import crash-7.3.0-3.el8

SOURCES/0001-Fix-for-kmem-s-S-option-on-Linux-5.7-and-later-kerne.patch

@@ -0,0 +1,58 @@
+From 647a5c33e1c94054d7b63168cd6c12901591cb77 Mon Sep 17 00:00:00 2001
+From: Lianbo Jiang <lijiang@redhat.com>
+Date: Thu, 27 May 2021 18:02:11 +0800
+Subject: [PATCH] Fix for "kmem -s|-S" option on Linux 5.7 and later kernels
+
+Linux 5.7 and later kernels that contain kernel commit 1ad53d9fa3f6
+("slub: improve bit diffusion for freelist ptr obfuscation") changed
+the calculation formula in the freelist_ptr(), which added a swab()
+call to mix bits a little more.  When kernel is configured with the
+"CONFIG_SLAB_FREELIST_HARDENED=y", without the patch, the "kmem -s|-S"
+options display wrong statistics and state whether slab objects are
+in use or free and can print the following errors:
+
+  crash> kmem -s
+  CACHE             OBJSIZE  ALLOCATED     TOTAL  SLABS  SSIZE  NAME
+  87201e00              528          0         0      0     8k  xfs_dqtrx
+  87201f00              496          0         0      0     8k  xfs_dquot
+  kmem: xfs_buf: slab: 37202e6e900 invalid freepointer: b844bab900001d70
+  kmem: xfs_buf: slab: 3720250fd80 invalid freepointer: b8603f9400001370
+  ...
+
+Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
+---
+ memory.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/memory.c b/memory.c
+index 8c6bbe409922..a3cf8a86728d 100644
+--- a/memory.c
++++ b/memory.c
+@@ -20,6 +20,7 @@
+ #include <sys/mman.h>
+ #include <ctype.h>
+ #include <netinet/in.h>
++#include <byteswap.h>
+ 
+ struct meminfo {           /* general purpose memory information structure */
+         ulong cache;       /* used by the various memory searching/dumping */
+@@ -19336,10 +19337,14 @@ count_free_objects(struct meminfo *si, ulong freelist)
+ static ulong
+ freelist_ptr(struct meminfo *si, ulong ptr, ulong ptr_addr)
+ {
+-	if (VALID_MEMBER(kmem_cache_random))
++	if (VALID_MEMBER(kmem_cache_random)) {
+ 		/* CONFIG_SLAB_FREELIST_HARDENED */
++
++		if (THIS_KERNEL_VERSION >= LINUX(5,7,0))
++			ptr_addr = (sizeof(long) == 8) ? bswap_64(ptr_addr)
++						       : bswap_32(ptr_addr);
+ 		return (ptr ^ si->random ^ ptr_addr);
+-	else
++	} else
+ 		return ptr;
+ }
+ 
+-- 
+2.30.2
+

SOURCES/0002-Fix-waitq-command-for-Linux-4.13-and-later-kernels.patch

@@ -0,0 +1,132 @@
+From eaf14f852ae79f7745934e213661f1c6abac711e Mon Sep 17 00:00:00 2001
+From: Greg Edwards <gedwards@ddn.com>
+Date: Wed, 23 Jun 2021 13:50:47 -0600
+Subject: [PATCH] Fix 'waitq' command for Linux 4.13 and later kernels
+
+The wait queue structs and members were renamed in 4.13 in commits:
+
+  ac6424b981bc ("sched/wait: Rename wait_queue_t => wait_queue_entry_t")
+  9d9d676f595b ("sched/wait: Standardize internal naming of wait-queue heads")
+  2055da97389a ("sched/wait: Disambiguate wq_entry->task_list and wq_head->task_list naming")
+
+Add support to the 'waitq' command for these more recent kernels.
+
+[ kh: suppressed compilation warnings ]
+
+Signed-off-by: Greg Edwards <gedwards@ddn.com>
+Signed-off-by: Kazuhito Hagio <k-hagio-ab@nec.com>
+Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
+---
+ defs.h    |  4 ++++
+ kernel.c  | 27 +++++++++++++++++++++++----
+ symbols.c | 10 +++++++++-
+ 3 files changed, 36 insertions(+), 5 deletions(-)
+
+diff --git a/defs.h b/defs.h
+index 42c8074e6ac6..6bb00e29d811 100644
+--- a/defs.h
++++ b/defs.h
+@@ -2138,6 +2138,9 @@ struct offset_table {                    /* stash of commonly-used offsets */
+ 	long atomic_long_t_counter;
+ 	long block_device_bd_device;
+ 	long block_device_bd_stats;
++	long wait_queue_entry_private;
++	long wait_queue_head_head;
++	long wait_queue_entry_entry;
+ };
+ 
+ struct size_table {         /* stash of commonly-used sizes */
+@@ -2300,6 +2303,7 @@ struct size_table {         /* stash of commonly-used sizes */
+ 	long printk_info;
+ 	long printk_ringbuffer;
+ 	long prb_desc;
++	long wait_queue_entry;
+ };
+ 
+ struct array_table {
+diff --git a/kernel.c b/kernel.c
+index 528f6ee524f6..e123f760e036 100644
+--- a/kernel.c
++++ b/kernel.c
+@@ -615,7 +615,15 @@ kernel_init()
+ 		kt->flags |= TVEC_BASES_V1;
+ 
+         STRUCT_SIZE_INIT(__wait_queue, "__wait_queue");
+-        if (VALID_STRUCT(__wait_queue)) {
++	STRUCT_SIZE_INIT(wait_queue_entry, "wait_queue_entry");
++	if (VALID_STRUCT(wait_queue_entry)) {
++		MEMBER_OFFSET_INIT(wait_queue_entry_private,
++			"wait_queue_entry", "private");
++		MEMBER_OFFSET_INIT(wait_queue_head_head,
++			"wait_queue_head", "head");
++		MEMBER_OFFSET_INIT(wait_queue_entry_entry,
++			"wait_queue_entry", "entry");
++	} else if (VALID_STRUCT(__wait_queue)) {
+ 		if (MEMBER_EXISTS("__wait_queue", "task"))
+ 			MEMBER_OFFSET_INIT(__wait_queue_task,
+ 				"__wait_queue", "task");
+@@ -9367,9 +9375,9 @@ dump_waitq(ulong wq, char *wq_name)
+ 	struct list_data list_data, *ld;
+ 	ulong *wq_list;			/* addr of wait queue element */
+ 	ulong next_offset;		/* next pointer of wq element */
+-	ulong task_offset;		/* offset of task in wq element */
++	ulong task_offset = 0;		/* offset of task in wq element */
+ 	int cnt;			/* # elems on Queue */
+-	int start_index;		/* where to start in wq array */
++	int start_index = -1;		/* where to start in wq array */
+ 	int i;
+ 
+ 	ld = &list_data;
+@@ -9397,9 +9405,20 @@ dump_waitq(ulong wq, char *wq_name)
+                 ld->list_head_offset = OFFSET(__wait_queue_task_list);
+                 ld->member_offset = next_offset;
+ 
++		start_index = 1;
++	} else if (VALID_STRUCT(wait_queue_entry)) {
++		ulong head_offset;
++
++		next_offset = OFFSET(list_head_next);
++		task_offset = OFFSET(wait_queue_entry_private);
++		head_offset = OFFSET(wait_queue_head_head);
++		ld->end = ld->start = wq + head_offset + next_offset;
++		ld->list_head_offset = OFFSET(wait_queue_entry_entry);
++		ld->member_offset = next_offset;
++
+ 		start_index = 1;
+ 	} else {
+-		return;
++		error(FATAL, "cannot determine wait queue structures\n");
+ 	}
+ 
+ 	hq_open();
+diff --git a/symbols.c b/symbols.c
+index 370d4c3e8ac0..67c135f12984 100644
+--- a/symbols.c
++++ b/symbols.c
+@@ -9817,7 +9817,13 @@ dump_offset_table(char *spec, ulong makestruct)
+         	OFFSET(__wait_queue_head_task_list));
+         fprintf(fp, "        __wait_queue_task_list: %ld\n", 
+         	OFFSET(__wait_queue_task_list));
+- 
++	fprintf(fp, "      wait_queue_entry_private: %ld\n",
++		OFFSET(wait_queue_entry_private));
++	fprintf(fp, "          wait_queue_head_head: %ld\n",
++		OFFSET(wait_queue_head_head));
++	fprintf(fp, "        wait_queue_entry_entry: %ld\n",
++		OFFSET(wait_queue_entry_entry));
++
+ 	fprintf(fp, "        pglist_data_node_zones: %ld\n",
+ 		OFFSET(pglist_data_node_zones));
+ 	fprintf(fp, "      pglist_data_node_mem_map: %ld\n",
+@@ -10717,6 +10723,8 @@ dump_offset_table(char *spec, ulong makestruct)
+ 	fprintf(fp, "                    wait_queue: %ld\n", SIZE(wait_queue));
+ 	fprintf(fp, "                  __wait_queue: %ld\n", 
+ 		SIZE(__wait_queue));
++	fprintf(fp, "              wait_queue_entry: %ld\n",
++		SIZE(wait_queue_entry));
+ 	fprintf(fp, "                        device: %ld\n", SIZE(device));
+ 	fprintf(fp, "                    net_device: %ld\n", SIZE(net_device));
+ 
+-- 
+2.30.2
+

SOURCES/0003-Handle-task_struct-state-member-changes-for-kernels-.patch

@@ -0,0 +1,76 @@
+From d6b4f36d6b22b70fb14e692f36d20910ef5563c1 Mon Sep 17 00:00:00 2001
+From: Alexander Egorenkov <egorenar@linux.ibm.com>
+Date: Tue, 29 Jun 2021 08:39:00 +0200
+Subject: [PATCH] Handle task_struct state member changes for kernels >=
+ 5.14-rc1
+
+Kernel commit 2f064a59a11ff9bc22e52e9678bc601404c7cb34 ("sched: Change
+task_struct::state") renamed the member state of task_struct to __state
+and its type changed from long to unsigned int.  Without the patch,
+crash fails to start up with the following error:
+
+  crash: invalid structure member offset: task_struct_state
+         FILE: task.c  LINE: 5929  FUNCTION: task_state()
+
+Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
+---
+ defs.h    |  1 +
+ symbols.c |  1 +
+ task.c    | 10 +++++++++-
+ 3 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/defs.h b/defs.h
+index 6bb00e29d811..5d32954905c2 100644
+--- a/defs.h
++++ b/defs.h
+@@ -2304,6 +2304,7 @@ struct size_table {         /* stash of commonly-used sizes */
+ 	long printk_ringbuffer;
+ 	long prb_desc;
+ 	long wait_queue_entry;
++	long task_struct_state;
+ };
+ 
+ struct array_table {
+diff --git a/symbols.c b/symbols.c
+index 67c135f12984..bf6d94db84af 100644
+--- a/symbols.c
++++ b/symbols.c
+@@ -10678,6 +10678,7 @@ dump_offset_table(char *spec, ulong makestruct)
+ 		SIZE(page_cache_bucket));
+         fprintf(fp, "                       pt_regs: %ld\n", SIZE(pt_regs));
+         fprintf(fp, "                   task_struct: %ld\n", SIZE(task_struct));
++	fprintf(fp, "             task_struct_state: %ld\n", SIZE(task_struct_state));
+         fprintf(fp, "             task_struct_flags: %ld\n", SIZE(task_struct_flags));
+         fprintf(fp, "            task_struct_policy: %ld\n", SIZE(task_struct_policy));
+         fprintf(fp, "                   thread_info: %ld\n", SIZE(thread_info));
+diff --git a/task.c b/task.c
+index 36cf259e5d7b..672b41697e75 100644
+--- a/task.c
++++ b/task.c
+@@ -297,6 +297,11 @@ task_init(void)
+ 	}
+ 
+         MEMBER_OFFSET_INIT(task_struct_state, "task_struct", "state");
++	MEMBER_SIZE_INIT(task_struct_state, "task_struct", "state");
++	if (INVALID_MEMBER(task_struct_state)) {
++		MEMBER_OFFSET_INIT(task_struct_state, "task_struct", "__state");
++		MEMBER_SIZE_INIT(task_struct_state, "task_struct", "__state");
++	}
+         MEMBER_OFFSET_INIT(task_struct_exit_state, "task_struct", "exit_state");
+         MEMBER_OFFSET_INIT(task_struct_pid, "task_struct", "pid");
+         MEMBER_OFFSET_INIT(task_struct_comm, "task_struct", "comm");
+@@ -5926,7 +5931,10 @@ task_state(ulong task)
+ 	if (!tt->last_task_read)
+ 		return 0;
+ 
+-	state = ULONG(tt->task_struct + OFFSET(task_struct_state));
++	if (SIZE(task_struct_state) == sizeof(ulong))
++		state = ULONG(tt->task_struct + OFFSET(task_struct_state));
++	else
++		state = UINT(tt->task_struct + OFFSET(task_struct_state));
+ 	exit_state = VALID_MEMBER(task_struct_exit_state) ?
+ 		ULONG(tt->task_struct + OFFSET(task_struct_exit_state)) : 0;
+ 
+-- 
+2.30.2
+

SOURCES/0004-Handle-task_struct-cpu-member-changes-for-kernels-5..patch

@@ -0,0 +1,56 @@
+From 488a59f85a57961fb0527aac40ae30fc7a17a24c Mon Sep 17 00:00:00 2001
+From: Alexander Egorenkov <egorenar@linux.ibm.com>
+Date: Wed, 13 Oct 2021 10:56:39 +0200
+Subject: [PATCH] Handle task_struct cpu member changes for kernels >= 5.16-rc1
+
+Kernel commit bcf9033e5449bdcaa9bed46467a7141a8049dadb
+("sched: move CPU field back into thread_info if THREAD_INFO_IN_TASK=y")
+moved the member cpu of task_struct back into thread_info.
+Without the patch, crash fails with the following error message
+during session initialization:
+
+  crash: invalid structure member offset: task_struct_cpu
+         FILE: task.c  LINE: 2904  FUNCTION: add_context()
+
+Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
+Signed-off-by: Kazuhito Hagio <k-hagio-ab@nec.com>
+---
+ task.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/task.c b/task.c
+index 672b41697e75..bb6a5da8ad33 100644
+--- a/task.c
++++ b/task.c
+@@ -278,8 +278,10 @@ task_init(void)
+ 	} else if (VALID_MEMBER(task_struct_stack))
+ 		MEMBER_OFFSET_INIT(task_struct_thread_info, "task_struct", "stack");
+ 
++	MEMBER_OFFSET_INIT(task_struct_cpu, "task_struct", "cpu");
++
+ 	if (VALID_MEMBER(task_struct_thread_info)) {
+-		if (tt->flags & THREAD_INFO_IN_TASK) {
++		if (tt->flags & THREAD_INFO_IN_TASK && VALID_MEMBER(task_struct_cpu)) {
+ 			MEMBER_OFFSET_INIT(thread_info_flags, "thread_info", "flags");
+ 			/* (unnecessary) reminders */
+ 			ASSIGN_OFFSET(thread_info_task) = INVALID_OFFSET;
+@@ -315,7 +317,6 @@ task_init(void)
+         MEMBER_OFFSET_INIT(task_struct_has_cpu, "task_struct", "has_cpu");
+         MEMBER_OFFSET_INIT(task_struct_cpus_runnable,  
+ 		"task_struct", "cpus_runnable");
+-	MEMBER_OFFSET_INIT(task_struct_cpu, "task_struct", "cpu");
+ 	MEMBER_OFFSET_INIT(task_struct_active_mm, "task_struct", "active_mm");
+ 	MEMBER_OFFSET_INIT(task_struct_next_run, "task_struct", "next_run");
+ 	MEMBER_OFFSET_INIT(task_struct_flags, "task_struct", "flags");
+@@ -2900,7 +2901,7 @@ add_context(ulong task, char *tp)
+ 		else
+ 			tc->thread_info = ULONG(tp + OFFSET(task_struct_thread_info));
+ 		fill_thread_info(tc->thread_info);
+-		if (tt->flags & THREAD_INFO_IN_TASK)
++		if (tt->flags & THREAD_INFO_IN_TASK && VALID_MEMBER(task_struct_cpu))
+                 	processor_addr = (int *) (tp + OFFSET(task_struct_cpu));
+ 		else
+ 			processor_addr = (int *) (tt->thread_info + 
+-- 
+2.30.2
+

SOURCES/0005-Fix-live-debugging-with-lockdown-integrity.patch

@@ -0,0 +1,57 @@
+From e90c0011d6e9476104c4c43aa76d2d0830a15946 Mon Sep 17 00:00:00 2001
+From: Philipp Rudo <prudo@redhat.com>
+Date: Tue, 9 Nov 2021 14:52:22 +0100
+Subject: [PATCH] Fix live debugging with lockdown=integrity
+
+With kernel lockdown the access to kernel interfaces that allow to
+extract confidential information (lockdown=confidentiality) or modify a
+running kernel (lockdown=integrity) can be restricted. Two of the
+interfaces that can be restricted are /dev/mem (integrity &
+confidentiality) and /proc/kcore (confidentiality). With
+lockdown=integrity this leads to a situation where /dev/mem exists but
+is not readable while /proc/kcore exists and is readable. This breaks
+crash's live debugging when it is invoked without argument, i.e.
+
+$ crash
+[...]
+crash: /dev/mem: Operation not permitted
+
+while passing /proc/kcore as image succeeds. The reason for this is that
+crash always picks /dev/mem as source when it exits but doesn't check if
+it is readable. Fix this by only selecting /dev/mem when it is readable.
+
+Signed-off-by: Philipp Rudo <prudo@redhat.com>
+---
+ filesys.c | 2 +-
+ main.c    | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/filesys.c b/filesys.c
+index 3361b6c12ed3..43cbe826fc79 100644
+--- a/filesys.c
++++ b/filesys.c
+@@ -3666,7 +3666,7 @@ get_live_memory_source(void)
+ 	if (pc->live_memsrc)
+ 		goto live_report;
+ 
+-	if (file_exists("/dev/mem", NULL))
++	if (file_readable("/dev/mem"))
+ 		pc->live_memsrc = "/dev/mem";
+ 	else if (file_exists("/proc/kcore", NULL)) {
+ 		pc->flags &= ~DEVMEM;
+diff --git a/main.c b/main.c
+index 388ac46c3834..dfd343cd9dd4 100644
+--- a/main.c
++++ b/main.c
+@@ -1119,7 +1119,7 @@ setup_environment(int argc, char **argv)
+ 	pc->flags2 |= REDZONE;
+ 	pc->confd = -2;
+ 	pc->machine_type = MACHINE_TYPE;
+-	if (file_exists("/dev/mem", NULL)) {     /* defaults until argv[] is parsed */
++	if (file_readable("/dev/mem")) {     /* defaults until argv[] is parsed */
+ 		pc->readmem = read_dev_mem;
+ 		pc->writemem = write_dev_mem;
+ 	} else if (file_exists("/proc/kcore", NULL)) {
+-- 
+2.30.2
+

SOURCES/rhel8_freepointer.patch

@@ -0,0 +1,29 @@
+From e09e3c038c853f9a332cf05a17e5fdee1c7837e0 Mon Sep 17 00:00:00 2001
+From: Lianbo Jiang <lijiang@redhat.com>
+Date: Thu, 18 Nov 2021 09:55:45 +0800
+Subject: [PATCH] fix freepointer issue
+
+Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
+---
+ memory.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/memory.c b/memory.c
+index a3cf8a86728d..81db9c7bee9f 100644
+--- a/memory.c
++++ b/memory.c
+@@ -19340,9 +19340,8 @@ freelist_ptr(struct meminfo *si, ulong ptr, ulong ptr_addr)
+ 	if (VALID_MEMBER(kmem_cache_random)) {
+ 		/* CONFIG_SLAB_FREELIST_HARDENED */
+ 
+-		if (THIS_KERNEL_VERSION >= LINUX(5,7,0))
+-			ptr_addr = (sizeof(long) == 8) ? bswap_64(ptr_addr)
+-						       : bswap_32(ptr_addr);
++		ptr_addr = (sizeof(long) == 8) ? bswap_64(ptr_addr)
++					       : bswap_32(ptr_addr);
+ 		return (ptr ^ si->random ^ ptr_addr);
+ 	} else
+ 		return ptr;
+-- 
+2.30.2
+

SPECS/crash.spec

@@ -4,7 +4,7 @@
 Summary: Kernel analysis utility for live systems, netdump, diskdump, kdump, LKCD or mcore dumpfiles
 Name: crash
 Version: 7.3.0
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv3
 Group: Development/Debuggers
 Source0: https://github.com/crash-utility/crash/archive/crash-%{version}.tar.gz
@@ -19,6 +19,12 @@ Provides: bundled(gdb) = 7.6
 Patch0: lzo_snappy.patch
 Patch1: rhel8_build.patch
 Patch2: rhel8_arm64_52_bit_fix.patch
+Patch3: 0001-Fix-for-kmem-s-S-option-on-Linux-5.7-and-later-kerne.patch
+Patch4: 0002-Fix-waitq-command-for-Linux-4.13-and-later-kernels.patch
+Patch5: 0003-Handle-task_struct-state-member-changes-for-kernels-.patch
+Patch6: 0004-Handle-task_struct-cpu-member-changes-for-kernels-5..patch
+Patch7: 0005-Fix-live-debugging-with-lockdown-integrity.patch
+Patch8: rhel8_freepointer.patch
 
 %description
 The core analysis suite is a self-contained tool that can be used to
@@ -42,6 +48,12 @@ offered by Mission Critical Linux, or the LKCD kernel patch.
 %patch0 -p1 -b lzo_snappy.patch
 %patch1 -p1 -b rhel8_build.patch
 %patch2 -p1 -b rhel8_arm64_52_bit_fix.patch
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
 
 %build
 cp %{SOURCE1} .
@@ -72,6 +84,13 @@ rm -rf %{buildroot}
 %{_includedir}/*
 
 %changelog
+* Thu Nov 18 2021 Lianbo Jiang <lijiang@redhat.com> - 7.3.0-3
+- Fix for "sched: Change task_struct::state"
+- Fix for "sched: move CPU field back into thread_info if THREAD_INFO_IN_TASK=y"
+- Fix live debugging with lockdown=integrity
+- Fix 'waitq' command for Linux 4.13 and later kernels
+- Fix for "kmem -s|-S" option on Linux 5.7 and later kernels
+
 * Fri May 14 2021 Lianbo Jiang <lijiang@redhat.com> - 7.3.0-2
 - Update the sha512 hash in the sources file to solve the
   compilation issues