* flags for st */ +-- +2.20.1 + diff --git a/crash.spec b/crash.spec index ddb3614..c521919 100644 --- a/crash.spec +++ b/crash.spec @@ -4,7 +4,7 @@ Summary: Kernel analysis utility for live systems, netdump, diskdump, kdump, LKCD or mcore dumpfiles Name: crash Version: 8.0.0 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv3 Source0: https://github.com/crash-utility/crash/archive/crash-%{version}.tar.gz Source1: http://ftp.gnu.org/gnu/gdb/gdb-10.2.tar.gz @@ -19,6 +19,9 @@ Provides: bundled(libiberty) Provides: bundled(gdb) = 10.2 Patch0: lzo_snappy_zstd.patch Patch1: crash-8.0.0_build.patch +Patch2: 0001-arm64-Support-overflow-stack-panic.patch +Patch3: 0002-defs.h-fix-breakage-of-compatibility-of-struct-machd.patch +Patch4: 0003-defs.h-fix-breakage-of-compatibility-of-struct-symbo.patch %description The core analysis suite is a self-contained tool that can be used to @@ -40,6 +43,9 @@ offered by Mission Critical Linux, or the LKCD kernel patch. %setup -n %{name}-%{version} -q %patch0 -p1 -b lzo_snappy_zstd.patch %patch1 -p1 -b crash-8.0.0_build.patch +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 %build @@ -65,6 +71,10 @@ cp -p defs.h %{buildroot}%{_includedir}/crash %{_includedir}/* %changelog +* Fri Dec 10 2021 Lianbo Jiang - 8.0.0-4 +- Fix segmentation fault caused by crash extension modules +- Support the overflow stack exception handling on aarch64 + * Mon Dec 06 2021 Lianbo Jiang - 8.0.0-3 - Enable ZSTD feature