Fix Segmentation fault and update to the latest upstream

Remove the use_system_readline_v3.patch and the dependency of
readline-devel.

Update to the latest upstream: commit <9c0c6c1b3750>

Release crash-7.2.9-5

Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
This commit is contained in:
Lianbo Jiang 2021-03-08 20:32:39 +08:00
parent 5a0c1d8fb7
commit bce16fc0be
7 changed files with 664 additions and 21 deletions

View File

@ -0,0 +1,65 @@
From a52f630e40ff8f7abc266bd4f1fe09f9087faeaa Mon Sep 17 00:00:00 2001
From: John Pittman <jpittman@redhat.com>
Date: Thu, 18 Feb 2021 10:55:50 -0500
Subject: [PATCH 1/6] log: change log level print in older kernels
In older kernels that have the variable-length-record log_buf, the
log level and the log flags/facility are not separated. Since the
log level is only the last three bits, and the flags/facility and
level are separated in 5.10 and later kernels, only print those last
three bits when using 'log -m'.
[ kh: modified commit message ]
Suggested-by: David Jeffery <djeffery@redhat.com>
Signed-off-by: John Pittman <jpittman@redhat.com>
---
defs.h | 1 +
help.c | 5 +++--
kernel.c | 2 ++
3 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/defs.h b/defs.h
index 35cdac20420c..35b983abd403 100644
--- a/defs.h
+++ b/defs.h
@@ -5627,6 +5627,7 @@ void clone_bt_info(struct bt_info *, struct bt_info *, struct task_context *);
void dump_kernel_table(int);
void dump_bt_info(struct bt_info *, char *where);
void dump_log(int);
+#define LOG_LEVEL(v) ((v) & 0x07)
#define SHOW_LOG_LEVEL (0x1)
#define SHOW_LOG_DICT (0x2)
#define SHOW_LOG_TEXT (0x4)
diff --git a/help.c b/help.c
index 587c7173f495..85b334a0419e 100644
--- a/help.c
+++ b/help.c
@@ -3906,8 +3906,9 @@ char *help_log[] = {
" applicable to the variable-length record format.",
" -m Display the message log level in brackets preceding each message. For",
" the variable-length record format, the level will be displayed in ",
-" hexadecimal, and depending upon the kernel version, also contains the",
-" facility or flags bits.",
+" hexadecimal. In older kernels, by default, the facility/flag bits",
+" will be stripped to only show the level, but if needed, can still be",
+" shown with 'set debug 1'.",
" -a Dump the audit logs remaining in kernel audit buffers that have not",
" been copied out to the user-space audit daemon.",
" ",
diff --git a/kernel.c b/kernel.c
index ac765e302639..735263cbcd75 100644
--- a/kernel.c
+++ b/kernel.c
@@ -5262,6 +5262,8 @@ dump_log_entry(char *logptr, int msg_flags)
fprintf(fp, "%s", buf);
}
+ level = LOG_LEVEL(level);
+
if (msg_flags & SHOW_LOG_LEVEL) {
sprintf(buf, "<%x>", level);
ilen += strlen(buf);
--
2.29.2

View File

@ -0,0 +1,37 @@
From 464edc6e6636c01521b46ec64134b90c7e7ced11 Mon Sep 17 00:00:00 2001
From: Kazuhito Hagio <k-hagio-ab@nec.com>
Date: Fri, 19 Feb 2021 14:43:55 +0900
Subject: [PATCH 2/6] Makefile: reduce crash build log
Currently the verbose output of tar command when extracting the
GDB source files occupies more than the half of crash build log.
It is not so helpful and makes the build log longer needlessly
especially on CI build test. Let's stop it.
Also reduce about 600 lines of crash build log with wget's
"--progress=dot:mega" option when stderr is not a tty.
Signed-off-by: Kazuhito Hagio <k-hagio-ab@nec.com>
---
Makefile | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/Makefile b/Makefile
index f66eba7418d1..b3c0d3a7f75b 100644
--- a/Makefile
+++ b/Makefile
@@ -258,8 +258,9 @@ gdb_unzip:
@if [ ! -f ${GDB}.tar.gz ] && [ ! -f /usr/bin/wget ]; then \
echo /usr/bin/wget is required to download ${GDB}.tar.gz; echo; exit 1; fi
@if [ ! -f ${GDB}.tar.gz ] && [ -f /usr/bin/wget ]; then \
- wget http://ftp.gnu.org/gnu/gdb/${GDB}.tar.gz; fi
- @tar --exclude-from gdb.files -xvzmf ${GDB}.tar.gz
+ [ ! -t 2 ] && WGET_OPTS="--progress=dot:mega"; \
+ wget $$WGET_OPTS http://ftp.gnu.org/gnu/gdb/${GDB}.tar.gz; fi
+ @tar --exclude-from gdb.files -xzmf ${GDB}.tar.gz
@make --no-print-directory gdb_patch
gdb_patch:
--
2.29.2

View File

@ -0,0 +1,32 @@
From 720279fc141100893ba6da6ab18e52776ecf7424 Mon Sep 17 00:00:00 2001
From: Kazuhito Hagio <k-hagio-ab@nec.com>
Date: Tue, 2 Mar 2021 13:38:18 +0900
Subject: [PATCH 3/6] x86_64: fix "bt" command on 5.12-rc1 and later kernels
Fix "bt" command on Linux 5.12-rc1 and later kernels that contain
commit 951c2a51ae75 ("x86/irq/64: Adjust the per CPU irq stack pointer
by 8"). Without the patch, the "bt" command and some of its options
that read irq stack fail with the error message "bt: read of stack at
<address> failed".
Signed-off-by: Kazuhito Hagio <k-hagio-ab@nec.com>
---
x86_64.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/x86_64.c b/x86_64.c
index 23a40a04bbc4..f5b2f7b5f040 100644
--- a/x86_64.c
+++ b/x86_64.c
@@ -1326,6 +1326,8 @@ x86_64_per_cpu_init(void)
KVADDR, &hardirq_stack_ptr, sizeof(void *),
"hardirq_stack_ptr (per_cpu)", QUIET|RETURN_ON_ERROR))
continue;
+ if (hardirq_stack_ptr != PAGEBASE(hardirq_stack_ptr))
+ hardirq_stack_ptr += 8;
ms->stkinfo.ibase[i] = hardirq_stack_ptr - ms->stkinfo.isize;
} else if (irq_sp)
ms->stkinfo.ibase[i] = irq_sp->value + kt->__per_cpu_offset[i];
--
2.29.2

View File

@ -0,0 +1,325 @@
From 7ca9a8e21dc1ecb33195b6c9fdd207f203308636 Mon Sep 17 00:00:00 2001
From: HATAYAMA Daisuke <d.hatayama@fujitsu.com>
Date: Thu, 4 Mar 2021 20:20:28 +0900
Subject: [PATCH 4/6] Add valgrind support for the crash's custom memory
allocator
This adds valgrind support for the crash's custom memory allocator
using the way described in the following valgrind's Memcheck manual:
https://www.valgrind.org/docs/manual/mc-manual.html#mc-manual.mempools
This helps detecting various memory errors on the crash's custom
memory allocator.
To enable this feature, build crash command as:
# make valgrind
Then, run crash commnad using valgrind as:
# valgrind ./crash vmlinux vmcore
Signed-off-by: HATAYAMA Daisuke <d.hatayama@fujitsu.com>
---
Makefile | 4 +++
README | 4 +++
configure.c | 27 ++++++++++++++++++---
help.c | 4 +++
tools.c | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
5 files changed, 104 insertions(+), 5 deletions(-)
diff --git a/Makefile b/Makefile
index b3c0d3a7f75b..31a3d3de0c07 100644
--- a/Makefile
+++ b/Makefile
@@ -333,6 +333,10 @@ snappy: make_configure
@./configure -x snappy ${CONF_TARGET_FLAG} -w -b
@make --no-print-directory gdb_merge
+valgrind: make_configure
+ @./configure -x valgrind ${CONF_TARGET_FLAG} -w -b
+ @make --no-print-directory gdb_merge
+
main.o: ${GENERIC_HFILES} main.c
${CC} -c ${CRASH_CFLAGS} main.c ${WARNING_OPTIONS} ${WARNING_ERROR}
diff --git a/README b/README
index e2af9249caa2..d4a830985056 100644
--- a/README
+++ b/README
@@ -105,6 +105,10 @@
use either the LZO or snappy compression libraries. To build crash with
either or both of those libraries, type "make lzo" or "make snappy".
+ crash supports valgrind Memcheck tool on the crash's custom memory allocator.
+ To build crash with this feature enabled, type "make valgrind" and then run
+ crash with valgrind as "valgrind crash vmlinux vmcore".
+
All of the alternate build commands above are "sticky" in that the
special "make" targets only have to be entered one time; all subsequent
builds will follow suit.
diff --git a/configure.c b/configure.c
index 7f6d19e0b87e..9480829ad2da 100644
--- a/configure.c
+++ b/configure.c
@@ -1704,18 +1704,22 @@ get_extra_flags(char *filename, char *initial)
* a CFLAGS.extra file and an LDFLAGS.extra file.
* For lzo:
+ * - enter -DLZO in the CFLAGS.extra file
+ * - enter -llzo2 in the LDFLAGS.extra file
+ *
+ * For snappy:
* - enter -DSNAPPY in the CFLAGS.extra file
* - enter -lsnappy in the LDFLAGS.extra file
*
- * For snappy:
- * - enter -DLZO in the CFLAGS.extra file
- * - enter -llzo2 in the LDFLAGS.extra file.
+ * For valgrind:
+ * - enter -DVALGRIND in the CFLAGS.extra file
*/
void
add_extra_lib(char *option)
{
int lzo, add_DLZO, add_llzo2;
int snappy, add_DSNAPPY, add_lsnappy;
+ int valgrind, add_DVALGRIND;
char *cflags, *ldflags;
FILE *fp_cflags, *fp_ldflags;
char *mode;
@@ -1723,6 +1727,7 @@ add_extra_lib(char *option)
lzo = add_DLZO = add_llzo2 = 0;
snappy = add_DSNAPPY = add_lsnappy = 0;
+ valgrind = add_DVALGRIND = 0;
ldflags = get_extra_flags("LDFLAGS.extra", NULL);
cflags = get_extra_flags("CFLAGS.extra", NULL);
@@ -1743,12 +1748,24 @@ add_extra_lib(char *option)
add_lsnappy++;
}
+ if (strcmp(option, "valgrind") == 0) {
+ valgrind++;
+ if (!cflags || !strstr(cflags, "-DVALGRIND"))
+ add_DVALGRIND++;
+ }
+
if ((lzo || snappy) &&
file_exists("diskdump.o") && (unlink("diskdump.o") < 0)) {
perror("diskdump.o");
return;
}
+ if (valgrind &&
+ file_exists("tools.o") && (unlink("tools.o") < 0)) {
+ perror("tools.o");
+ return;
+ }
+
mode = file_exists("CFLAGS.extra") ? "r+" : "w+";
if ((fp_cflags = fopen("CFLAGS.extra", mode)) == NULL) {
perror("CFLAGS.extra");
@@ -1762,13 +1779,15 @@ add_extra_lib(char *option)
return;
}
- if (add_DLZO || add_DSNAPPY) {
+ if (add_DLZO || add_DSNAPPY || add_DVALGRIND) {
while (fgets(inbuf, 512, fp_cflags))
;
if (add_DLZO)
fputs("-DLZO\n", fp_cflags);
if (add_DSNAPPY)
fputs("-DSNAPPY\n", fp_cflags);
+ if (add_DVALGRIND)
+ fputs("-DVALGRIND\n", fp_cflags);
}
if (add_llzo2 || add_lsnappy) {
diff --git a/help.c b/help.c
index 85b334a0419e..531f50a7cd82 100644
--- a/help.c
+++ b/help.c
@@ -9387,6 +9387,10 @@ README_ENTER_DIRECTORY,
" use either the LZO or snappy compression libraries. To build crash with",
" either or both of those libraries, type \"make lzo\" or \"make snappy\".",
"",
+" crash supports valgrind Memcheck tool on the crash's custom memory allocator.",
+" To build crash with this feature enabled, type \"make valgrind\" and then run",
+" crash with valgrind as \"valgrind crash vmlinux vmcore\".",
+"",
" All of the alternate build commands above are \"sticky\" in that the",
" special \"make\" targets only have to be entered one time; all subsequent",
" builds will follow suit.",
diff --git a/tools.c b/tools.c
index 71bac6d0ee9a..e6978ae44ead 100644
--- a/tools.c
+++ b/tools.c
@@ -18,6 +18,11 @@
#include "defs.h"
#include <ctype.h>
+#ifdef VALGRIND
+#include <valgrind/valgrind.h>
+#include <valgrind/memcheck.h>
+#endif
+
static void print_number(struct number_option *, int, int);
static long alloc_hq_entry(void);
struct hq_entry;
@@ -5679,8 +5684,21 @@ buf_init(void)
bp->smallest = 0x7fffffff;
bp->total = 0.0;
-}
+#ifdef VALGRIND
+ VALGRIND_MAKE_MEM_NOACCESS(&bp->buf_1K, sizeof(bp->buf_1K));
+ VALGRIND_MAKE_MEM_NOACCESS(&bp->buf_2K, sizeof(bp->buf_2K));
+ VALGRIND_MAKE_MEM_NOACCESS(&bp->buf_4K, sizeof(bp->buf_4K));
+ VALGRIND_MAKE_MEM_NOACCESS(&bp->buf_8K, sizeof(bp->buf_8K));
+ VALGRIND_MAKE_MEM_NOACCESS(&bp->buf_32K, sizeof(bp->buf_32K));
+
+ VALGRIND_CREATE_MEMPOOL(&bp->buf_1K, 0, 1);
+ VALGRIND_CREATE_MEMPOOL(&bp->buf_2K, 0, 1);
+ VALGRIND_CREATE_MEMPOOL(&bp->buf_4K, 0, 1);
+ VALGRIND_CREATE_MEMPOOL(&bp->buf_8K, 0, 1);
+ VALGRIND_CREATE_MEMPOOL(&bp->buf_32K, 0, 1);
+#endif
+}
/*
* Free up all buffers used by the last command.
@@ -5707,6 +5725,26 @@ void free_all_bufs(void)
if (bp->mallocs != bp->frees)
error(WARNING, "malloc/free mismatch (%ld/%ld)\n",
bp->mallocs, bp->frees);
+
+#ifdef VALGRIND
+ VALGRIND_DESTROY_MEMPOOL(&bp->buf_1K);
+ VALGRIND_DESTROY_MEMPOOL(&bp->buf_2K);
+ VALGRIND_DESTROY_MEMPOOL(&bp->buf_4K);
+ VALGRIND_DESTROY_MEMPOOL(&bp->buf_8K);
+ VALGRIND_DESTROY_MEMPOOL(&bp->buf_32K);
+
+ VALGRIND_MAKE_MEM_NOACCESS(&bp->buf_1K, sizeof(bp->buf_1K));
+ VALGRIND_MAKE_MEM_NOACCESS(&bp->buf_2K, sizeof(bp->buf_2K));
+ VALGRIND_MAKE_MEM_NOACCESS(&bp->buf_4K, sizeof(bp->buf_4K));
+ VALGRIND_MAKE_MEM_NOACCESS(&bp->buf_8K, sizeof(bp->buf_8K));
+ VALGRIND_MAKE_MEM_NOACCESS(&bp->buf_32K, sizeof(bp->buf_32K));
+
+ VALGRIND_CREATE_MEMPOOL(&bp->buf_1K, 0, 1);
+ VALGRIND_CREATE_MEMPOOL(&bp->buf_2K, 0, 1);
+ VALGRIND_CREATE_MEMPOOL(&bp->buf_4K, 0, 1);
+ VALGRIND_CREATE_MEMPOOL(&bp->buf_8K, 0, 1);
+ VALGRIND_CREATE_MEMPOOL(&bp->buf_32K, 0, 1);
+#endif
}
/*
@@ -5731,6 +5769,9 @@ freebuf(char *addr)
for (i = 0; i < NUMBER_1K_BUFS; i++) {
if (addr == (char *)&bp->buf_1K[i]) {
bp->buf_inuse[B1K] &= ~(1 << i);
+#ifdef VALGRIND
+ VALGRIND_MEMPOOL_FREE(&bp->buf_1K, addr);
+#endif
return;
}
}
@@ -5738,6 +5779,9 @@ freebuf(char *addr)
for (i = 0; i < NUMBER_2K_BUFS; i++) {
if (addr == (char *)&bp->buf_2K[i]) {
bp->buf_inuse[B2K] &= ~(1 << i);
+#ifdef VALGRIND
+ VALGRIND_MEMPOOL_FREE(&bp->buf_2K, addr);
+#endif
return;
}
}
@@ -5745,6 +5789,9 @@ freebuf(char *addr)
for (i = 0; i < NUMBER_4K_BUFS; i++) {
if (addr == (char *)&bp->buf_4K[i]) {
bp->buf_inuse[B4K] &= ~(1 << i);
+#ifdef VALGRIND
+ VALGRIND_MEMPOOL_FREE(&bp->buf_4K, addr);
+#endif
return;
}
}
@@ -5752,6 +5799,9 @@ freebuf(char *addr)
for (i = 0; i < NUMBER_8K_BUFS; i++) {
if (addr == (char *)&bp->buf_8K[i]) {
bp->buf_inuse[B8K] &= ~(1 << i);
+#ifdef VALGRIND
+ VALGRIND_MEMPOOL_FREE(&bp->buf_8K, addr);
+#endif
return;
}
}
@@ -5759,6 +5809,9 @@ freebuf(char *addr)
for (i = 0; i < NUMBER_32K_BUFS; i++) {
if (addr == (char *)&bp->buf_32K[i]) {
bp->buf_inuse[B32K] &= ~(1 << i);
+#ifdef VALGRIND
+ VALGRIND_MEMPOOL_FREE(&bp->buf_32K, addr);
+#endif
return;
}
}
@@ -5924,6 +5977,9 @@ getbuf(long reqsize)
bp->buf_inuse[B1K] |= (1 << bdx);
bp->buf_1K_maxuse = MAX(bp->buf_1K_maxuse,
count_bits_int(bp->buf_inuse[B1K]));
+#ifdef VALGRIND
+ VALGRIND_MEMPOOL_ALLOC(&bp->buf_1K, bufp, 1024);
+#endif
BZERO(bufp, 1024);
return(bufp);
}
@@ -5938,6 +5994,9 @@ getbuf(long reqsize)
bp->buf_inuse[B2K] |= (1 << bdx);
bp->buf_2K_maxuse = MAX(bp->buf_2K_maxuse,
count_bits_int(bp->buf_inuse[B2K]));
+#ifdef VALGRIND
+ VALGRIND_MEMPOOL_ALLOC(&bp->buf_2K, bufp, 2048);
+#endif
BZERO(bufp, 2048);
return(bufp);
}
@@ -5952,6 +6011,9 @@ getbuf(long reqsize)
bp->buf_inuse[B4K] |= (1 << bdx);
bp->buf_4K_maxuse = MAX(bp->buf_4K_maxuse,
count_bits_int(bp->buf_inuse[B4K]));
+#ifdef VALGRIND
+ VALGRIND_MEMPOOL_ALLOC(&bp->buf_4K, bufp, 4096);
+#endif
BZERO(bufp, 4096);
return(bufp);
}
@@ -5966,6 +6028,9 @@ getbuf(long reqsize)
bp->buf_inuse[B8K] |= (1 << bdx);
bp->buf_8K_maxuse = MAX(bp->buf_8K_maxuse,
count_bits_int(bp->buf_inuse[B8K]));
+#ifdef VALGRIND
+ VALGRIND_MEMPOOL_ALLOC(&bp->buf_8K, bufp, 8192);
+#endif
BZERO(bufp, 8192);
return(bufp);
}
@@ -5980,6 +6045,9 @@ getbuf(long reqsize)
bp->buf_inuse[B32K] |= (1 << bdx);
bp->buf_32K_maxuse = MAX(bp->buf_32K_maxuse,
count_bits_int(bp->buf_inuse[B32K]));
+#ifdef VALGRIND
+ VALGRIND_MEMPOOL_ALLOC(&bp->buf_32K, bufp, 32768);
+#endif
BZERO(bufp, 32768);
return(bufp);
}
--
2.29.2

View File

@ -0,0 +1,106 @@
From 9d476851b2525522b71219578c14aee3c4580cae Mon Sep 17 00:00:00 2001
From: HATAYAMA Daisuke <d.hatayama@fujitsu.com>
Date: Thu, 4 Mar 2021 20:20:29 +0900
Subject: [PATCH 5/6] symbols: Fix potential read to already freed object
valgrind detects the following potential invalid read to some already
freed object:
Invalid read of size 4
at 0x539641: datatype_info (symbols.c:5791)
by 0x4EC8B1: dump_variable_length_record_log (kernel.c:5313)
by 0x4EC8B1: dump_log (kernel.c:5042)
by 0x4C5A25: get_panicmsg (task.c:6275)
by 0x4F3E71: display_sys_stats (kernel.c:5645)
by 0x464BC7: main_loop (main.c:797)
by 0x6BF262: captured_command_loop (main.c:258)
by 0x6BD869: catch_errors (exceptions.c:557)
by 0x6C02E5: captured_main (main.c:1064)
by 0x6BD869: catch_errors (exceptions.c:557)
by 0x6C0596: gdb_main (main.c:1079)
by 0x6C0596: gdb_main_entry (main.c:1099)
by 0x46316F: main (main.c:708)
Address 0xb498c8 is 72 bytes inside a block of size 1,024 free'd
at 0x471261: freebuf (tools.c:5766)
by 0x53946B: datatype_info (symbols.c:5747)
by 0x4FEA2A: net_init (net.c:173)
by 0x464A55: main_loop (main.c:777)
by 0x6BF262: captured_command_loop (main.c:258)
by 0x6BD869: catch_errors (exceptions.c:557)
by 0x6C02E5: captured_main (main.c:1064)
by 0x6BD869: catch_errors (exceptions.c:557)
by 0x6C0596: gdb_main (main.c:1079)
by 0x6C0596: gdb_main_entry (main.c:1099)
by 0x46316F: main (main.c:708)
Block was alloc'd at
at 0x471C80: getbuf (tools.c:5965)
by 0x5392B7: datatype_info (symbols.c:5624)
by 0x4FEA2A: net_init (net.c:173)
by 0x464A55: main_loop (main.c:777)
by 0x6BF262: captured_command_loop (main.c:258)
by 0x6BD869: catch_errors (exceptions.c:557)
by 0x6C02E5: captured_main (main.c:1064)
by 0x6BD869: catch_errors (exceptions.c:557)
by 0x6C0596: gdb_main (main.c:1079)
by 0x6C0596: gdb_main_entry (main.c:1099)
by 0x46316F: main (main.c:708)
This was caused by the fact that in datatype_info(), the object
associated with the variable req is freed too early although it's
still be referred to after the freeing.
Fix this by changing the way allocating the object from by GETBUF() to
by allocation on stack, which simplifies the code because explicit
free() operations are unnecessary.
Signed-off-by: HATAYAMA Daisuke <d.hatayama@fujitsu.com>
---
symbols.c | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/symbols.c b/symbols.c
index ed5f731fa1b3..215d523fb325 100644
--- a/symbols.c
+++ b/symbols.c
@@ -5611,7 +5611,7 @@ datatype_init(void)
long
datatype_info(char *name, char *member, struct datatype_member *dm)
{
- struct gnu_request *req;
+ struct gnu_request request, *req = &request;
long offset, size, member_size;
int member_typecode;
ulong type_found;
@@ -5625,7 +5625,7 @@ datatype_info(char *name, char *member, struct datatype_member *dm)
strcpy(buf, name);
- req = (struct gnu_request *)GETBUF(sizeof(struct gnu_request));
+ BZERO(req, sizeof(*req));
req->command = GNU_GET_DATATYPE;
req->flags |= GNU_RETURN_ON_ERROR;
req->name = buf;
@@ -5633,10 +5633,8 @@ datatype_info(char *name, char *member, struct datatype_member *dm)
req->fp = pc->nullfp;
gdb_interface(req);
- if (req->flags & GNU_COMMAND_FAILED) {
- FREEBUF(req);
+ if (req->flags & GNU_COMMAND_FAILED)
return (dm == MEMBER_TYPE_NAME_REQUEST) ? 0 : -1;
- }
if (!req->typecode) {
sprintf(buf, "struct %s", name);
@@ -5748,8 +5746,6 @@ datatype_info(char *name, char *member, struct datatype_member *dm)
break;
}
- FREEBUF(req);
-
if (dm && (dm != MEMBER_SIZE_REQUEST) && (dm != MEMBER_TYPE_REQUEST) &&
(dm != STRUCT_SIZE_REQUEST) && (dm != MEMBER_TYPE_NAME_REQUEST)) {
dm->type = type_found;
--
2.29.2

View File

@ -0,0 +1,64 @@
From 9c0c6c1b3750beafe4ac6a5441c2dbe26157d548 Mon Sep 17 00:00:00 2001
From: HATAYAMA Daisuke <d.hatayama@fujitsu.com>
Date: Thu, 4 Mar 2021 20:20:30 +0900
Subject: [PATCH 6/6] tools: Fix potential write to object of 0 size
valgrind detects the following invalid write on the call of strcpy():
Invalid write of size 1
at 0x483CCFE: strcpy (vg_replace_strmem.c:511)
by 0x47202B: extract_hex (tools.c:1152)
by 0x5104ED: search_for_switch_to (x86_64.c:6342)
by 0x51D6EE: x86_64_thread_return_init (x86_64.c:6368)
by 0x51D6EE: x86_64_init (x86_64.c:721)
by 0x464A2D: main_loop (main.c:770)
by 0x6BF1B2: captured_command_loop (main.c:258)
by 0x6BD7B9: catch_errors (exceptions.c:557)
by 0x6C0235: captured_main (main.c:1064)
by 0x6BD7B9: catch_errors (exceptions.c:557)
by 0x6C04E6: gdb_main (main.c:1079)
by 0x6C04E6: gdb_main_entry (main.c:1099)
by 0x46316F: main (main.c:708)
Address 0x2b439eb8 is 0 bytes after a block of size 40 alloc'd
at 0x483BAE9: calloc (vg_replace_malloc.c:760)
by 0x471794: getbuf (tools.c:6036)
by 0x47201D: extract_hex (tools.c:1151)
by 0x5104ED: search_for_switch_to (x86_64.c:6342)
by 0x51D6EE: x86_64_thread_return_init (x86_64.c:6368)
by 0x51D6EE: x86_64_init (x86_64.c:721)
by 0x464A2D: main_loop (main.c:770)
by 0x6BF1B2: captured_command_loop (main.c:258)
by 0x6BD7B9: catch_errors (exceptions.c:557)
by 0x6C0235: captured_main (main.c:1064)
by 0x6BD7B9: catch_errors (exceptions.c:557)
by 0x6C04E6: gdb_main (main.c:1079)
by 0x6C04E6: gdb_main_entry (main.c:1099)
by 0x46316F: main (main.c:708)
This is due to strcpy() receives empty string in its 1st argument
because the size of the buffer associated with buf variable then is of
size 0 due to lack of consideration of the terminal '\0' byte.
Fix this by +1 to the buffer size for the terminal '\0' byte.
Signed-off-by: HATAYAMA Daisuke <d.hatayama@fujitsu.com>
---
tools.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools.c b/tools.c
index e6978ae44ead..a26b101f6481 100644
--- a/tools.c
+++ b/tools.c
@@ -1150,7 +1150,7 @@ extract_hex(char *s, ulong *result, char stripchar, ulong first_instance)
ulong value;
char *buf;
- buf = GETBUF(strlen(s));
+ buf = GETBUF(strlen(s) + 1);
strcpy(buf, s);
argc = parse_line(buf, arglist);
--
2.29.2

View File

@ -4,36 +4,41 @@
Summary: Kernel analysis utility for live systems, netdump, diskdump, kdump, LKCD or mcore dumpfiles Summary: Kernel analysis utility for live systems, netdump, diskdump, kdump, LKCD or mcore dumpfiles
Name: crash Name: crash
Version: 7.2.9 Version: 7.2.9
Release: 4%{?dist} Release: 5%{?dist}
License: GPLv3 License: GPLv3
Source0: https://github.com/crash-utility/crash/archive/crash-%{version}.tar.gz Source0: https://github.com/crash-utility/crash/archive/crash-%{version}.tar.gz
Source1: http://ftp.gnu.org/gnu/gdb/gdb-7.6.tar.gz Source1: http://ftp.gnu.org/gnu/gdb/gdb-7.6.tar.gz
URL: https://crash-utility.github.io URL: https://crash-utility.github.io
ExclusiveOS: Linux ExclusiveOS: Linux
ExclusiveArch: %{ix86} ia64 x86_64 ppc ppc64 s390 s390x %{arm} aarch64 ppc64le ExclusiveArch: %{ix86} ia64 x86_64 ppc ppc64 s390 s390x %{arm} aarch64 ppc64le
BuildRequires: ncurses-devel zlib-devel lzo-devel snappy-devel bison readline-devel BuildRequires: ncurses-devel zlib-devel lzo-devel snappy-devel bison
BuildRequires: gcc gcc-c++ BuildRequires: gcc gcc-c++
BuildRequires: make BuildRequires: make
Requires: binutils Requires: binutils
Provides: bundled(libiberty) Provides: bundled(libiberty)
Provides: bundled(gdb) = 7.6 Provides: bundled(gdb) = 7.6
Patch0: lzo_snappy.patch Patch0: lzo_snappy.patch
Patch1: use_system_readline_v3.patch Patch1: printk-add-support-for-lockless-ringbuffer.patch
Patch2: printk-add-support-for-lockless-ringbuffer.patch Patch2: printk-use-committed-finalized-state-values.patch
Patch3: printk-use-committed-finalized-state-values.patch Patch3: 0001-x86_64-VC-exception-stack-support.patch
Patch4: 0001-x86_64-VC-exception-stack-support.patch Patch4: 0002-netdump-fix-regression-for-raw-RAM-dumpfiles.patch
Patch5: 0002-netdump-fix-regression-for-raw-RAM-dumpfiles.patch Patch5: 0003-arm64-update-mapping-symbol-filter-in-arm64_verify_s.patch
Patch6: 0003-arm64-update-mapping-symbol-filter-in-arm64_verify_s.patch Patch6: 0004-extensions-eppic.mk-move-ping-check-to-recipe-script.patch
Patch7: 0004-extensions-eppic.mk-move-ping-check-to-recipe-script.patch Patch7: 0005-Fix-segmentation-fault-when-ikconfig-passed-nonstand.patch
Patch8: 0005-Fix-segmentation-fault-when-ikconfig-passed-nonstand.patch Patch8: 0006-netdump-fix-illegal-read-from-already-freed-buffer.patch
Patch9: 0006-netdump-fix-illegal-read-from-already-freed-buffer.patch Patch9: 0007-tools-fix-potential-source-and-destination-overlap-w.patch
Patch10: 0007-tools-fix-potential-source-and-destination-overlap-w.patch Patch10: 0008-set-add-ability-to-un-set-scope.patch
Patch11: 0008-set-add-ability-to-un-set-scope.patch Patch11: 0009-Fix-sys-t-mod-S-after-mod-t-when-crash-runs-with-s-o.patch
Patch12: 0009-Fix-sys-t-mod-S-after-mod-t-when-crash-runs-with-s-o.patch Patch12: 0010-Fix-dev-d-option-on-Linux-5.11-rc1-and-later-kernels.patch
Patch13: 0010-Fix-dev-d-option-on-Linux-5.11-rc1-and-later-kernels.patch Patch13: 0011-Fix-kmem-v-option-on-Linux-5.11-rc1-and-later-kernel.patch
Patch14: 0011-Fix-kmem-v-option-on-Linux-5.11-rc1-and-later-kernel.patch Patch14: 0012-mod-Show-the-base-address-of-module.patch
Patch15: 0012-mod-Show-the-base-address-of-module.patch Patch15: 0013-xen-increase-__PHYSICAL_MASK_SHIFT_XEN-to-52.patch
Patch16: 0013-xen-increase-__PHYSICAL_MASK_SHIFT_XEN-to-52.patch Patch16: 0014-log-change-log-level-print-in-older-kernels.patch
Patch17: 0015-Makefile-reduce-crash-build-log.patch
Patch18: 0016-x86_64-fix-bt-command-on-5.12-rc1-and-later-kernels.patch
Patch19: 0017-Add-valgrind-support-for-the-crash-s-custom-memory-a.patch
Patch20: 0018-symbols-Fix-potential-read-to-already-freed-object.patch
Patch21: 0019-tools-Fix-potential-write-to-object-of-0-size.patch
%description %description
The core analysis suite is a self-contained tool that can be used to The core analysis suite is a self-contained tool that can be used to
@ -54,9 +59,9 @@ offered by Mission Critical Linux, or the LKCD kernel patch.
%prep %prep
%setup -n %{name}-%{version} -q %setup -n %{name}-%{version} -q
%patch0 -p1 -b lzo_snappy.patch %patch0 -p1 -b lzo_snappy.patch
%patch1 -p1 -b use_system_readline_v3.patch %patch1 -p1 -b printk-add-support-for-lockless-ringbuffer.patch
%patch2 -p1 -b printk-add-support-for-lockless-ringbuffer.patch %patch2 -p1 -b printk-use-committed-finalized-state-values.patch
%patch3 -p1 -b printk-use-committed-finalized-state-values.patch %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6 -p1 %patch6 -p1
@ -70,6 +75,11 @@ offered by Mission Critical Linux, or the LKCD kernel patch.
%patch14 -p1 %patch14 -p1
%patch15 -p1 %patch15 -p1
%patch16 -p1 %patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%build %build
# This package has an internal copy of GDB which has broken configure code for # This package has an internal copy of GDB which has broken configure code for
@ -101,6 +111,10 @@ cp -p defs.h %{buildroot}%{_includedir}/crash
%{_includedir}/* %{_includedir}/*
%changelog %changelog
* Mon Mar 08 2021 Lianbo Jiang <lijiang@redhat.com> - 7.2.9-5
- Fix Segmentation fault
- Update to the latest upstream: commit <9c0c6c1b3750>
* Fri Feb 05 2021 Lianbo Jiang <lijiang@redhat.com> - 7.2.9-4 * Fri Feb 05 2021 Lianbo Jiang <lijiang@redhat.com> - 7.2.9-4
- Update to the latest upstream: commit <fdb41f0b6fa4> - Update to the latest upstream: commit <fdb41f0b6fa4>