packages/crash
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:e7f9f58219e6a9fae385978209266c1d5ab697a7
Branches Tags
packages:main
...
compare: packages:e679a4736077f3786865404b0a1740e6d02fcc09
Branches Tags
packages:main

10 Commits
e7f9f58219 ... e679a47360

Author SHA1 Message Date
openeuler-ci-bot
e679a47360
!142 [sync] PR-141: include all patches in the source package 
From: @openeuler-sync-bot 
Reviewed-by: @wangbin224 
Signed-off-by: @wangbin224
 2024-12-20 02:35:23 +00:00
wangxiao65
18e9ff774a include all patches in the source package 
(cherry picked from commit 7b3040b04dfc5961aa5f219c0b2fa713f8dd5bbf)
 2024-12-20 10:06:18 +08:00
openeuler-ci-bot
933b0ea4ff
!131 [sync] PR-126: arm64: fix SDEI stack frame unwind while UNW_4_14 is set 
From: @openeuler-sync-bot 
Reviewed-by: @wangbin224 
Signed-off-by: @wangbin224
 2024-12-05 02:22:52 +00:00
wangxiao65
01590f98db arm64: fix SDEI stack frame unwind while UNW_4_14 is set 
(cherry picked from commit 8e62954c9762a9939278f21d79fb83f658de9d7f)
 2024-12-05 09:25:51 +08:00
openeuler-ci-bot
acb4a1231f
!110 [sync] PR-106: arm64: Fix again segfault in arm64_is_kernel_exception_frame() when corrupt stack pointer address is given 
From: @openeuler-sync-bot 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
 2024-11-06 08:48:45 +00:00
chenhaixiang
f24186715c arm64: Fix again segfault in arm64_is_kernel_exception_frame() when 
corrupt stack pointer address is given

Signed-off-by: chenhaixiang <chenhaixiang3@huawei.com>
(cherry picked from commit e5371d84920bd26167f0d3e6527246f1119fbd62)
 2024-10-29 16:39:36 +08:00
openeuler-ci-bot
0196b25daa
!87 Update crash from master 
From: @chenhaixaing 
Reviewed-by: @wangbin224 
Signed-off-by: @wangbin224
 2023-07-25 12:02:40 +00:00
chenhaixiang
70e72bcf02 Update crash from master 2023-07-25 15:31:42 +08:00
openeuler-ci-bot
b09c52d95d
!85 arm64: Use VA_BITS for page_offset calculation 
From: @chenhaixaing 
Reviewed-by: @wangbin224 
Signed-off-by: @wangbin224
 2023-07-18 01:49:02 +00:00
chenhaixiang
4a65b56f24 arm64: Use VA_BITS for page_offset calculation 
Signed-off-by: chenhaixiang <chenhaixiang3@huawei.com>
 2023-07-17 04:24:08 -04:00
23 changed files with 20639 additions and 1054 deletions
Show Stats Expand all files Collapse all files

17
lzo_snappy.patch → 0000-lzo_snappy.patch
View File

@ -1,22 +1,23 @@
--- crash-7.1.4/diskdump.c.orig
+++ crash-7.1.4/diskdump.c
@@ -23,6 +23,8 @@
--- crash-8.0.2/diskdump.c.orig
+++ crash-8.0.2/diskdump.c
@@ -23,6 +23,9 @@
* GNU General Public License for more details.
*/
+#define LZO
+#define SNAPPY
+#define ZSTD
#include "defs.h"
#include "diskdump.h"
#include "xen_dom0.h"
--- crash-7.1.4/Makefile.orig
+++ crash-7.1.4/Makefile
@@ -228,7 +228,7 @@ all: make_configure
--- crash-8.0.2/Makefile.orig
+++ crash-8.0.2/Makefile
@@ -256,7 +256,7 @@ all: make_configure
gdb_merge: force
@if [ ! -f ${GDB}/README ]; then \
make --no-print-directory gdb_unzip; fi
$(MAKE) gdb_unzip; fi
- @echo "${LDFLAGS} -lz -ldl -rdynamic" > ${GDB}/gdb/mergelibs
+ @echo "${LDFLAGS} -lz -llzo2 -lsnappy -ldl -rdynamic" > ${GDB}/gdb/mergelibs
+ @echo "${LDFLAGS} -lz -llzo2 -lsnappy -lzstd -ldl -rdynamic" > ${GDB}/gdb/mergelibs
@echo "../../${PROGRAM} ../../${PROGRAM}lib.a" > ${GDB}/gdb/mergeobj
@rm -f ${PROGRAM}
@if [ ! -f ${GDB}/config.status ]; then \

78
0001-CVE-2019-1010180-Add-bfd_get_file_size-to-get-archive-element-size.patch
View File

@ -1,78 +0,0 @@
From 8e2f54bcee7e3e8315d4a39a302eaf8e4389e07d Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Tue, 30 May 2017 06:34:05 -0700
Subject: [PATCH] Add bfd_get_file_size to get archive element size
We can't use stat() to get archive element size. Add bfd_get_file_size
to get size for both normal files and archive elements.
bfd/
PR binutils/21519
* bfdio.c (bfd_get_file_size): New function.
* bfd-in2.h: Regenerated.
Conflict:1.remove changelog; 2.the folder binutils/ does not exist.
Reference:https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8e2f54bcee7e3e8315d4a39a302eaf8e4389e07d
---
gdb-7.6.patch | 43 +++++++++++++++++++++++++++++++++++++++++++
1 file changed, 43 insertions(+)
diff --git a/gdb-7.6.patch b/gdb-7.6.patch
index 106d164..b29ccc9 100644
--- a/gdb-7.6.patch
+++ b/gdb-7.6.patch
@@ -22,6 +22,49 @@ tar xvzmf gdb-7.6.tar.gz \
exit 0
+--- gdb-7.6/bfd/bfd-in2.h
++++ gdb-7.6/bfd/bfd-in2.h
+@@ -1242,6 +1242,8 @@ long bfd_get_mtime (bfd *abfd);
+
+ file_ptr bfd_get_size (bfd *abfd);
+
++file_ptr bfd_get_file_size (bfd *abfd);
++
+ void *bfd_mmap (bfd *abfd, void *addr, bfd_size_type len,
+ int prot, int flags, file_ptr offset,
+ void **map_addr, bfd_size_type *map_len);
+--- gdb-7.6/bfd/bfdio.c
++++ gdb-7.6/bfd/bfdio.c
+@@ -434,6 +434,29 @@ bfd_get_size (bfd *abfd)
+ return buf.st_size;
+ }
+
++/*
++FUNCTION
++ bfd_get_file_size
++
++SYNOPSIS
++ file_ptr bfd_get_file_size (bfd *abfd);
++
++DESCRIPTION
++ Return the file size (as read from file system) for the file
++ associated with BFD @var{abfd}. It supports both normal files
++ and archive elements.
++
++*/
++
++file_ptr
++bfd_get_file_size (bfd *abfd)
++{
++ if (abfd->my_archive != NULL
++ && !bfd_is_thin_archive (abfd->my_archive))
++ return arelt_size (abfd);
++
++ return bfd_get_size (abfd);
++}
+
+ /*
+ FUNCTION
--- gdb-7.6/libiberty/Makefile.in.orig
+++ gdb-7.6/libiberty/Makefile.in
@@ -175,6 +175,7 @@ REQUIRED_OFILES = \
--
2.27.0

121
add-SDEI-stack-resolution.patch → 0001-add-SDEI-stack-resolution.patch
View File

@ -31,15 +31,15 @@ PID: 55429 TASK: ffff802772e3ae80 CPU: 19 COMMAND: "insmod"
Signed-off-by: Jialong Chen <chenjialong@huawei.com>
---
arm64.c | 210 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
arm64.c | 213 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--
defs.h | 3 +
2 files changed, 209 insertions(+), 4 deletions(-)
2 files changed, 212 insertions(+), 4 deletions(-)
diff --git a/arm64.c b/arm64.c
index fdf77bd..cc32d9d 100644
index c3e26a3..d293e6c 100644
--- a/arm64.c
+++ b/arm64.c
@@ -87,6 +87,10 @@ static void arm64_calc_VA_BITS(void);
@@ -93,6 +93,11 @@ static void arm64_calc_VA_BITS(void);
static int arm64_is_uvaddr(ulong, struct task_context *);
static void arm64_calc_KERNELPACMASK(void);
@ -47,24 +47,22 @@ index fdf77bd..cc32d9d 100644
+static void arm64_set_sdei_normal_stack(struct bt_info *bt);
+static void arm64_sdei_stack_init(void);
+static int arm64_in_kdump_text_on_sdei_stack(struct bt_info *bt);
/*
* Do all necessary machine-specific setup here. This is called several times
@@ -461,6 +465,7 @@ arm64_init(int when)
+
struct kernel_range {
unsigned long modules_vaddr, modules_end;
unsigned long vmalloc_start_addr, vmalloc_end;
@@ -520,6 +525,7 @@ arm64_init(int when)
arm64_irq_stack_init();
arm64_overflow_stack_init();
arm64_stackframe_init();
+ arm64_sdei_stack_init();
break;
case POST_VM:
@@ -1655,6 +1660,70 @@ arm64_irq_stack_init(void)
readmem(p, KVADDR, &(ms->irq_stacks[i]), sizeof(ulong),
"IRQ stack pointer", RETURN_ON_ERROR);
}
+ }
+}
+
case POST_INIT:
@@ -2174,6 +2180,70 @@ arm64_irq_stack_init(void)
}
}
+/*
+ * Gather IRQ stack values.
+ */
@ -126,10 +124,13 @@ index fdf77bd..cc32d9d 100644
+ readmem(p, KVADDR, &(ms->sdei_stacks[i]), sizeof(ulong),
+ "SDEI stack pointer", RETURN_ON_ERROR);
+ }
}
}
@@ -2173,7 +2242,7 @@ arm64_unwind_frame(struct bt_info *bt, struct arm64_stackframe *frame)
+ }
+}
+
/*
* Gather Overflow stack values.
*
@@ -2736,7 +2806,7 @@ arm64_unwind_frame(struct bt_info *bt, struct arm64_stackframe *frame)
{
unsigned long high, low, fp;
unsigned long stack_mask;
@ -138,17 +139,17 @@ index fdf77bd..cc32d9d 100644
struct arm64_pt_regs *ptregs;
struct machine_specific *ms = machdep->machspec;
@@ -2203,7 +2272,8 @@ arm64_unwind_frame(struct bt_info *bt, struct arm64_stackframe *frame)
if (machdep->flags & UNW_4_14) {
if ((bt->flags & BT_IRQSTACK) &&
- !arm64_on_irq_stack(bt->tc->processor, frame->fp)) {
+ !arm64_on_irq_stack(bt->tc->processor, frame->fp) &&
+ !arm64_in_sdei_normal_stack(bt->tc->processor, frame->fp)) {
@@ -2765,7 +2835,8 @@ arm64_unwind_frame(struct bt_info *bt, struct arm64_stackframe *frame)
if (((bt->flags & BT_IRQSTACK) &&
!arm64_on_irq_stack(bt->tc->processor, frame->fp)) ||
((bt->flags & BT_OVERFLOW_STACK) &&
- !arm64_on_overflow_stack(bt->tc->processor, frame->fp))) {
+ !arm64_on_overflow_stack(bt->tc->processor, frame->fp)) &&
+ !arm64_in_sdei_normal_stack(bt->tc->processor, frame->fp)) {
if (arm64_on_process_stack(bt, frame->fp)) {
arm64_set_process_stack(bt);
@@ -2243,6 +2313,7 @@ arm64_unwind_frame(struct bt_info *bt, struct arm64_stackframe *frame)
@@ -2805,6 +2876,7 @@ arm64_unwind_frame(struct bt_info *bt, struct arm64_stackframe *frame)
* orig_sp = IRQ_STACK_TO_TASK_STACK(irq_stack_ptr); (pt_regs pointer on process stack)
*/
irq_stack_ptr = ms->irq_stacks[bt->tc->processor] + ms->irq_stack_size - 16;
@ -156,7 +157,7 @@ index fdf77bd..cc32d9d 100644
if (frame->sp == irq_stack_ptr) {
orig_sp = GET_STACK_ULONG(irq_stack_ptr - 8);
@@ -2263,6 +2334,25 @@ arm64_unwind_frame(struct bt_info *bt, struct arm64_stackframe *frame)
@@ -2825,6 +2897,25 @@ arm64_unwind_frame(struct bt_info *bt, struct arm64_stackframe *frame)
frame->fp, INSTACK(frame->fp, bt) ? "" : " (?)");
return FALSE;
}
@ -182,7 +183,7 @@ index fdf77bd..cc32d9d 100644
}
return TRUE;
@@ -2602,6 +2692,10 @@ arm64_back_trace_cmd(struct bt_info *bt)
@@ -3164,6 +3255,10 @@ arm64_back_trace_cmd(struct bt_info *bt)
arm64_set_irq_stack(bt);
bt->flags |= BT_IRQSTACK;
}
@ -193,42 +194,43 @@ index fdf77bd..cc32d9d 100644
stackframe.fp = GET_STACK_ULONG(bt->bptr - 8);
stackframe.pc = GET_STACK_ULONG(bt->bptr);
stackframe.sp = bt->bptr + 8;
@@ -2611,6 +2705,10 @@ arm64_back_trace_cmd(struct bt_info *bt)
@@ -3173,6 +3268,10 @@ arm64_back_trace_cmd(struct bt_info *bt)
arm64_set_irq_stack(bt);
bt->flags |= BT_IRQSTACK;
}
+ if (arm64_in_sdei_normal_stack(bt->tc->processor, bt->hp->esp)) {
+ if (arm64_in_sdei_normal_stack(bt->tc->processor, bt->bptr)) {
+ arm64_set_sdei_normal_stack(bt);
+ bt->flags |= BT_IRQSTACK;
+ }
stackframe.fp = GET_STACK_ULONG(bt->hp->esp - 8);
stackframe.pc = bt->hp->eip ?
bt->hp->eip : GET_STACK_ULONG(bt->hp->esp);
@@ -2621,6 +2719,10 @@ arm64_back_trace_cmd(struct bt_info *bt)
arm64_set_irq_stack(bt);
bt->flags |= BT_IRQSTACK;
@@ -3186,6 +3285,10 @@ arm64_back_trace_cmd(struct bt_info *bt)
arm64_set_overflow_stack(bt);
bt->flags |= BT_OVERFLOW_STACK;
}
+ if (arm64_in_sdei_normal_stack(bt->tc->processor, bt->frameptr)) {
+ if (arm64_in_sdei_normal_stack(bt->tc->processor, bt->bptr)) {
+ arm64_set_sdei_normal_stack(bt);
+ bt->flags |= BT_IRQSTACK;
+ }
stackframe.sp = bt->stkptr;
stackframe.pc = bt->instptr;
stackframe.fp = bt->frameptr;
@@ -2682,7 +2784,8 @@ arm64_back_trace_cmd(struct bt_info *bt)
@@ -3249,7 +3352,8 @@ arm64_back_trace_cmd(struct bt_info *bt)
}
if ((bt->flags & BT_IRQSTACK) &&
- !arm64_on_irq_stack(bt->tc->processor, stackframe.fp)) {
+ !arm64_on_irq_stack(bt->tc->processor, stackframe.fp) &&
+ !arm64_in_sdei_normal_stack(bt->tc->processor, stackframe.fp)) {
+ !arm64_on_irq_stack(bt->tc->processor, stackframe.fp) &&
+ !arm64_in_sdei_normal_stack(bt->tc->processor, stackframe.fp)) {
bt->flags &= ~BT_IRQSTACK;
if (arm64_switch_stack(bt, &stackframe, ofp) == USER_MODE)
break;
@@ -2965,6 +3068,81 @@ arm64_in_kdump_text(struct bt_info *bt, struct arm64_stackframe *frame)
@@ -3537,6 +3641,81 @@ arm64_in_kdump_text(struct bt_info *bt, struct arm64_stackframe *frame)
return FALSE;
}
static int
+static int
+arm64_in_kdump_text_on_sdei_stack(struct bt_info *bt)
+{
+ int cpu;
@ -259,7 +261,7 @@ index fdf77bd..cc32d9d 100644
+
+ for (ptr = start - 8; ptr >= base; ptr--) {
+ if (bt->flags & BT_OPT_BACK_TRACE) {
+ if ((*ptr >= ms->crash_kexec_start) &&
+ if ((*ptr > ms->crash_kexec_start) &&
+ (*ptr < ms->crash_kexec_end) &&
+ INSTACK(*(ptr - 1), bt)) {
+ bt->bptr = ((ulong)(ptr - 1) - (ulong)base) + stackbase;
@ -269,7 +271,7 @@ index fdf77bd..cc32d9d 100644
+ FREEBUF(stackbuf);
+ return TRUE;
+ }
+ if ((*ptr >= ms->crash_save_cpu_start) &&
+ if ((*ptr > ms->crash_save_cpu_start) &&
+ (*ptr < ms->crash_save_cpu_end) &&
+ INSTACK(*(ptr - 1), bt)) {
+ bt->bptr = ((ulong)(ptr - 1) - (ulong)base) + stackbase;
@ -280,7 +282,7 @@ index fdf77bd..cc32d9d 100644
+ return TRUE;
+ }
+ } else {
+ if ((*ptr >= ms->crash_kexec_start) && (*ptr < ms->crash_kexec_end)) {
+ if ((*ptr > ms->crash_kexec_start) && (*ptr < ms->crash_kexec_end)) {
+ bt->bptr = ((ulong)ptr - (ulong)base) + stackbase;
+ if (CRASHDEBUG(1))
+ fprintf(fp, "%lx: %lx (crash_kexec on IRQ stack)\n",
@ -288,7 +290,7 @@ index fdf77bd..cc32d9d 100644
+ FREEBUF(stackbuf);
+ return TRUE;
+ }
+ if ((*ptr >= ms->crash_save_cpu_start) && (*ptr < ms->crash_save_cpu_end)) {
+ if ((*ptr > ms->crash_save_cpu_start) && (*ptr < ms->crash_save_cpu_end)) {
+ bt->bptr = ((ulong)ptr - (ulong)base) + stackbase;
+ if (CRASHDEBUG(1))
+ fprintf(fp, "%lx: %lx (crash_save_cpu on IRQ stack)\n",
@ -303,22 +305,21 @@ index fdf77bd..cc32d9d 100644
+ return FALSE;
+}
+
+static int
static int
arm64_in_kdump_text_on_irq_stack(struct bt_info *bt)
{
int cpu;
@@ -3111,7 +3287,8 @@ try_kernel:
@@ -3727,7 +3906,8 @@ try_kernel:
}
if (arm64_in_kdump_text(bt, frame) ||
- arm64_in_kdump_text_on_irq_stack(bt))
- arm64_in_kdump_text_on_irq_stack(bt)) {
+ arm64_in_kdump_text_on_irq_stack(bt) ||
+ arm64_in_kdump_text_on_sdei_stack(bt))
+ arm64_in_kdump_text_on_sdei_stack(bt)) {
bt->flags |= BT_KDUMP_ADJUST;
return TRUE;
@@ -3804,6 +3981,31 @@ arm64_in_alternate_stack(int cpu, ulong stkptr)
return FALSE;
if (skip && is_idle_thread(bt->task))
bt->flags |= BT_SKIP_IDLE;
@@ -4488,6 +4668,31 @@ arm64_on_overflow_stack(int cpu, ulong stkptr)
ms->overflow_stacks, ms->overflow_stack_size);
}
+static int
@ -329,7 +330,7 @@ index fdf77bd..cc32d9d 100644
+ if (!ms->sdei_stack_size || (cpu >= kt->cpus))
+ return FALSE;
+
+ if ((stkptr >= ms->sdei_stacks[cpu]) &&
+ if ((stkptr > ms->sdei_stacks[cpu]) &&
+ (stkptr < (ms->sdei_stacks[cpu] + ms->sdei_stack_size)))
+ return TRUE;
+
@ -350,10 +351,10 @@ index fdf77bd..cc32d9d 100644
arm64_set_irq_stack(struct bt_info *bt)
{
diff --git a/defs.h b/defs.h
index 9594950..9cd5ffa 100644
index afdcf6c..4885d55 100644
--- a/defs.h
+++ b/defs.h
@@ -3283,6 +3283,9 @@ struct machine_specific {
@@ -3376,6 +3376,9 @@ struct machine_specific {
ulong irq_stack_size;
ulong *irq_stacks;
char *irq_stackbuf;
@ -362,7 +363,7 @@ index 9594950..9cd5ffa 100644
+ char *sdei_stackbuf;
ulong __irqentry_text_start;
ulong __irqentry_text_end;
/* for exception vector code */
ulong overflow_stack_size;
--
2.13.7
2.27.0

62
0001-arm64-Fix-segfault-by-bt-command-with-offline-cpus.patch
View File

@ -1,62 +0,0 @@
From 1a1fd21c625cb2ca335e626eb50426f13c4160f7 Mon Sep 17 00:00:00 2001
From: Kazuhito Hagio <k-hagio-ab@nec.com>
Date: Wed, 26 Jan 2022 06:07:00 +0000
Subject: [PATCH] arm64: Fix segfault by "bt" command with offline cpus
Currently on arm64, NT_PRSTATUS notes in dumpfile are not mapped to
online cpus and machine_specific->panic_task_regs correctly. As a
result, the "bt" command can cause a segmentation fault.
crash> bt -c 0
PID: 0 TASK: ffff8000117fa240 CPU: 0 COMMAND: "swapper/0"
Segmentation fault (core dumped)
To fix this,
1) make map_cpus_to_prstatus_kdump_cmprs() map the notes to
dd->nt_prstatus_percpu also on arm64, and
2) move arm64_get_crash_notes() to machdep_init(POST_INIT) in order
to apply the mapping to machine_specific->panic_task_regs.
Resolves: https://github.com/crash-utility/crash/issues/105
Reported-by: xuchunmei000 <xuchunmei@linux.alibaba.com>
Signed-off-by: Kazuhito Hagio <k-hagio-ab@nec.com>
Tested-by: David Wysochanski <dwysocha@redhat.com>
Conflict:adapt context.
Reference:https://github.com/crash-utility/crash/commit/1a1fd21c625cb2ca335e626eb50426f13c4160f7
---
arm64.c | 2 +-
diskdump.c | 3 +--
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/arm64.c b/arm64.c
index 23c3d75..4f2c2b5 100644
--- a/arm64.c
+++ b/arm64.c
@@ -472,7 +472,7 @@ arm64_init(int when)
arm64_sdei_stack_init();
break;
- case POST_VM:
+ case POST_INIT:
/*
* crash_notes contains machine specific information about the
* crash. In particular, it contains CPU registers at the time
diff --git a/diskdump.c b/diskdump.c
index 112f769..690b424 100644
--- a/diskdump.c
+++ b/diskdump.c
@@ -111,8 +111,7 @@ map_cpus_to_prstatus_kdump_cmprs(void)
if (pc->flags2 & QEMU_MEM_DUMP_COMPRESSED) /* notes exist for all cpus */
goto resize_note_pointers;
- if (!(online = get_cpus_online()) || (online == kt->cpus) ||
- machine_type("ARM64"))
+ if (!(online = get_cpus_online()) || (online == kt->cpus))
goto resize_note_pointers;
if (CRASHDEBUG(1))
--
2.33.0

61
0001-arm64-rename-ARM64_PAGE_OFFSET_ACTUAL-to-ARM64_FLIP_.patch
View File

@ -1,61 +0,0 @@
From 5719afc7a40868418405a87a2711088556e68a3b Mon Sep 17 00:00:00 2001
From: Pingfan Liu <piliu@redhat.com>
Date: Fri, 2 Jul 2021 10:14:21 +0800
Subject: [PATCH 13/16] arm64: rename ARM64_PAGE_OFFSET_ACTUAL to
ARM64_FLIP_PAGE_OFFSET_ACTUAL
Reflect the flipped layout of kernel VA, which is introduced by
kernel commit 14c127c957c1 ("arm64: mm: Flip kernel VA space").
Signed-off-by: Pingfan Liu <piliu@redhat.com>
Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
---
arm64.c | 10 ++++++----
defs.h | 3 ++-
2 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/arm64.c b/arm64.c
index 8934961b109d..9fe1a4a3bddb 100644
--- a/arm64.c
+++ b/arm64.c
@@ -217,10 +217,12 @@ arm64_init(int when)
arm64_calc_VA_BITS();
arm64_calc_KERNELPACMASK();
ms = machdep->machspec;
+
+ /* vabits_actual introduced after mm flip, so it should be flipped layout */
if (ms->VA_BITS_ACTUAL) {
- ms->page_offset = ARM64_PAGE_OFFSET_ACTUAL;
- machdep->identity_map_base = ARM64_PAGE_OFFSET_ACTUAL;
- machdep->kvbase = ARM64_PAGE_OFFSET_ACTUAL;
+ ms->page_offset = ARM64_FLIP_PAGE_OFFSET_ACTUAL;
+ machdep->identity_map_base = ARM64_FLIP_PAGE_OFFSET_ACTUAL;
+ machdep->kvbase = ARM64_FLIP_PAGE_OFFSET_ACTUAL;
ms->userspace_top = ARM64_USERSPACE_TOP_ACTUAL;
} else {
ms->page_offset = ARM64_PAGE_OFFSET;
@@ -401,7 +403,7 @@ arm64_init(int when)
fprintf(fp, "CONFIG_ARM64_VA_BITS: %ld\n", ms->CONFIG_ARM64_VA_BITS);
fprintf(fp, " VA_BITS_ACTUAL: %ld\n", ms->VA_BITS_ACTUAL);
fprintf(fp, "(calculated) VA_BITS: %ld\n", ms->VA_BITS);
- fprintf(fp, " PAGE_OFFSET: %lx\n", ARM64_PAGE_OFFSET_ACTUAL);
+ fprintf(fp, " PAGE_OFFSET: %lx\n", ARM64_FLIP_PAGE_OFFSET_ACTUAL);
fprintf(fp, " VA_START: %lx\n", ms->VA_START);
fprintf(fp, " modules: %lx - %lx\n", ms->modules_vaddr, ms->modules_end);
fprintf(fp, " vmalloc: %lx - %lx\n", ms->vmalloc_start_addr, ms->vmalloc_end);
diff --git a/defs.h b/defs.h
index 5d32954905c2..eb7ce6aea331 100644
--- a/defs.h
+++ b/defs.h
@@ -3233,7 +3233,8 @@ typedef signed int s32;
#define ARM64_PAGE_OFFSET ((0xffffffffffffffffUL) \
<< (machdep->machspec->VA_BITS - 1))
-#define ARM64_PAGE_OFFSET_ACTUAL ((0xffffffffffffffffUL) \
+/* kernels >= v5.4 the kernel VA space is flipped */
+#define ARM64_FLIP_PAGE_OFFSET_ACTUAL ((0xffffffffffffffffUL) \
- ((1UL) << machdep->machspec->VA_BITS_ACTUAL) + 1)
#define ARM64_USERSPACE_TOP ((1UL) << machdep->machspec->VA_BITS)
--
2.30.2

144
0002-CVE-2019-1010180-DWARF-reader-Reject-sections-with-invalid-sizes.patch
View File

@ -1,144 +0,0 @@
From 950b74950f6020eda38647f22e9077ac7f68ca49 Mon Sep 17 00:00:00 2001
From: Keith Seitz <keiths@redhat.com>
Date: Wed, 16 Oct 2019 11:33:59 -0700
Subject: [PATCH] DWARF reader: Reject sections with invalid sizes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This is another fuzzer bug, gdb/23567. This time, the fuzzer has
specifically altered the size of .debug_str:
$ eu-readelf -S objdump
Section Headers:
[Nr] Name Type Addr Off Size ES Flags Lk Inf Al
[31] .debug_str PROGBITS 0000000000000000 0057116d ffffffffffffffff 1 MS 0 0 1
When this file is loaded into GDB, the DWARF reader crashes attempting
to access the string table (or it may just store a bunch of nonsense):
[gdb-8.3-6-fc30]
$ gdb -nx -q objdump
BFD: warning: /path/to/objdump has a corrupt section with a size (ffffffffffffffff) larger than the file size
Reading symbols from /path/to/objdump...
Segmentation fault (core dumped)
Nick has already committed a BFD patch to issue the warning seen above.
[gdb master 6acc1a0b]
$ gdb -BFD: warning: /path/to/objdump has a corrupt section with a size (ffffffffffffffff) larger than the file size
Reading symbols from /path/to/objdump...
(gdb) inf func
All defined functions:
File ./../include/dwarf2.def:
186: const
8 *>(.:
;'@<40>B);
747: const
8 *<2A>(.:
;'@<40>B);
701: const
8 *<2A>D <20>
(.:
;'@<40>B);
71: const
8 *(.:
;'@<40>B);
/* and more gibberish */
Consider read_indirect_string_at_offset_from:
static const char *
read_indirect_string_at_offset_from (struct objfile *objfile,
bfd *abfd, LONGEST str_offset,
struct dwarf2_section_info *sect,
const char *form_name,
const char *sect_name)
{
dwarf2_read_section (objfile, sect);
if (sect->buffer == NULL)
error (_("%s used without %s section [in module %s]"),
form_name, sect_name, bfd_get_filename (abfd));
if (str_offset >= sect->size)
error (_("%s pointing outside of %s section [in module %s]"),
form_name, sect_name, bfd_get_filename (abfd));
gdb_assert (HOST_CHAR_BIT == 8);
if (sect->buffer[str_offset] == '\0')
return NULL;
return (const char *) (sect->buffer + str_offset);
}
With sect_size being ginormous, the code attempts to access
sect->buffer[GINORMOUS], and depending on the layout of memory,
GDB either stores a bunch of gibberish strings or crashes.
This is an attempt to mitigate this by implementing a similar approach
used by BFD. In our case, we simply reject the section with the invalid
length:
$ ./gdb -nx -q objdump
BFD: warning: /path/to/objdump has a corrupt section with a size (ffffffffffffffff) larger than the file size
Reading symbols from /path/to/objdump...
warning: Discarding section .debug_str which has a section size (ffffffffffffffff) larger than the file size [in module /path/to/objdump]
DW_FORM_strp used without .debug_str section [in module /path/to/objdump]
(No debugging symbols found in /path/to/objdump)
(gdb)
Unfortunately, I have not found a way to regression test this, since it
requires poking ELF section headers.
gdb/ChangeLog:
2019-10-16 Keith Seitz <keiths@redhat.com>
PR gdb/23567
* dwarf2read.c (dwarf2_per_objfile::locate_sections): Discard
sections whose size is greater than the file size.
Change-Id: I896ac3b4eb2207c54e8e05c16beab3051d9b4b2f
Conflict:1.remove changelog; 2.patch context adaptation;
3.use sectp->name replace bfd_section_name (sectp);use abfd->filename replace bfd_get_filename.
Reference:https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=950b74950f6020eda38647f22e9077ac7f68ca49
---
gdb-7.6.patch | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/gdb-7.6.patch b/gdb-7.6.patch
index b29ccc9..0989724 100644
--- a/gdb-7.6.patch
+++ b/gdb-7.6.patch
@@ -65,6 +65,24 @@ exit 0
/*
FUNCTION
+--- gdb-7.6/gdb/dwarf2read.c
++++ gdb-7.6/gdb/dwarf2read.c
+@@ -1822,6 +1822,15 @@ dwarf2_locate_sections (bfd *abfd, asection *sectp, void *vnames)
+ if ((aflag & SEC_HAS_CONTENTS) == 0)
+ {
+ }
++ else if (elf_section_data (sectp)->this_hdr.sh_size
++ > bfd_get_file_size (abfd))
++ {
++ bfd_size_type size = elf_section_data (sectp)->this_hdr.sh_size;
++ warning (_("Discarding section %s which has a section size (%s"
++ ") larger than the file size [in module %s]"),
++ sectp->name, phex_nz (size, sizeof (size)),
++ abfd->filename);
++ }
+ else if (section_is_p (sectp->name, &names->info))
+ {
+ dwarf2_per_objfile->info.asection = sectp;
--- gdb-7.6/libiberty/Makefile.in.orig
+++ gdb-7.6/libiberty/Makefile.in
@@ -175,6 +175,7 @@ REQUIRED_OFILES = \
--
2.27.0

56
0002-arm64-assign-page_offset-with-VA_BITS-kernel-configu.patch
View File

@ -1,56 +0,0 @@
From 167d37e347fe35c6f7db826e8539e192c4375564 Mon Sep 17 00:00:00 2001
From: Pingfan Liu <piliu@redhat.com>
Date: Fri, 2 Jul 2021 10:14:22 +0800
Subject: [PATCH 14/16] arm64: assign page_offset with VA_BITS kernel
configuration value
On RHEL9, crash hits a bug when executing "crash /proc/kcore":
seek error: kernel virtual address: ffff6a0f3fff0000 type: "pmd page"
The kernel virtual address does not vary with vabits_actual, instead,
is determined by configuration value. But crash does not observe this
fact.
Since vabits_actual related kernel commit is introduced after arm64
mm layout flip commit, so changes are safe under the condition if
(ms->VA_BITS_ACTUAL), and keep the else branch untouched.
Signed-off-by: Pingfan Liu <piliu@redhat.com>
Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
---
arm64.c | 7 ++++---
defs.h | 1 +
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/arm64.c b/arm64.c
index 9fe1a4a3bddb..149db36cd119 100644
--- a/arm64.c
+++ b/arm64.c
@@ -220,9 +220,10 @@ arm64_init(int when)
/* vabits_actual introduced after mm flip, so it should be flipped layout */
if (ms->VA_BITS_ACTUAL) {
- ms->page_offset = ARM64_FLIP_PAGE_OFFSET_ACTUAL;
- machdep->identity_map_base = ARM64_FLIP_PAGE_OFFSET_ACTUAL;
- machdep->kvbase = ARM64_FLIP_PAGE_OFFSET_ACTUAL;
+ ms->page_offset = ARM64_FLIP_PAGE_OFFSET;
+ /* useless on arm64 */
+ machdep->identity_map_base = ARM64_FLIP_PAGE_OFFSET;
+ machdep->kvbase = ARM64_FLIP_PAGE_OFFSET;
ms->userspace_top = ARM64_USERSPACE_TOP_ACTUAL;
} else {
ms->page_offset = ARM64_PAGE_OFFSET;
diff --git a/defs.h b/defs.h
index eb7ce6aea331..b7b20af4bcf9 100644
--- a/defs.h
+++ b/defs.h
@@ -3234,6 +3234,7 @@ typedef signed int s32;
#define ARM64_PAGE_OFFSET ((0xffffffffffffffffUL) \
<< (machdep->machspec->VA_BITS - 1))
/* kernels >= v5.4 the kernel VA space is flipped */
+#define ARM64_FLIP_PAGE_OFFSET (-(1UL) << machdep->machspec->CONFIG_ARM64_VA_BITS)
#define ARM64_FLIP_PAGE_OFFSET_ACTUAL ((0xffffffffffffffffUL) \
- ((1UL) << machdep->machspec->VA_BITS_ACTUAL) + 1)
--
2.30.2

42
crash-7.3.0-sw.patch → 0002-crash-8.0.2-sw.patch
View File

@ -1,6 +1,6 @@
diff -Nuar crash-7.3.0.org/Makefile crash-7.3.0.sw/Makefile
--- crash-7.3.0.org/Makefile 2022-03-14 07:58:52.278814120 +0000
+++ crash-7.3.0.sw/Makefile 2022-03-15 06:11:27.978814120 +0000
diff -Nuar crash-8.0.2.org/Makefile crash-8.0.2.sw/Makefile
--- crash-8.0.2.org/Makefile 2022-03-14 07:58:52.278814120 +0000
+++ crash-8.0.2.sw/Makefile 2022-03-15 06:11:27.978814120 +0000
@@ -20,7 +20,7 @@
PROGRAM=crash
@ -38,9 +38,9 @@ diff -Nuar crash-7.3.0.org/Makefile crash-7.3.0.sw/Makefile
alpha.o: ${GENERIC_HFILES} alpha.c
${CC} -c ${CRASH_CFLAGS} alpha.c ${WARNING_OPTIONS} ${WARNING_ERROR}
diff -Nuar crash-7.3.0.org/configure.c crash-7.3.0.sw/configure.c
--- crash-7.3.0.org/configure.c 2022-03-14 07:58:52.278814120 +0000
+++ crash-7.3.0.sw/configure.c 2022-03-24 06:48:16.423873440 +0000
diff -Nuar crash-8.0.2.org/configure.c crash-8.0.2.sw/configure.c
--- crash-8.0.2.org/configure.c 2022-03-14 07:58:52.278814120 +0000
+++ crash-8.0.2.sw/configure.c 2022-03-24 06:48:16.423873440 +0000
@@ -107,6 +107,7 @@
#undef MIPS
#undef SPARC64
@ -141,9 +141,9 @@ diff -Nuar crash-7.3.0.org/configure.c crash-7.3.0.sw/configure.c
else if (strncmp(name, "ALPHA", strlen("ALPHA")) == 0)
return ALPHA;
else if (strncmp(name, "alpha", strlen("alpha")) == 0)
diff -Nuar crash-7.3.0.org/defs.h crash-7.3.0.sw/defs.h
--- crash-7.3.0.org/defs.h 2022-03-14 07:58:52.278814120 +0000
+++ crash-7.3.0.sw/defs.h 2022-03-24 06:45:53.683873440 +0000
diff -Nuar crash-8.0.2.org/defs.h crash-8.0.2.sw/defs.h
--- crash-8.0.2.org/defs.h 2022-03-14 07:58:52.278814120 +0000
+++ crash-8.0.2.sw/defs.h 2022-03-24 06:45:53.683873440 +0000
@@ -69,13 +69,16 @@
# define offsetof(TYPE, MEMBER) ((ulong)&((TYPE *)0)->MEMBER)
#endif
@ -290,9 +290,9 @@ diff -Nuar crash-7.3.0.org/defs.h crash-7.3.0.sw/defs.h
* alpha.c
*/
#ifdef ALPHA
diff -Nuar crash-7.3.0.org/gdb_interface.c crash-7.3.0.sw/gdb_interface.c
--- crash-7.3.0.org/gdb_interface.c 2022-03-14 07:58:52.288814120 +0000
+++ crash-7.3.0.sw/gdb_interface.c 2022-03-14 09:10:49.778814120 +0000
diff -Nuar crash-8.0.2.org/gdb_interface.c crash-8.0.2.sw/gdb_interface.c
--- crash-8.0.2.org/gdb_interface.c 2022-03-14 07:58:52.288814120 +0000
+++ crash-8.0.2.sw/gdb_interface.c 2022-03-14 09:10:49.778814120 +0000
@@ -1053,7 +1053,7 @@
return TRUE;
}
@ -302,9 +302,9 @@ diff -Nuar crash-7.3.0.org/gdb_interface.c crash-7.3.0.sw/gdb_interface.c
/*
* Stub routine needed for resolution by non-alpha, modified gdb code.
*/
diff -Nuar crash-7.3.0.org/lkcd_v2_v3.c crash-7.3.0.sw/lkcd_v2_v3.c
--- crash-7.3.0.org/lkcd_v2_v3.c 2022-03-14 07:58:52.288814120 +0000
+++ crash-7.3.0.sw/lkcd_v2_v3.c 2022-03-24 07:10:23.603873440 +0000
diff -Nuar crash-8.0.2.org/lkcd_v2_v3.c crash-8.0.2.sw/lkcd_v2_v3.c
--- crash-8.0.2.org/lkcd_v2_v3.c 2022-03-14 07:58:52.288814120 +0000
+++ crash-8.0.2.sw/lkcd_v2_v3.c 2022-03-24 07:10:23.603873440 +0000
@@ -336,7 +336,7 @@
lkcd_print(" dha_esp: %lx\n", dha->dha_esp);
lkcd_print(" dha_eip: %lx\n", dha->dha_eip);
@ -354,9 +354,9 @@ diff -Nuar crash-7.3.0.org/lkcd_v2_v3.c crash-7.3.0.sw/lkcd_v2_v3.c
lkcd_print(" r0: %lx\n", dha->dha_regs.r0);
lkcd_print(" r1: %lx\n", dha->dha_regs.r1);
lkcd_print(" r2: %lx\n", dha->dha_regs.r2);
diff -Nuar crash-7.3.0.org/lkcd_vmdump_v2_v3.h crash-7.3.0.sw/lkcd_vmdump_v2_v3.h
--- crash-7.3.0.org/lkcd_vmdump_v2_v3.h 2022-03-14 07:58:52.288814120 +0000
+++ crash-7.3.0.sw/lkcd_vmdump_v2_v3.h 2022-03-24 06:53:52.563873440 +0000
diff -Nuar crash-8.0.2.org/lkcd_vmdump_v2_v3.h crash-8.0.2.sw/lkcd_vmdump_v2_v3.h
--- crash-8.0.2.org/lkcd_vmdump_v2_v3.h 2022-03-14 07:58:52.288814120 +0000
+++ crash-8.0.2.sw/lkcd_vmdump_v2_v3.h 2022-03-24 06:53:52.563873440 +0000
@@ -98,7 +98,7 @@
#endif /* ARM || X86 || PPC */
@ -366,9 +366,9 @@ diff -Nuar crash-7.3.0.org/lkcd_vmdump_v2_v3.h crash-7.3.0.sw/lkcd_vmdump_v2_v3.
/*
* Plug in the real ../arch/alpha/vmdump.h when available. For now the
diff -Nuar crash-7.3.0.org/sw_64.c crash-7.3.0.sw/sw_64.c
--- crash-7.3.0.org/sw_64.c 1970-01-01 00:00:00.000000000 +0000
+++ crash-7.3.0.sw/sw_64.c 2022-03-24 07:15:25.743873440 +0000
diff -Nuar crash-8.0.2.org/sw_64.c crash-8.0.2.sw/sw_64.c
--- crash-8.0.2.org/sw_64.c 1970-01-01 00:00:00.000000000 +0000
+++ crash-8.0.2.sw/sw_64.c 2022-03-24 07:15:25.743873440 +0000
@@ -0,0 +1,2733 @@
+/* sw_64.c - core analysis suite
+ *

148
0003-arm64-fix-backtraces-of-KASAN-kernel-dumpfile-truncated.patch Normal file
View File

@ -0,0 +1,148 @@
From 5f27639196c3240810fbf30d367da0063a6612ff Mon Sep 17 00:00:00 2001
From: Ding Hui <dinghui@sangfor.com.cn>
Date: Thu, 1 Dec 2022 15:01:45 +0800
Subject: [PATCH] arm64: fix backtraces of KASAN kernel dumpfile truncated
We met "bt" command on KASAN kernel vmcore display truncated backtraces
like this:
crash> bt
PID: 4131 TASK: ffff8001521df000 CPU: 3 COMMAND: "bash"
#0 [ffff2000224b0cb0] machine_kexec_prepare at ffff2000200bff4c
After digging the root cause, it turns out that arm64_in_kdump_text()
found wrong bt->bptr at "machine_kexec" branch.
Disassemble machine_kexec() of KASAN vmlinux (gcc 7.3.0):
crash> dis -x machine_kexec
0xffff2000200bff50 <machine_kexec>: stp x29, x30, [sp,#-208]!
0xffff2000200bff54 <machine_kexec+0x4>: mov x29, sp
0xffff2000200bff58 <machine_kexec+0x8>: stp x19, x20, [sp,#16]
0xffff2000200bff5c <machine_kexec+0xc>: str x24, [sp,#56]
0xffff2000200bff60 <machine_kexec+0x10>: str x26, [sp,#72]
0xffff2000200bff64 <machine_kexec+0x14>: mov x2, #0x8ab3
0xffff2000200bff68 <machine_kexec+0x18>: add x1, x29, #0x70
0xffff2000200bff6c <machine_kexec+0x1c>: lsr x1, x1, #3
0xffff2000200bff70 <machine_kexec+0x20>: movk x2, #0x41b5, lsl #16
0xffff2000200bff74 <machine_kexec+0x24>: mov x19, #0x200000000000
0xffff2000200bff78 <machine_kexec+0x28>: adrp x3, 0xffff2000224b0000
0xffff2000200bff7c <machine_kexec+0x2c>: movk x19, #0xdfff, lsl #48
0xffff2000200bff80 <machine_kexec+0x30>: add x3, x3, #0xcb0
0xffff2000200bff84 <machine_kexec+0x34>: add x4, x1, x19
0xffff2000200bff88 <machine_kexec+0x38>: stp x2, x3, [x29,#112]
0xffff2000200bff8c <machine_kexec+0x3c>: adrp x2, 0xffff2000200bf000 <swsusp_arch_resume+0x1e8>
0xffff2000200bff90 <machine_kexec+0x40>: add x2, x2, #0xf50
0xffff2000200bff94 <machine_kexec+0x44>: str x2, [x29,#128]
0xffff2000200bff98 <machine_kexec+0x48>: mov w2, #0xf1f1f1f1
0xffff2000200bff9c <machine_kexec+0x4c>: str w2, [x1,x19]
0xffff2000200bffa0 <machine_kexec+0x50>: mov w2, #0xf200
0xffff2000200bffa4 <machine_kexec+0x54>: mov w1, #0xf3f3f3f3
0xffff2000200bffa8 <machine_kexec+0x58>: movk w2, #0xf2f2, lsl #16
0xffff2000200bffac <machine_kexec+0x5c>: stp w2, w1, [x4,#4]
We notice that:
1. machine_kexec() start address is 0xffff2000200bff50
2. the instruction at machine_kexec+0x44 stores the same value
0xffff2000200bff50 (comes from 0xffff2000200bf000 + 0xf50)
into stack postion [x29,#128].
When arm64_in_kdump_text() searches for LR from stack, it met
0xffff2000200bff50 firstly, so got wrong bt->bptr.
We know that the real LR is always greater than the start address
of a function, so let's fix it by changing the search conditon to
(*ptr > xxx_start) && (*ptr < xxx_end).
Signed-off-by: Ding Hui <dinghui@sangfor.com.cn>
---
arm64.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/arm64.c b/arm64.c
index c3e26a3..7e8a7db 100644
--- a/arm64.c
+++ b/arm64.c
@@ -3479,7 +3479,7 @@ arm64_in_kdump_text(struct bt_info *bt, struct arm64_stackframe *frame)
ms = machdep->machspec;
for (ptr = start - 8; ptr >= base; ptr--) {
if (bt->flags & BT_OPT_BACK_TRACE) {
- if ((*ptr >= ms->crash_kexec_start) &&
+ if ((*ptr > ms->crash_kexec_start) &&
(*ptr < ms->crash_kexec_end) &&
INSTACK(*(ptr - 1), bt)) {
bt->bptr = ((ulong)(ptr - 1) - (ulong)base)
@@ -3488,7 +3488,7 @@ arm64_in_kdump_text(struct bt_info *bt, struct arm64_stackframe *frame)
fprintf(fp, "%lx: %lx (crash_kexec)\n", bt->bptr, *ptr);
return TRUE;
}
- if ((*ptr >= ms->crash_save_cpu_start) &&
+ if ((*ptr > ms->crash_save_cpu_start) &&
(*ptr < ms->crash_save_cpu_end) &&
INSTACK(*(ptr - 1), bt)) {
bt->bptr = ((ulong)(ptr - 1) - (ulong)base)
@@ -3498,14 +3498,14 @@ arm64_in_kdump_text(struct bt_info *bt, struct arm64_stackframe *frame)
return TRUE;
}
} else {
- if ((*ptr >= ms->machine_kexec_start) && (*ptr < ms->machine_kexec_end)) {
+ if ((*ptr > ms->machine_kexec_start) && (*ptr < ms->machine_kexec_end)) {
bt->bptr = ((ulong)ptr - (ulong)base)
+ task_to_stackbase(bt->tc->task);
if (CRASHDEBUG(1))
fprintf(fp, "%lx: %lx (machine_kexec)\n", bt->bptr, *ptr);
return TRUE;
}
- if ((*ptr >= ms->crash_kexec_start) && (*ptr < ms->crash_kexec_end)) {
+ if ((*ptr > ms->crash_kexec_start) && (*ptr < ms->crash_kexec_end)) {
/*
* Stash the first crash_kexec frame in case the machine_kexec
* frame is not found.
@@ -3519,7 +3519,7 @@ arm64_in_kdump_text(struct bt_info *bt, struct arm64_stackframe *frame)
}
continue;
}
- if ((*ptr >= ms->crash_save_cpu_start) && (*ptr < ms->crash_save_cpu_end)) {
+ if ((*ptr > ms->crash_save_cpu_start) && (*ptr < ms->crash_save_cpu_end)) {
bt->bptr = ((ulong)ptr - (ulong)base)
+ task_to_stackbase(bt->tc->task);
if (CRASHDEBUG(1))
@@ -3566,7 +3566,7 @@ arm64_in_kdump_text_on_irq_stack(struct bt_info *bt)
for (ptr = start - 8; ptr >= base; ptr--) {
if (bt->flags & BT_OPT_BACK_TRACE) {
- if ((*ptr >= ms->crash_kexec_start) &&
+ if ((*ptr > ms->crash_kexec_start) &&
(*ptr < ms->crash_kexec_end) &&
INSTACK(*(ptr - 1), bt)) {
bt->bptr = ((ulong)(ptr - 1) - (ulong)base) + stackbase;
@@ -3576,7 +3576,7 @@ arm64_in_kdump_text_on_irq_stack(struct bt_info *bt)
FREEBUF(stackbuf);
return TRUE;
}
- if ((*ptr >= ms->crash_save_cpu_start) &&
+ if ((*ptr > ms->crash_save_cpu_start) &&
(*ptr < ms->crash_save_cpu_end) &&
INSTACK(*(ptr - 1), bt)) {
bt->bptr = ((ulong)(ptr - 1) - (ulong)base) + stackbase;
@@ -3587,7 +3587,7 @@ arm64_in_kdump_text_on_irq_stack(struct bt_info *bt)
return TRUE;
}
} else {
- if ((*ptr >= ms->crash_kexec_start) && (*ptr < ms->crash_kexec_end)) {
+ if ((*ptr > ms->crash_kexec_start) && (*ptr < ms->crash_kexec_end)) {
bt->bptr = ((ulong)ptr - (ulong)base) + stackbase;
if (CRASHDEBUG(1))
fprintf(fp, "%lx: %lx (crash_kexec on IRQ stack)\n",
@@ -3595,7 +3595,7 @@ arm64_in_kdump_text_on_irq_stack(struct bt_info *bt)
FREEBUF(stackbuf);
return TRUE;
}
- if ((*ptr >= ms->crash_save_cpu_start) && (*ptr < ms->crash_save_cpu_end)) {
+ if ((*ptr > ms->crash_save_cpu_start) && (*ptr < ms->crash_save_cpu_end)) {
bt->bptr = ((ulong)ptr - (ulong)base) + stackbase;
if (CRASHDEBUG(1))
fprintf(fp, "%lx: %lx (crash_save_cpu on IRQ stack)\n",
--
2.33.0

83
0003-arm64-use-dedicated-bits-to-record-the-VA-space-layo.patch
View File

@ -1,83 +0,0 @@
From bf1379a8b6ff8d6a8fa12978f7194f15f85c4380 Mon Sep 17 00:00:00 2001
From: Pingfan Liu <piliu@redhat.com>
Date: Fri, 2 Jul 2021 10:14:23 +0800
Subject: [PATCH 15/16] arm64: use dedicated bits to record the VA space layout
changes
arm64 memory layout experiences big changes due to the following kernel
commits in date descending order:
5. 7bc1a0f9e176 arm64: mm: use single quantity to represent the PA to VA translation
4. b6d00d47e81a arm64: mm: Introduce 52-bit Kernel VAs
3. 5383cc6efed1 arm64: mm: Introduce vabits_actual
2. 14c127c957c1 arm64: mm: Flip kernel VA space
1. f80fb3a3d508 arm64: add support for kernel ASLR
For 1, crash has already used NEW_VMEMMAP to trace it.
For 2, crash lacks a flag to tag it and handle it differently.
For 3, two important kernel variables vabits_actual and physvirt_offset
are introduced.
For 4, since it comes immediately after 3, crash-utility does not need
to distinguish it.
For 5, kernel variable phyvirt_offset is removed
These changes have effects on PTOV()/VTOP() formula. So introducing
two bits HAS_PHYSVIRT_OFFSET and FLIPPED_VM as hint to apply different
formula.
Signed-off-by: Pingfan Liu <piliu@redhat.com>
Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
---
arm64.c | 10 ++++++++++
defs.h | 2 ++
2 files changed, 12 insertions(+)
diff --git a/arm64.c b/arm64.c
index 149db36cd119..b04369f6d4d8 100644
--- a/arm64.c
+++ b/arm64.c
@@ -563,6 +563,10 @@ arm64_dump_machdep_table(ulong arg)
fprintf(fp, "%sMACHDEP_BT_TEXT", others++ ? "|" : "");
if (machdep->flags & NEW_VMEMMAP)
fprintf(fp, "%sNEW_VMEMMAP", others++ ? "|" : "");
+ if (machdep->flags & FLIPPED_VM)
+ fprintf(fp, "%sFLIPPED_VM", others++ ? "|" : "");
+ if (machdep->flags & HAS_PHYSVIRT_OFFSET)
+ fprintf(fp, "%sHAS_PHYSVIRT_OFFSET", others++ ? "|" : "");
fprintf(fp, ")\n");
fprintf(fp, " kvbase: %lx\n", machdep->kvbase);
@@ -997,6 +1001,7 @@ arm64_calc_physvirt_offset(void)
if (READMEM(pc->mfd, &physvirt_offset, sizeof(physvirt_offset),
sp->value, sp->value -
machdep->machspec->kimage_voffset) > 0) {
+ machdep->flags |= HAS_PHYSVIRT_OFFSET;
ms->physvirt_offset = physvirt_offset;
}
}
@@ -3963,6 +3968,11 @@ arm64_calc_VA_BITS(void)
error(FATAL, "cannot determine VA_BITS_ACTUAL\n");
}
+ /*
+ * The mm flip commit is introduced before 52-bits VA, which is before the
+ * commit to export NUMBER(TCR_EL1_T1SZ)
+ */
+ machdep->flags |= FLIPPED_VM;
return;
}
diff --git a/defs.h b/defs.h
index b7b20af4bcf9..eca145cb881c 100644
--- a/defs.h
+++ b/defs.h
@@ -3214,6 +3214,8 @@ typedef signed int s32;
#define NEW_VMEMMAP (0x80)
#define VM_L4_4K (0x100)
#define UNW_4_14 (0x200)
+#define FLIPPED_VM (0x400)
+#define HAS_PHYSVIRT_OFFSET (0x800)
/*
* Get kimage_voffset from /dev/crash
--
2.30.2

165
0004-arm64-implement-switchable-PTOV-VTOP-for-kernels-5.1.patch
View File

@ -1,165 +0,0 @@
From f53b73e8380bca054cebd2b61ff118c46609429b Mon Sep 17 00:00:00 2001
From: Pingfan Liu <piliu@redhat.com>
Date: Fri, 2 Jul 2021 10:14:24 +0800
Subject: [PATCH 16/16] arm64: implement switchable PTOV()/VTOP() for kernels
>= 5.10
Crash encounters a bug like the following:
...
SECTION_SIZE_BITS: 30
CONFIG_ARM64_VA_BITS: 52
VA_BITS_ACTUAL: 48
(calculated) VA_BITS: 48
PAGE_OFFSET: ffff000000000000
VA_START: ffff800000000000
modules: ffff800008000000 - ffff80000fffffff
vmalloc: ffff800010000000 - ffffffdfdffeffff
kernel image: ffff800010000000 - ffff800012750000
vmemmap: ffffffdfffe00000 - ffffffffffffffff
<readmem: ffff800011c53bc8, KVADDR, "nr_irqs", 4, (FOE), b47bdc>
<read_kdump: addr: ffff800011c53bc8 paddr: eb453bc8 cnt: 4>
read_netdump: addr: ffff800011c53bc8 paddr: eb453bc8 cnt: 4 offset: 1c73bc8
irq_stack_ptr:
type: 1, TYPE_CODE_PTR
target_typecode: 8, TYPE_CODE_INT
target_length: 8
length: 8
GNU_GET_DATATYPE[thread_union]: returned via gdb_error_hook
<readmem: ffff000b779c0050, KVADDR, "IRQ stack pointer", 8, (ROE), 3a37bea0>
<read_kdump: addr: ffff000b779c0050 paddr: fff1000bf79c0050 cnt: 8>
read_netdump: READ_ERROR: offset not found for paddr: fff1000bf79c0050
crash: read error: kernel virtual address: ffff000b779c0050 type: "IRQ stack pointer"
...
Apparently, for a normal system, the 'paddr: fff1000bf79c0050' is
unreasonable.
This bug connects with kernel commit 7bc1a0f9e176 ("arm64: mm: use
single quantity to represent the PA to VA translation"), which removed
physvirt_offset kernel variable and changed the PTOV()/VTOP() formulas.
Implement switchable PTOV()/VTOP() to cope with different kernel
version.
Signed-off-by: Pingfan Liu <piliu@redhat.com>
Signed-off-by: Lianbo Jiang <lijiang@redhat.com>
---
arm64.c | 37 +++++++++++++++++++++++++++++++++----
defs.h | 9 ++++-----
2 files changed, 37 insertions(+), 9 deletions(-)
diff --git a/arm64.c b/arm64.c
index b04369f6d4d8..d73d5c5a4fed 100644
--- a/arm64.c
+++ b/arm64.c
@@ -994,8 +994,6 @@ arm64_calc_physvirt_offset(void)
ulong physvirt_offset;
struct syment *sp;
- ms->physvirt_offset = ms->phys_offset - ms->page_offset;
-
if ((sp = kernel_symbol_search("physvirt_offset")) &&
machdep->machspec->kimage_voffset) {
if (READMEM(pc->mfd, &physvirt_offset, sizeof(physvirt_offset),
@@ -1003,8 +1001,13 @@ arm64_calc_physvirt_offset(void)
machdep->machspec->kimage_voffset) > 0) {
machdep->flags |= HAS_PHYSVIRT_OFFSET;
ms->physvirt_offset = physvirt_offset;
+ return;
}
}
+
+ /* Useless if no symbol 'physvirt_offset', just keep semantics */
+ ms->physvirt_offset = ms->phys_offset - ms->page_offset;
+
}
static void
@@ -1051,6 +1054,7 @@ arm64_calc_phys_offset(void)
if (READMEM(pc->mfd, &phys_offset, sizeof(phys_offset),
vaddr, paddr) > 0) {
ms->phys_offset = phys_offset;
+
return;
}
}
@@ -1178,6 +1182,21 @@ arm64_init_kernel_pgd(void)
vt->kernel_pgd[i] = value;
}
+ulong arm64_PTOV(ulong paddr)
+{
+ struct machine_specific *ms = machdep->machspec;
+
+ /*
+ * Either older kernel before kernel has 'physvirt_offset' or newer
+ * kernel which removes 'physvirt_offset' has the same formula:
+ * #define __phys_to_virt(x) ((unsigned long)((x) - PHYS_OFFSET) | PAGE_OFFSET)
+ */
+ if (!(machdep->flags & HAS_PHYSVIRT_OFFSET))
+ return (paddr - ms->phys_offset) | PAGE_OFFSET;
+ else
+ return paddr - ms->physvirt_offset;
+}
+
ulong
arm64_VTOP(ulong addr)
{
@@ -1188,8 +1207,18 @@ arm64_VTOP(ulong addr)
return addr - machdep->machspec->kimage_voffset;
}
- if (addr >= machdep->machspec->page_offset)
- return addr + machdep->machspec->physvirt_offset;
+ if (addr >= machdep->machspec->page_offset) {
+ if (machdep->flags & HAS_PHYSVIRT_OFFSET) {
+ return addr + machdep->machspec->physvirt_offset;
+ } else {
+ /*
+ * Either older kernel before kernel has 'physvirt_offset' or newer
+ * kernel which removes 'physvirt_offset' has the same formula:
+ * #define __lm_to_phys(addr) (((addr) & ~PAGE_OFFSET) + PHYS_OFFSET)
+ */
+ return (addr & ~PAGE_OFFSET) + machdep->machspec->phys_offset;
+ }
+ }
else if (machdep->machspec->kimage_voffset)
return addr - machdep->machspec->kimage_voffset;
else /* no randomness */
diff --git a/defs.h b/defs.h
index eca145cb881c..c91177a245fd 100644
--- a/defs.h
+++ b/defs.h
@@ -3092,11 +3092,6 @@ typedef u64 pte_t;
#define _64BIT_
#define MACHINE_TYPE "ARM64"
-#define PTOV(X) \
- ((unsigned long)(X) - (machdep->machspec->physvirt_offset))
-
-#define VTOP(X) arm64_VTOP((ulong)(X))
-
#define USERSPACE_TOP (machdep->machspec->userspace_top)
#define PAGE_OFFSET (machdep->machspec->page_offset)
#define VMALLOC_START (machdep->machspec->vmalloc_start_addr)
@@ -3106,6 +3101,9 @@ typedef u64 pte_t;
#define MODULES_VADDR (machdep->machspec->modules_vaddr)
#define MODULES_END (machdep->machspec->modules_end)
+#define PTOV(X) arm64_PTOV((ulong)(X))
+#define VTOP(X) arm64_VTOP((ulong)(X))
+
#define IS_VMALLOC_ADDR(X) arm64_IS_VMALLOC_ADDR((ulong)(X))
#define PAGEBASE(X) (((ulong)(X)) & (ulong)machdep->pagemask)
@@ -5910,6 +5908,7 @@ void unwind_backtrace(struct bt_info *);
void arm64_init(int);
void arm64_dump_machdep_table(ulong);
ulong arm64_VTOP(ulong);
+ulong arm64_PTOV(ulong);
int arm64_IS_VMALLOC_ADDR(ulong);
ulong arm64_swp_type(ulong);
ulong arm64_swp_offset(ulong);
--
2.30.2

2820
0004-riscv-support.patch Normal file
View File

File diff suppressed because it is too large Load Diff

17364
0005-crash-add-loongarch-support.patch Normal file
View File

File diff suppressed because it is too large Load Diff

47
0006-arm64-Fix-again-segfault-in-arm64_is_kernel_exceptio.patch Normal file
View File

@ -0,0 +1,47 @@
From 6c8cd9b5dcf48221e5f75fc5850bb4719d77acce Mon Sep 17 00:00:00 2001
From: HATAYAMA Daisuke <d.hatayama@fujitsu.com>
Date: Wed, 7 Jun 2023 18:37:34 +0900
Subject: [PATCH] arm64: Fix again segfault in
arm64_is_kernel_exception_frame() when corrupt stack pointer address is given
This is the second trial from the commit
9868ebc8e648e5791764a51567a23efae7170d9b that was reverted at the
previous commit.
As described in the previous commit, result of STACK_OFFSET_TYPE() can
be an address out of bt->stackbuf and hence the address needs to be
checked prior to being referred to as an pt_regs object.
So, to fix the issue, let's check if stkptr points to within the range
of the kernel stack first.
[ kh: added a warning at Lianbo's suggestion ]
Signed-off-by: HATAYAMA Daisuke <d.hatayama@fujitsu.com>
Conflict:NA
Reference:https://github.com/crash-utility/crash/commit/6c8cd9b5dcf48221e5f75fc5850bb4719d77acce
---
arm64.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arm64.c b/arm64.c
index efbdccb..67b1a22 100644
--- a/arm64.c
+++ b/arm64.c
@@ -2381,6 +2381,12 @@ arm64_is_kernel_exception_frame(struct bt_info *bt, ulong stkptr)
struct arm64_pt_regs *regs;
struct machine_specific *ms = machdep->machspec;
+ if (stkptr > STACKSIZE() && !INSTACK(stkptr, bt)) {
+ if (CRASHDEBUG(1))
+ error(WARNING, "stkptr: %lx is outside the kernel stack range\n", stkptr);
+ return FALSE;
+ }
+
regs = (struct arm64_pt_regs *)&bt->stackbuf[(ulong)(STACK_OFFSET_TYPE(stkptr))];
if (INSTACK(regs->sp, bt) && INSTACK(regs->regs[29], bt) &&
--
2.43.0

71
0007-arm64-fix-a-potential-segfault-when-unwind-frame.patch Normal file
View File

@ -0,0 +1,71 @@
From af895b219876b293d551e6dec825aba3905c0588 Mon Sep 17 00:00:00 2001
From: "qiwu.chen" <qiwu.chen@transsion.com>
Date: Wed, 24 Jul 2024 01:36:09 +0000
Subject: [PATCH] arm64: fix a potential segfault when unwind frame
The range of frame->fp is checked insufficiently, which may lead to a wrong
next fp. As a result, bt->stackbuf will be accessed out of range, and segfault.
crash> bt
[Detaching after fork from child process 11409]
PID: 7661 TASK: ffffff81858aa500 CPU: 4 COMMAND: "sh"
#0 [ffffffc008003f50] local_cpu_stop at ffffffdd7669444c
Thread 1 "crash" received signal SIGSEGV, Segmentation fault.
0x00005555558266cc in arm64_unwind_frame (bt=0x7fffffffd8f0, frame=0x7fffffffd080) at
arm64.c:2821
2821 frame->fp = GET_STACK_ULONG(fp);
(gdb) bt
arm64.c:2821
out>) at main.c:1338
gdb_interface.c:81
(gdb) p /x *(struct bt_info*) 0x7fffffffd8f0
$3 = {task = 0xffffff81858aa500, flags = 0x0, instptr = 0xffffffdd76694450, stkptr =
0xffffffc008003f40, bptr = 0x0, stackbase = 0xffffffc027288000,
stacktop = 0xffffffc02728c000, stackbuf = 0x555556115a40, tc = 0x55559d16fdc0, hp = 0x0,
textlist = 0x0, ref = 0x0, frameptr = 0xffffffc008003f50,
call_target = 0x0, machdep = 0x0, debug = 0x0, eframe_ip = 0x0, radix = 0x0, cpumask =
0x0}
(gdb) p /x *(struct arm64_stackframe*) 0x7fffffffd080
$4 = {fp = 0xffffffc008003f50, sp = 0xffffffc008003f60, pc = 0xffffffdd76694450}
crash> bt -S 0xffffffc008003f50
PID: 7661 TASK: ffffff81858aa500 CPU: 4 COMMAND: "sh"
bt: non-process stack address for this task: ffffffc008003f50
(valid range: ffffffc027288000 - ffffffc02728c000)
Check frame->fp value sufficiently before access it. Only frame->fp within
the range of bt->stackbase and bt->stacktop will be regarded as valid.
Signed-off-by: qiwu.chen <qiwu.chen@transsion.com>
Conflict:NA
Reference:https://github.com/crash-utility/crash/commit/af895b219876b293d551e6dec825aba3905c0588
---
arm64.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arm64.c b/arm64.c
index b3040d7..624dba2 100644
--- a/arm64.c
+++ b/arm64.c
@@ -2814,7 +2814,7 @@ arm64_unwind_frame(struct bt_info *bt, struct arm64_stackframe *frame)
low = frame->sp;
high = (low + stack_mask) & ~(stack_mask);
- if (fp < low || fp > high || fp & 0xf)
+ if (fp < low || fp > high || fp & 0xf || !INSTACK(fp, bt))
return FALSE;
frame->sp = fp + 0x10;
@@ -3024,7 +3024,7 @@ arm64_unwind_frame_v2(struct bt_info *bt, struct arm64_stackframe *frame,
low = frame->sp;
high = (low + stack_mask) & ~(stack_mask);
- if (fp < low || fp > high || fp & 0xf)
+ if (fp < low || fp > high || fp & 0xf || !INSTACK(fp, bt))
return FALSE;
if (CRASHDEBUG(1))
--
2.43.0

46
0008-arm64-fix-SDEI-stack-frame-unwind-while-UNW_4_14-is-.patch Normal file
View File

@ -0,0 +1,46 @@
From 45685956da58b15d4542d59b95888b1968980c68 Mon Sep 17 00:00:00 2001
From: Xiaoguang Wang <lege.wang@jaguarmicro.com>
Date: Thu, 7 Nov 2024 14:40:07 +0800
Subject: [PATCH] arm64: fix SDEI stack frame unwind while UNW_4_14 is set
Fix two bugs:
1) If BT_IRQSTACK is set, both irq_stack and sdei_normal_stack need
to be checked while switching to process stack.
2) Use bt->frameptr in arm64_unwind_frame() just like irq stack.
Fixes: 442da89f4898 ("crash: add SDEI stack resolution")
Signed-off-by: Xiaoguang Wang <lege.wang@jaguarmicro.com>
---
arm64.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arm64.c b/arm64.c
index b99baa3..34c3b08 100644
--- a/arm64.c
+++ b/arm64.c
@@ -3244,10 +3244,10 @@ arm64_unwind_frame(struct bt_info *bt, struct arm64_stackframe *frame)
if (machdep->flags & UNW_4_14) {
if (((bt->flags & BT_IRQSTACK) &&
- !arm64_on_irq_stack(bt->tc->processor, frame->fp)) ||
+ !arm64_on_irq_stack(bt->tc->processor, frame->fp) &&
+ !arm64_in_sdei_normal_stack(bt->tc->processor, frame->fp)) ||
((bt->flags & BT_OVERFLOW_STACK) &&
- !arm64_on_overflow_stack(bt->tc->processor, frame->fp)) &&
- !arm64_in_sdei_normal_stack(bt->tc->processor, frame->fp)) {
+ !arm64_on_overflow_stack(bt->tc->processor, frame->fp))) {
if (arm64_on_process_stack(bt, frame->fp)) {
arm64_set_process_stack(bt);
@@ -3696,7 +3696,7 @@ arm64_back_trace_cmd(struct bt_info *bt)
arm64_set_overflow_stack(bt);
bt->flags |= BT_OVERFLOW_STACK;
}
- if (arm64_in_sdei_normal_stack(bt->tc->processor, bt->bptr)) {
+ if (arm64_in_sdei_normal_stack(bt->tc->processor, bt->frameptr)) {
arm64_set_sdei_normal_stack(bt);
bt->flags |= BT_IRQSTACK;
}
--
2.34.1

BIN
7.3.0.tar.gz
View File

Binary file not shown.

BIN
8.0.2.tar.gz Normal file
View File

Binary file not shown.

57
Fix-live-debugging-with-lockdown-integrity.patch
View File

@ -1,57 +0,0 @@
From e90c0011d6e9476104c4c43aa76d2d0830a15946 Mon Sep 17 00:00:00 2001
From: Philipp Rudo <prudo@redhat.com>
Date: Tue, 9 Nov 2021 14:52:22 +0100
Subject: [PATCH] Fix live debugging with lockdown=integrity
With kernel lockdown the access to kernel interfaces that allow to
extract confidential information (lockdown=confidentiality) or modify a
running kernel (lockdown=integrity) can be restricted. Two of the
interfaces that can be restricted are /dev/mem (integrity &
confidentiality) and /proc/kcore (confidentiality). With
lockdown=integrity this leads to a situation where /dev/mem exists but
is not readable while /proc/kcore exists and is readable. This breaks
crash's live debugging when it is invoked without argument, i.e.
$ crash
[...]
crash: /dev/mem: Operation not permitted
while passing /proc/kcore as image succeeds. The reason for this is that
crash always picks /dev/mem as source when it exits but doesn't check if
it is readable. Fix this by only selecting /dev/mem when it is readable.
Signed-off-by: Philipp Rudo <prudo@redhat.com>
---
filesys.c | 2 +-
main.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/filesys.c b/filesys.c
index 3361b6c..43cbe82 100644
--- a/filesys.c
+++ b/filesys.c
@@ -3666,7 +3666,7 @@ get_live_memory_source(void)
if (pc->live_memsrc)
goto live_report;
- if (file_exists("/dev/mem", NULL))
+ if (file_readable("/dev/mem"))
pc->live_memsrc = "/dev/mem";
else if (file_exists("/proc/kcore", NULL)) {
pc->flags &= ~DEVMEM;
diff --git a/main.c b/main.c
index 388ac46..dfd343c 100644
--- a/main.c
+++ b/main.c
@@ -1119,7 +1119,7 @@ setup_environment(int argc, char **argv)
pc->flags2 |= REDZONE;
pc->confd = -2;
pc->machine_type = MACHINE_TYPE;
- if (file_exists("/dev/mem", NULL)) { /* defaults until argv[] is parsed */
+ if (file_readable("/dev/mem")) { /* defaults until argv[] is parsed */
pc->readmem = read_dev_mem;
pc->writemem = write_dev_mem;
} else if (file_exists("/proc/kcore", NULL)) {
--
2.27.0

56
Handle-task_struct-cpu-member-changes-for-kernels-5..patch
View File

@ -1,56 +0,0 @@
From 68870c83d299603c07785e3530e33c13045c87ef Mon Sep 17 00:00:00 2001
From: Alexander Egorenkov <egorenar@linux.ibm.com>
Date: Wed, 13 Oct 2021 10:56:39 +0200
Subject: [PATCH] Handle task_struct cpu member changes for kernels >= 5.16-rc1
Kernel commit bcf9033e5449bdcaa9bed46467a7141a8049dadb
("sched: move CPU field back into thread_info if THREAD_INFO_IN_TASK=y")
moved the member cpu of task_struct back into thread_info.
Without the patch, crash fails with the following error message
during session initialization:
crash: invalid structure member offset: task_struct_cpu
FILE: task.c LINE: 2904 FUNCTION: add_context()
Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Signed-off-by: Kazuhito Hagio <k-hagio-ab@nec.com>
---
task.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/task.c b/task.c
index 672b416..bb6a5da 100644
--- a/task.c
+++ b/task.c
@@ -278,8 +278,10 @@ task_init(void)
} else if (VALID_MEMBER(task_struct_stack))
MEMBER_OFFSET_INIT(task_struct_thread_info, "task_struct", "stack");
+ MEMBER_OFFSET_INIT(task_struct_cpu, "task_struct", "cpu");
+
if (VALID_MEMBER(task_struct_thread_info)) {
- if (tt->flags & THREAD_INFO_IN_TASK) {
+ if (tt->flags & THREAD_INFO_IN_TASK && VALID_MEMBER(task_struct_cpu)) {
MEMBER_OFFSET_INIT(thread_info_flags, "thread_info", "flags");
/* (unnecessary) reminders */
ASSIGN_OFFSET(thread_info_task) = INVALID_OFFSET;
@@ -315,7 +317,6 @@ task_init(void)
MEMBER_OFFSET_INIT(task_struct_has_cpu, "task_struct", "has_cpu");
MEMBER_OFFSET_INIT(task_struct_cpus_runnable,
"task_struct", "cpus_runnable");
- MEMBER_OFFSET_INIT(task_struct_cpu, "task_struct", "cpu");
MEMBER_OFFSET_INIT(task_struct_active_mm, "task_struct", "active_mm");
MEMBER_OFFSET_INIT(task_struct_next_run, "task_struct", "next_run");
MEMBER_OFFSET_INIT(task_struct_flags, "task_struct", "flags");
@@ -2900,7 +2901,7 @@ add_context(ulong task, char *tp)
else
tc->thread_info = ULONG(tp + OFFSET(task_struct_thread_info));
fill_thread_info(tc->thread_info);
- if (tt->flags & THREAD_INFO_IN_TASK)
+ if (tt->flags & THREAD_INFO_IN_TASK && VALID_MEMBER(task_struct_cpu))
processor_addr = (int *) (tp + OFFSET(task_struct_cpu));
else
processor_addr = (int *) (tt->thread_info +
--
2.23.0

181
arm64-fix-backtraces-of-KASAN-kernel-dumpfile-truncated.patch
View File

@ -1,181 +0,0 @@
From 41f9396b3ec962121553a2e59027db7b08741321 Mon Sep 17 00:00:00 2001
From: Ding Hui <dinghui@sangfor.com.cn>
Date: Thu, 1 Dec 2022 11:59:33 +0800
Subject: [PATCH] arm64: fix backtraces of KASAN kernel dumpfile truncated
We met "bt" cmd on KASAN kernel vmcore display truncated backtraces
like this:
crash> bt
PID: 4131 TASK: ffff8001521df000 CPU: 3 COMMAND: "bash"
#0 [ffff2000224b0cb0] machine_kexec_prepare at ffff2000200bff4c
After digging the root cause, it turns out that arm64_in_kdump_text()
found wrong bt->bptr at "machine_kexec" branch.
If CONFIG_KASAN=y, disassemble machine_kexec() of KASAN vmlinux (gcc 7.3.0)
like this:
crash> dis -x machine_kexec
0xffff2000200bff50 <machine_kexec>: stp x29, x30, [sp,#-208]!
0xffff2000200bff54 <machine_kexec+0x4>: mov x29, sp
0xffff2000200bff58 <machine_kexec+0x8>: stp x19, x20, [sp,#16]
0xffff2000200bff5c <machine_kexec+0xc>: str x24, [sp,#56]
0xffff2000200bff60 <machine_kexec+0x10>: str x26, [sp,#72]
0xffff2000200bff64 <machine_kexec+0x14>: mov x2, #0x8ab3
0xffff2000200bff68 <machine_kexec+0x18>: add x1, x29, #0x70
0xffff2000200bff6c <machine_kexec+0x1c>: lsr x1, x1, #3
0xffff2000200bff70 <machine_kexec+0x20>: movk x2, #0x41b5, lsl #16
0xffff2000200bff74 <machine_kexec+0x24>: mov x19, #0x200000000000
0xffff2000200bff78 <machine_kexec+0x28>: adrp x3, 0xffff2000224b0000
0xffff2000200bff7c <machine_kexec+0x2c>: movk x19, #0xdfff, lsl #48
0xffff2000200bff80 <machine_kexec+0x30>: add x3, x3, #0xcb0
0xffff2000200bff84 <machine_kexec+0x34>: add x4, x1, x19
0xffff2000200bff88 <machine_kexec+0x38>: stp x2, x3, [x29,#112]
0xffff2000200bff8c <machine_kexec+0x3c>: adrp x2, 0xffff2000200bf000 <swsusp_arch_resume+0x1e8>
0xffff2000200bff90 <machine_kexec+0x40>: add x2, x2, #0xf50
0xffff2000200bff94 <machine_kexec+0x44>: str x2, [x29,#128]
0xffff2000200bff98 <machine_kexec+0x48>: mov w2, #0xf1f1f1f1
0xffff2000200bff9c <machine_kexec+0x4c>: str w2, [x1,x19]
0xffff2000200bffa0 <machine_kexec+0x50>: mov w2, #0xf200
0xffff2000200bffa4 <machine_kexec+0x54>: mov w1, #0xf3f3f3f3
0xffff2000200bffa8 <machine_kexec+0x58>: movk w2, #0xf2f2, lsl #16
0xffff2000200bffac <machine_kexec+0x5c>: stp w2, w1, [x4,#4]
We notice that:
1. machine_kexec() start address is 0xffff2000200bff50
2. the instruction at machine_kexec+0x44 store the same value
0xffff2000200bff50 (comes from 0xffff2000200bf000 + 0xf50)
into stack postion [x29,#128].
When arm64_in_kdump_text() search LR from stack, it met
0xffff2000200bff50 firstly, so got wrong bt->bptr.
We know that the real LR is always great than the start address
of a function, so let's fix it by change the search conditon to
(*ptr > xxx_start) && (*ptr < xxx_end).
[ dh: port for SDEI stack ]
Signed-off-by: Ding Hui <dinghui@sangfor.com.cn>
Index: crash-7.3.0/arm64.c
===================================================================
--- crash-7.3.0.orig/arm64.c
+++ crash-7.3.0/arm64.c
@@ -3060,7 +3060,7 @@ arm64_in_kdump_text(struct bt_info *bt,
ms = machdep->machspec;
for (ptr = start - 8; ptr >= base; ptr--) {
if (bt->flags & BT_OPT_BACK_TRACE) {
- if ((*ptr >= ms->crash_kexec_start) &&
+ if ((*ptr > ms->crash_kexec_start) &&
(*ptr < ms->crash_kexec_end) &&
INSTACK(*(ptr - 1), bt)) {
bt->bptr = ((ulong)(ptr - 1) - (ulong)base)
@@ -3069,7 +3069,7 @@ arm64_in_kdump_text(struct bt_info *bt,
fprintf(fp, "%lx: %lx (crash_kexec)\n", bt->bptr, *ptr);
return TRUE;
}
- if ((*ptr >= ms->crash_save_cpu_start) &&
+ if ((*ptr > ms->crash_save_cpu_start) &&
(*ptr < ms->crash_save_cpu_end) &&
INSTACK(*(ptr - 1), bt)) {
bt->bptr = ((ulong)(ptr - 1) - (ulong)base)
@@ -3079,14 +3079,14 @@ arm64_in_kdump_text(struct bt_info *bt,
return TRUE;
}
} else {
- if ((*ptr >= ms->machine_kexec_start) && (*ptr < ms->machine_kexec_end)) {
+ if ((*ptr > ms->machine_kexec_start) && (*ptr < ms->machine_kexec_end)) {
bt->bptr = ((ulong)ptr - (ulong)base)
+ task_to_stackbase(bt->tc->task);
if (CRASHDEBUG(1))
fprintf(fp, "%lx: %lx (machine_kexec)\n", bt->bptr, *ptr);
return TRUE;
}
- if ((*ptr >= ms->crash_kexec_start) && (*ptr < ms->crash_kexec_end)) {
+ if ((*ptr > ms->crash_kexec_start) && (*ptr < ms->crash_kexec_end)) {
/*
* Stash the first crash_kexec frame in case the machine_kexec
* frame is not found.
@@ -3100,7 +3100,7 @@ arm64_in_kdump_text(struct bt_info *bt,
}
continue;
}
- if ((*ptr >= ms->crash_save_cpu_start) && (*ptr < ms->crash_save_cpu_end)) {
+ if ((*ptr > ms->crash_save_cpu_start) && (*ptr < ms->crash_save_cpu_end)) {
bt->bptr = ((ulong)ptr - (ulong)base)
+ task_to_stackbase(bt->tc->task);
if (CRASHDEBUG(1))
@@ -3149,7 +3149,7 @@ arm64_in_kdump_text_on_sdei_stack(struct
for (ptr = start - 8; ptr >= base; ptr--) {
if (bt->flags & BT_OPT_BACK_TRACE) {
- if ((*ptr >= ms->crash_kexec_start) &&
+ if ((*ptr > ms->crash_kexec_start) &&
(*ptr < ms->crash_kexec_end) &&
INSTACK(*(ptr - 1), bt)) {
bt->bptr = ((ulong)(ptr - 1) - (ulong)base) + stackbase;
@@ -3159,7 +3159,7 @@ arm64_in_kdump_text_on_sdei_stack(struct
FREEBUF(stackbuf);
return TRUE;
}
- if ((*ptr >= ms->crash_save_cpu_start) &&
+ if ((*ptr > ms->crash_save_cpu_start) &&
(*ptr < ms->crash_save_cpu_end) &&
INSTACK(*(ptr - 1), bt)) {
bt->bptr = ((ulong)(ptr - 1) - (ulong)base) + stackbase;
@@ -3170,7 +3170,7 @@ arm64_in_kdump_text_on_sdei_stack(struct
return TRUE;
}
} else {
- if ((*ptr >= ms->crash_kexec_start) && (*ptr < ms->crash_kexec_end)) {
+ if ((*ptr > ms->crash_kexec_start) && (*ptr < ms->crash_kexec_end)) {
bt->bptr = ((ulong)ptr - (ulong)base) + stackbase;
if (CRASHDEBUG(1))
fprintf(fp, "%lx: %lx (crash_kexec on IRQ stack)\n",
@@ -3178,7 +3178,7 @@ arm64_in_kdump_text_on_sdei_stack(struct
FREEBUF(stackbuf);
return TRUE;
}
- if ((*ptr >= ms->crash_save_cpu_start) && (*ptr < ms->crash_save_cpu_end)) {
+ if ((*ptr > ms->crash_save_cpu_start) && (*ptr < ms->crash_save_cpu_end)) {
bt->bptr = ((ulong)ptr - (ulong)base) + stackbase;
if (CRASHDEBUG(1))
fprintf(fp, "%lx: %lx (crash_save_cpu on IRQ stack)\n",
@@ -3222,7 +3222,7 @@ arm64_in_kdump_text_on_irq_stack(struct
for (ptr = start - 8; ptr >= base; ptr--) {
if (bt->flags & BT_OPT_BACK_TRACE) {
- if ((*ptr >= ms->crash_kexec_start) &&
+ if ((*ptr > ms->crash_kexec_start) &&
(*ptr < ms->crash_kexec_end) &&
INSTACK(*(ptr - 1), bt)) {
bt->bptr = ((ulong)(ptr - 1) - (ulong)base) + stackbase;
@@ -3232,7 +3232,7 @@ arm64_in_kdump_text_on_irq_stack(struct
FREEBUF(stackbuf);
return TRUE;
}
- if ((*ptr >= ms->crash_save_cpu_start) &&
+ if ((*ptr > ms->crash_save_cpu_start) &&
(*ptr < ms->crash_save_cpu_end) &&
INSTACK(*(ptr - 1), bt)) {
bt->bptr = ((ulong)(ptr - 1) - (ulong)base) + stackbase;
@@ -3243,7 +3243,7 @@ arm64_in_kdump_text_on_irq_stack(struct
return TRUE;
}
} else {
- if ((*ptr >= ms->crash_kexec_start) && (*ptr < ms->crash_kexec_end)) {
+ if ((*ptr > ms->crash_kexec_start) && (*ptr < ms->crash_kexec_end)) {
bt->bptr = ((ulong)ptr - (ulong)base) + stackbase;
if (CRASHDEBUG(1))
fprintf(fp, "%lx: %lx (crash_kexec on IRQ stack)\n",
@@ -3251,7 +3251,7 @@ arm64_in_kdump_text_on_irq_stack(struct
FREEBUF(stackbuf);
return TRUE;
}
- if ((*ptr >= ms->crash_save_cpu_start) && (*ptr < ms->crash_save_cpu_end)) {
+ if ((*ptr > ms->crash_save_cpu_start) && (*ptr < ms->crash_save_cpu_end)) {
bt->bptr = ((ulong)ptr - (ulong)base) + stackbase;
if (CRASHDEBUG(1))
fprintf(fp, "%lx: %lx (crash_save_cpu on IRQ stack)\n",

74
crash.spec
View File

@ -1,33 +1,27 @@
Name: crash
Version: 7.3.0
Release: 10
Version: 8.0.2
Release: 4
Summary: Linux kernel crash utility.
License: GPLv3
URL: https://crash-utility.github.io
Source0: https://github.com/crash-utility/crash/archive/%{version}.tar.gz
Source1: http://ftp.gnu.org/gnu/gdb/gdb-7.6.tar.gz
Source1: http://ftp.gnu.org/gnu/gdb/gdb-10.2.tar.gz
Patch1: lzo_snappy.patch
Patch2: 0001-arm64-rename-ARM64_PAGE_OFFSET_ACTUAL-to-ARM64_FLIP_.patch
Patch3: 0002-arm64-assign-page_offset-with-VA_BITS-kernel-configu.patch
Patch4: 0003-arm64-use-dedicated-bits-to-record-the-VA-space-layo.patch
Patch5: 0004-arm64-implement-switchable-PTOV-VTOP-for-kernels-5.1.patch
Patch6: add-SDEI-stack-resolution.patch
Patch7: Handle-task_struct-cpu-member-changes-for-kernels-5..patch
Patch8: 0001-CVE-2019-1010180-Add-bfd_get_file_size-to-get-archive-element-size.patch
Patch9: 0002-CVE-2019-1010180-DWARF-reader-Reject-sections-with-invalid-sizes.patch
%ifarch sw_64
Patch10: crash-7.3.0-sw.patch
%endif
Patch11: Fix-live-debugging-with-lockdown-integrity.patch
Patch12: arm64-fix-backtraces-of-KASAN-kernel-dumpfile-truncated.patch
Patch13: 0001-arm64-Fix-segfault-by-bt-command-with-offline-cpus.patch
Patch1: 0000-lzo_snappy.patch
Patch2: 0001-add-SDEI-stack-resolution.patch
Patch3: 0002-crash-8.0.2-sw.patch
Patch4: 0003-arm64-fix-backtraces-of-KASAN-kernel-dumpfile-truncated.patch
Patch5: 0004-riscv-support.patch
Patch6: 0005-crash-add-loongarch-support.patch
Patch7: 0006-arm64-Fix-again-segfault-in-arm64_is_kernel_exceptio.patch
Patch8: 0007-arm64-fix-a-potential-segfault-when-unwind-frame.patch
Patch9: 0008-arm64-fix-SDEI-stack-frame-unwind-while-UNW_4_14-is-.patch
BuildRequires: ncurses-devel zlib-devel lzo-devel snappy-devel
BuildRequires: ncurses-devel zlib-devel lzo-devel snappy-devel texinfo libzstd-devel
BuildRequires: gcc gcc-c++ bison m4
Requires: binutils
Provides: bundled(libiberty) bundled(gdb) = 7.6
Provides: bundled(libiberty) bundled(gdb) = 10.2
%description
The core analysis suite is a self-contained tool that can be used to
@ -52,11 +46,31 @@ created by manufacturer-specific firmware.
%package_help
%prep
%autosetup -n %{name}-%{version} -p1
%setup -n %{name}-%{version}
%patch -P1 -p1
%patch -P2 -p1
%ifarch sw_64
%patch -P3 -p1
%endif
%patch -P4 -p1
%ifarch riscv64
%patch -P5 -p1
%endif
%ifarch loongarch64
%patch -P6 -p1
%endif
%patch -P7 -p1
%patch -P8 -p1
%patch -P9 -p1
%build
cp %{SOURCE1} .
make -j RPMPKG="%{version}-%{release}" CFLAGS="%{optflags}" LDFLAGS="%{build_ldflags}"
make -j`nproc` RPMPKG="%{version}-%{release}" CFLAGS="%{optflags}" CXXFLAGS="%{optflags}" LDFLAGS="%{build_ldflags}"
%install
rm -rf %{buildroot}
@ -87,6 +101,22 @@ install -D -m 0644 defs.h %{buildroot}%{_includedir}/%{name}/defs.h
%{_mandir}/man8/crash.8*
%changelog
* Tue Dec 17 2024 wangxiao <wangxiao184@h-partners.com> - 8.0.2-4
- include all patches in the source package
* Fri Nov 29 2024 wangxiao <wangxiao184@h-partners.com> - 8.0.2-3
- arm64: fix SDEI stack frame unwind while UNW_4_14 is set
* Tue Jul 25 2023 chenhaixiang <chenhaixiang3@huawei.com> - 8.0.2-2
- arm64: Fix again segfault in arm64_is_kernel_exception_frame()
when corrupt stack pointer address is given
* Tue Jul 25 2023 chenhaixiang <chenhaixiang3@huawei.com> - 8.0.2-1
- Update from master
* Mon Jul 17 2023 chenhaixiang <chenhaixiang3@huawei.com> - 7.3.0-11
- arm64: Use VA_BITS for page_offset calculation
* Wed Jan 4 2023 lijianglin<lijianglin2@huawei.com> - 7.3.0-10
- fix segfault by "bt" command with offline cpus

BIN
gdb-7.6.tar.gz → gdb-10.2.tar.gz
View File

Binary file not shown.