import crash-7.3.0-3.el8

This commit is contained in:
CentOS Sources 2021-11-24 04:20:29 +00:00 committed by Stepan Oksanichenko
parent d1e5150f0d
commit c47edcc3c1
7 changed files with 428 additions and 1 deletions

View File

@ -0,0 +1,58 @@
From 647a5c33e1c94054d7b63168cd6c12901591cb77 Mon Sep 17 00:00:00 2001
From: Lianbo Jiang <lijiang@redhat.com>
Date: Thu, 27 May 2021 18:02:11 +0800
Subject: [PATCH] Fix for "kmem -s|-S" option on Linux 5.7 and later kernels
Linux 5.7 and later kernels that contain kernel commit 1ad53d9fa3f6
("slub: improve bit diffusion for freelist ptr obfuscation") changed
the calculation formula in the freelist_ptr(), which added a swab()
call to mix bits a little more. When kernel is configured with the
"CONFIG_SLAB_FREELIST_HARDENED=y", without the patch, the "kmem -s|-S"
options display wrong statistics and state whether slab objects are
in use or free and can print the following errors:
crash> kmem -s
CACHE OBJSIZE ALLOCATED TOTAL SLABS SSIZE NAME
87201e00 528 0 0 0 8k xfs_dqtrx
87201f00 496 0 0 0 8k xfs_dquot
kmem: xfs_buf: slab: 37202e6e900 invalid freepointer: b844bab900001d70
kmem: xfs_buf: slab: 3720250fd80 invalid freepointer: b8603f9400001370
...
Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
---
memory.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/memory.c b/memory.c
index 8c6bbe409922..a3cf8a86728d 100644
--- a/memory.c
+++ b/memory.c
@@ -20,6 +20,7 @@
#include <sys/mman.h>
#include <ctype.h>
#include <netinet/in.h>
+#include <byteswap.h>
struct meminfo { /* general purpose memory information structure */
ulong cache; /* used by the various memory searching/dumping */
@@ -19336,10 +19337,14 @@ count_free_objects(struct meminfo *si, ulong freelist)
static ulong
freelist_ptr(struct meminfo *si, ulong ptr, ulong ptr_addr)
{
- if (VALID_MEMBER(kmem_cache_random))
+ if (VALID_MEMBER(kmem_cache_random)) {
/* CONFIG_SLAB_FREELIST_HARDENED */
+
+ if (THIS_KERNEL_VERSION >= LINUX(5,7,0))
+ ptr_addr = (sizeof(long) == 8) ? bswap_64(ptr_addr)
+ : bswap_32(ptr_addr);
return (ptr ^ si->random ^ ptr_addr);
- else
+ } else
return ptr;
}
--
2.30.2

View File

@ -0,0 +1,132 @@
From eaf14f852ae79f7745934e213661f1c6abac711e Mon Sep 17 00:00:00 2001
From: Greg Edwards <gedwards@ddn.com>
Date: Wed, 23 Jun 2021 13:50:47 -0600
Subject: [PATCH] Fix 'waitq' command for Linux 4.13 and later kernels
The wait queue structs and members were renamed in 4.13 in commits:
ac6424b981bc ("sched/wait: Rename wait_queue_t => wait_queue_entry_t")
9d9d676f595b ("sched/wait: Standardize internal naming of wait-queue heads")
2055da97389a ("sched/wait: Disambiguate wq_entry->task_list and wq_head->task_list naming")
Add support to the 'waitq' command for these more recent kernels.
[ kh: suppressed compilation warnings ]
Signed-off-by: Greg Edwards <gedwards@ddn.com>
Signed-off-by: Kazuhito Hagio <k-hagio-ab@nec.com>
Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
---
defs.h | 4 ++++
kernel.c | 27 +++++++++++++++++++++++----
symbols.c | 10 +++++++++-
3 files changed, 36 insertions(+), 5 deletions(-)
diff --git a/defs.h b/defs.h
index 42c8074e6ac6..6bb00e29d811 100644
--- a/defs.h
+++ b/defs.h
@@ -2138,6 +2138,9 @@ struct offset_table { /* stash of commonly-used offsets */
long atomic_long_t_counter;
long block_device_bd_device;
long block_device_bd_stats;
+ long wait_queue_entry_private;
+ long wait_queue_head_head;
+ long wait_queue_entry_entry;
};
struct size_table { /* stash of commonly-used sizes */
@@ -2300,6 +2303,7 @@ struct size_table { /* stash of commonly-used sizes */
long printk_info;
long printk_ringbuffer;
long prb_desc;
+ long wait_queue_entry;
};
struct array_table {
diff --git a/kernel.c b/kernel.c
index 528f6ee524f6..e123f760e036 100644
--- a/kernel.c
+++ b/kernel.c
@@ -615,7 +615,15 @@ kernel_init()
kt->flags |= TVEC_BASES_V1;
STRUCT_SIZE_INIT(__wait_queue, "__wait_queue");
- if (VALID_STRUCT(__wait_queue)) {
+ STRUCT_SIZE_INIT(wait_queue_entry, "wait_queue_entry");
+ if (VALID_STRUCT(wait_queue_entry)) {
+ MEMBER_OFFSET_INIT(wait_queue_entry_private,
+ "wait_queue_entry", "private");
+ MEMBER_OFFSET_INIT(wait_queue_head_head,
+ "wait_queue_head", "head");
+ MEMBER_OFFSET_INIT(wait_queue_entry_entry,
+ "wait_queue_entry", "entry");
+ } else if (VALID_STRUCT(__wait_queue)) {
if (MEMBER_EXISTS("__wait_queue", "task"))
MEMBER_OFFSET_INIT(__wait_queue_task,
"__wait_queue", "task");
@@ -9367,9 +9375,9 @@ dump_waitq(ulong wq, char *wq_name)
struct list_data list_data, *ld;
ulong *wq_list; /* addr of wait queue element */
ulong next_offset; /* next pointer of wq element */
- ulong task_offset; /* offset of task in wq element */
+ ulong task_offset = 0; /* offset of task in wq element */
int cnt; /* # elems on Queue */
- int start_index; /* where to start in wq array */
+ int start_index = -1; /* where to start in wq array */
int i;
ld = &list_data;
@@ -9397,9 +9405,20 @@ dump_waitq(ulong wq, char *wq_name)
ld->list_head_offset = OFFSET(__wait_queue_task_list);
ld->member_offset = next_offset;
+ start_index = 1;
+ } else if (VALID_STRUCT(wait_queue_entry)) {
+ ulong head_offset;
+
+ next_offset = OFFSET(list_head_next);
+ task_offset = OFFSET(wait_queue_entry_private);
+ head_offset = OFFSET(wait_queue_head_head);
+ ld->end = ld->start = wq + head_offset + next_offset;
+ ld->list_head_offset = OFFSET(wait_queue_entry_entry);
+ ld->member_offset = next_offset;
+
start_index = 1;
} else {
- return;
+ error(FATAL, "cannot determine wait queue structures\n");
}
hq_open();
diff --git a/symbols.c b/symbols.c
index 370d4c3e8ac0..67c135f12984 100644
--- a/symbols.c
+++ b/symbols.c
@@ -9817,7 +9817,13 @@ dump_offset_table(char *spec, ulong makestruct)
OFFSET(__wait_queue_head_task_list));
fprintf(fp, " __wait_queue_task_list: %ld\n",
OFFSET(__wait_queue_task_list));
-
+ fprintf(fp, " wait_queue_entry_private: %ld\n",
+ OFFSET(wait_queue_entry_private));
+ fprintf(fp, " wait_queue_head_head: %ld\n",
+ OFFSET(wait_queue_head_head));
+ fprintf(fp, " wait_queue_entry_entry: %ld\n",
+ OFFSET(wait_queue_entry_entry));
+
fprintf(fp, " pglist_data_node_zones: %ld\n",
OFFSET(pglist_data_node_zones));
fprintf(fp, " pglist_data_node_mem_map: %ld\n",
@@ -10717,6 +10723,8 @@ dump_offset_table(char *spec, ulong makestruct)
fprintf(fp, " wait_queue: %ld\n", SIZE(wait_queue));
fprintf(fp, " __wait_queue: %ld\n",
SIZE(__wait_queue));
+ fprintf(fp, " wait_queue_entry: %ld\n",
+ SIZE(wait_queue_entry));
fprintf(fp, " device: %ld\n", SIZE(device));
fprintf(fp, " net_device: %ld\n", SIZE(net_device));
--
2.30.2

View File

@ -0,0 +1,76 @@
From d6b4f36d6b22b70fb14e692f36d20910ef5563c1 Mon Sep 17 00:00:00 2001
From: Alexander Egorenkov <egorenar@linux.ibm.com>
Date: Tue, 29 Jun 2021 08:39:00 +0200
Subject: [PATCH] Handle task_struct state member changes for kernels >=
5.14-rc1
Kernel commit 2f064a59a11ff9bc22e52e9678bc601404c7cb34 ("sched: Change
task_struct::state") renamed the member state of task_struct to __state
and its type changed from long to unsigned int. Without the patch,
crash fails to start up with the following error:
crash: invalid structure member offset: task_struct_state
FILE: task.c LINE: 5929 FUNCTION: task_state()
Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
---
defs.h | 1 +
symbols.c | 1 +
task.c | 10 +++++++++-
3 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/defs.h b/defs.h
index 6bb00e29d811..5d32954905c2 100644
--- a/defs.h
+++ b/defs.h
@@ -2304,6 +2304,7 @@ struct size_table { /* stash of commonly-used sizes */
long printk_ringbuffer;
long prb_desc;
long wait_queue_entry;
+ long task_struct_state;
};
struct array_table {
diff --git a/symbols.c b/symbols.c
index 67c135f12984..bf6d94db84af 100644
--- a/symbols.c
+++ b/symbols.c
@@ -10678,6 +10678,7 @@ dump_offset_table(char *spec, ulong makestruct)
SIZE(page_cache_bucket));
fprintf(fp, " pt_regs: %ld\n", SIZE(pt_regs));
fprintf(fp, " task_struct: %ld\n", SIZE(task_struct));
+ fprintf(fp, " task_struct_state: %ld\n", SIZE(task_struct_state));
fprintf(fp, " task_struct_flags: %ld\n", SIZE(task_struct_flags));
fprintf(fp, " task_struct_policy: %ld\n", SIZE(task_struct_policy));
fprintf(fp, " thread_info: %ld\n", SIZE(thread_info));
diff --git a/task.c b/task.c
index 36cf259e5d7b..672b41697e75 100644
--- a/task.c
+++ b/task.c
@@ -297,6 +297,11 @@ task_init(void)
}
MEMBER_OFFSET_INIT(task_struct_state, "task_struct", "state");
+ MEMBER_SIZE_INIT(task_struct_state, "task_struct", "state");
+ if (INVALID_MEMBER(task_struct_state)) {
+ MEMBER_OFFSET_INIT(task_struct_state, "task_struct", "__state");
+ MEMBER_SIZE_INIT(task_struct_state, "task_struct", "__state");
+ }
MEMBER_OFFSET_INIT(task_struct_exit_state, "task_struct", "exit_state");
MEMBER_OFFSET_INIT(task_struct_pid, "task_struct", "pid");
MEMBER_OFFSET_INIT(task_struct_comm, "task_struct", "comm");
@@ -5926,7 +5931,10 @@ task_state(ulong task)
if (!tt->last_task_read)
return 0;
- state = ULONG(tt->task_struct + OFFSET(task_struct_state));
+ if (SIZE(task_struct_state) == sizeof(ulong))
+ state = ULONG(tt->task_struct + OFFSET(task_struct_state));
+ else
+ state = UINT(tt->task_struct + OFFSET(task_struct_state));
exit_state = VALID_MEMBER(task_struct_exit_state) ?
ULONG(tt->task_struct + OFFSET(task_struct_exit_state)) : 0;
--
2.30.2

View File

@ -0,0 +1,56 @@
From 488a59f85a57961fb0527aac40ae30fc7a17a24c Mon Sep 17 00:00:00 2001
From: Alexander Egorenkov <egorenar@linux.ibm.com>
Date: Wed, 13 Oct 2021 10:56:39 +0200
Subject: [PATCH] Handle task_struct cpu member changes for kernels >= 5.16-rc1
Kernel commit bcf9033e5449bdcaa9bed46467a7141a8049dadb
("sched: move CPU field back into thread_info if THREAD_INFO_IN_TASK=y")
moved the member cpu of task_struct back into thread_info.
Without the patch, crash fails with the following error message
during session initialization:
crash: invalid structure member offset: task_struct_cpu
FILE: task.c LINE: 2904 FUNCTION: add_context()
Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Signed-off-by: Kazuhito Hagio <k-hagio-ab@nec.com>
---
task.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/task.c b/task.c
index 672b41697e75..bb6a5da8ad33 100644
--- a/task.c
+++ b/task.c
@@ -278,8 +278,10 @@ task_init(void)
} else if (VALID_MEMBER(task_struct_stack))
MEMBER_OFFSET_INIT(task_struct_thread_info, "task_struct", "stack");
+ MEMBER_OFFSET_INIT(task_struct_cpu, "task_struct", "cpu");
+
if (VALID_MEMBER(task_struct_thread_info)) {
- if (tt->flags & THREAD_INFO_IN_TASK) {
+ if (tt->flags & THREAD_INFO_IN_TASK && VALID_MEMBER(task_struct_cpu)) {
MEMBER_OFFSET_INIT(thread_info_flags, "thread_info", "flags");
/* (unnecessary) reminders */
ASSIGN_OFFSET(thread_info_task) = INVALID_OFFSET;
@@ -315,7 +317,6 @@ task_init(void)
MEMBER_OFFSET_INIT(task_struct_has_cpu, "task_struct", "has_cpu");
MEMBER_OFFSET_INIT(task_struct_cpus_runnable,
"task_struct", "cpus_runnable");
- MEMBER_OFFSET_INIT(task_struct_cpu, "task_struct", "cpu");
MEMBER_OFFSET_INIT(task_struct_active_mm, "task_struct", "active_mm");
MEMBER_OFFSET_INIT(task_struct_next_run, "task_struct", "next_run");
MEMBER_OFFSET_INIT(task_struct_flags, "task_struct", "flags");
@@ -2900,7 +2901,7 @@ add_context(ulong task, char *tp)
else
tc->thread_info = ULONG(tp + OFFSET(task_struct_thread_info));
fill_thread_info(tc->thread_info);
- if (tt->flags & THREAD_INFO_IN_TASK)
+ if (tt->flags & THREAD_INFO_IN_TASK && VALID_MEMBER(task_struct_cpu))
processor_addr = (int *) (tp + OFFSET(task_struct_cpu));
else
processor_addr = (int *) (tt->thread_info +
--
2.30.2

View File

@ -0,0 +1,57 @@
From e90c0011d6e9476104c4c43aa76d2d0830a15946 Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Tue, 9 Nov 2021 14:52:22 +0100
Subject: [PATCH] Fix live debugging with lockdown=integrity
With kernel lockdown the access to kernel interfaces that allow to
extract confidential information (lockdown=confidentiality) or modify a
running kernel (lockdown=integrity) can be restricted. Two of the
interfaces that can be restricted are /dev/mem (integrity &
confidentiality) and /proc/kcore (confidentiality). With
lockdown=integrity this leads to a situation where /dev/mem exists but
is not readable while /proc/kcore exists and is readable. This breaks
crash's live debugging when it is invoked without argument, i.e.
$ crash
[...]
crash: /dev/mem: Operation not permitted
while passing /proc/kcore as image succeeds. The reason for this is that
crash always picks /dev/mem as source when it exits but doesn't check if
it is readable. Fix this by only selecting /dev/mem when it is readable.
Signed-off-by: Philipp Rudo <prudo@redhat.com>
---
filesys.c | 2 +-
main.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/filesys.c b/filesys.c
index 3361b6c12ed3..43cbe826fc79 100644
--- a/filesys.c
+++ b/filesys.c
@@ -3666,7 +3666,7 @@ get_live_memory_source(void)
if (pc->live_memsrc)
goto live_report;
- if (file_exists("/dev/mem", NULL))
+ if (file_readable("/dev/mem"))
pc->live_memsrc = "/dev/mem";
else if (file_exists("/proc/kcore", NULL)) {
pc->flags &= ~DEVMEM;
diff --git a/main.c b/main.c
index 388ac46c3834..dfd343cd9dd4 100644
--- a/main.c
+++ b/main.c
@@ -1119,7 +1119,7 @@ setup_environment(int argc, char **argv)
pc->flags2 |= REDZONE;
pc->confd = -2;
pc->machine_type = MACHINE_TYPE;
- if (file_exists("/dev/mem", NULL)) { /* defaults until argv[] is parsed */
+ if (file_readable("/dev/mem")) { /* defaults until argv[] is parsed */
pc->readmem = read_dev_mem;
pc->writemem = write_dev_mem;
} else if (file_exists("/proc/kcore", NULL)) {
--
2.30.2

View File

@ -0,0 +1,29 @@
From e09e3c038c853f9a332cf05a17e5fdee1c7837e0 Mon Sep 17 00:00:00 2001
From: Lianbo Jiang <lijiang@redhat.com>
Date: Thu, 18 Nov 2021 09:55:45 +0800
Subject: [PATCH] fix freepointer issue
Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
---
memory.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/memory.c b/memory.c
index a3cf8a86728d..81db9c7bee9f 100644
--- a/memory.c
+++ b/memory.c
@@ -19340,9 +19340,8 @@ freelist_ptr(struct meminfo *si, ulong ptr, ulong ptr_addr)
if (VALID_MEMBER(kmem_cache_random)) {
/* CONFIG_SLAB_FREELIST_HARDENED */
- if (THIS_KERNEL_VERSION >= LINUX(5,7,0))
- ptr_addr = (sizeof(long) == 8) ? bswap_64(ptr_addr)
- : bswap_32(ptr_addr);
+ ptr_addr = (sizeof(long) == 8) ? bswap_64(ptr_addr)
+ : bswap_32(ptr_addr);
return (ptr ^ si->random ^ ptr_addr);
} else
return ptr;
--
2.30.2

View File

@ -4,7 +4,7 @@
Summary: Kernel analysis utility for live systems, netdump, diskdump, kdump, LKCD or mcore dumpfiles
Name: crash
Version: 7.3.0
Release: 2%{?dist}
Release: 3%{?dist}
License: GPLv3
Group: Development/Debuggers
Source0: https://github.com/crash-utility/crash/archive/crash-%{version}.tar.gz
@ -19,6 +19,12 @@ Provides: bundled(gdb) = 7.6
Patch0: lzo_snappy.patch
Patch1: rhel8_build.patch
Patch2: rhel8_arm64_52_bit_fix.patch
Patch3: 0001-Fix-for-kmem-s-S-option-on-Linux-5.7-and-later-kerne.patch
Patch4: 0002-Fix-waitq-command-for-Linux-4.13-and-later-kernels.patch
Patch5: 0003-Handle-task_struct-state-member-changes-for-kernels-.patch
Patch6: 0004-Handle-task_struct-cpu-member-changes-for-kernels-5..patch
Patch7: 0005-Fix-live-debugging-with-lockdown-integrity.patch
Patch8: rhel8_freepointer.patch
%description
The core analysis suite is a self-contained tool that can be used to
@ -42,6 +48,12 @@ offered by Mission Critical Linux, or the LKCD kernel patch.
%patch0 -p1 -b lzo_snappy.patch
%patch1 -p1 -b rhel8_build.patch
%patch2 -p1 -b rhel8_arm64_52_bit_fix.patch
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%build
cp %{SOURCE1} .
@ -72,6 +84,13 @@ rm -rf %{buildroot}
%{_includedir}/*
%changelog
* Thu Nov 18 2021 Lianbo Jiang <lijiang@redhat.com> - 7.3.0-3
- Fix for "sched: Change task_struct::state"
- Fix for "sched: move CPU field back into thread_info if THREAD_INFO_IN_TASK=y"
- Fix live debugging with lockdown=integrity
- Fix 'waitq' command for Linux 4.13 and later kernels
- Fix for "kmem -s|-S" option on Linux 5.7 and later kernels
* Fri May 14 2021 Lianbo Jiang <lijiang@redhat.com> - 7.3.0-2
- Update the sha512 hash in the sources file to solve the
compilation issues