Hi Anderson,

I want to introduce a patch to your crash tool project. It’s a bugfix for a segfault in setup_ikconfig.

We add an ikconfig entry only if ent[0] != '#', it is not an advisable condition because there is a potential segfault risk if ent is gibberish.

I explain the reproducing steps about this segfault case:

I try to apply the following patch to crash 7.2.6++ code for a test.

--- a/arm64.c

+++ b/arm64.c

@@ -32,6 +32,7 @@ static int verify_kimage_voffset(void);

static void arm64_calc_kimage_voffset(void);

static void arm64_calc_phys_offset(void);

static void arm64_calc_virtual_memory_ranges(void);

+static void arm64_get_section_size_bits(void);

static int arm64_kdump_phys_base(ulong *);

static ulong arm64_processor_speed(void);

static void arm64_init_kernel_pgd(void);

@@ -375,7 +376,11 @@ arm64_init(int when)

 

        case POST_GDB:

                arm64_calc_virtual_memory_ranges();

-               machdep->section_size_bits = _SECTION_SIZE_BITS;

+               arm64_get_section_size_bits();

+               if (CRASHDEBUG(1)) {

+                       fprintf(fp, "SECTION_SIZE_BITS: %ld\n", machdep->section_size_bits);

+               }

+

                if (!machdep->max_physmem_bits) {

                        if ((string = pc->read_vmcoreinfo("NUMBER(MAX_PHYSMEM_BITS)"))) {

                                machdep->max_physmem_bits = atol(string);

@@ -1055,6 +1060,32 @@ arm64_calc_phys_offset(void)

                fprintf(fp, "using %lx as phys_offset\n", ms->phys_offset);

}

 

+/*

+ *  Determine SECTION_SIZE_BITS either by reading VMCOREINFO or the kernel

+ *  config, otherwise borrow the 64-bit ARM default definiton.

+ */

+static void

+arm64_get_section_size_bits(void)

+{

+       int ret;

+       char *string;

+

+       if ((string = pc->read_vmcoreinfo("NUMBER(SECTION_SIZE_BITS)"))) {

+               machdep->section_size_bits = atol(string);

+               free(string);

+               return;

+       }

+

+       if ((ret = get_kernel_config("CONFIG_MEMORY_HOTPLUG", NULL)) == IKCONFIG_Y) {

+               if ((ret = get_kernel_config("CONFIG_HOTPLUG_SIZE_BITS", &string)) == IKCONFIG_STR) {

+                       machdep->section_size_bits = atol(string);

+                       free(string);

+                       return;

+               }

+       } else {

+               machdep->section_size_bits = _SECTION_SIZE_BITS;

+       }

+}

 

Then I make and load the dumpfiles by crash, it occurs a segment fault as below:

crash[31000]: segfault at 0 ip 00007f0fb24d98d1 sp 00007fff1703f7e8 error 4 in libc-2.26.so[7f0fb235b000+1d6000]

 

So I add debug to find out the segfault reason, It occurred in setup_ikconfig-> add_ikconfig_entry.

add_ikconfig_entry: ▒▒▒U                //The last ent is a gibberish, lead to segfault

 

I think the most advisable judgement is if an ikconfig entry start with "CONFIG_". I debug by the following patch and never reproduce segfault again.

diff --git a/kernel.c b/kernel.c

index 7804aef..d023c87 100644

--- a/kernel.c

+++ b/kernel.c

@@ -10144,7 +10144,7 @@ static int setup_ikconfig(char *config)

                while (whitespace(*ent))

                        ent++;

 

-               if (ent[0] != '#') {

+               if (!strncmp(ent, "CONFIG_", strlen("CONFIG_"))) {

                        add_ikconfig_entry(ent,

                                         &ikconfig_all[kt->ikconfig_ents++]);

                        if (kt->ikconfig_ents == IKCONFIG_MAX) {

 

Thanks for your review. I’m looking forward to your favourable reply!

 

Best regards,

Qiwu