-
Notifications
You must be signed in to change notification settings - Fork 499
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libxcb: fix socket writes #6
Closed
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The patch has been picked up from libxcb git and is only applicable to v1.10 while it gets fixed in mainstream v1.11. http://cgit.freedesktop.org/xcb/libxcb/commit/?id=be0fe56c3bcad5124dcc6c47a2fad01acd16f71a Signed-off-by: Awais Belal <awais_belal@mentor.com>
Submitted to mailing list. |
halstead
pushed a commit
that referenced
this pull request
Jun 15, 2018
When switch PATCHTOOL to patch, applying 'key-replay-cve-multiple.patch' failed: checking file src/ap/ieee802_11.c checking file src/ap/wpa_auth.c checking file src/ap/wpa_auth.h checking file src/ap/wpa_auth_ft.c checking file src/ap/wpa_auth_i.h checking file src/common/wpa_common.h checking file src/rsn_supp/wpa.c checking file src/rsn_supp/wpa_i.h checking file src/rsn_supp/wpa.c Hunk #1 FAILED at 709. Hunk #2 FAILED at 757. Hunk #3 succeeded at 840 (offset -12 lines). Hunk #4 FAILED at 868. Hunk #5 FAILED at 900. Hunk #6 FAILED at 924. Hunk #7 succeeded at 1536 (offset -38 lines). Hunk #8 FAILED at 2386. Hunk #9 FAILED at 2920. Hunk #10 succeeded at 2940 (offset -46 lines). Hunk #11 FAILED at 2998. 8 out of 11 hunks FAILED checking file src/rsn_supp/wpa_i.h Hunk #1 FAILED at 32. 1 out of 1 hunk FAILED checking file src/common/wpa_common.h Hunk #1 succeeded at 215 with fuzz 1. checking file src/rsn_supp/wpa.c checking file src/rsn_supp/wpa_i.h checking file src/ap/wpa_auth.c Hunk #1 succeeded at 1898 (offset -3 lines). Hunk #2 succeeded at 2470 (offset -3 lines). checking file src/rsn_supp/tdls.c checking file wpa_supplicant/wnm_sta.c checking file src/rsn_supp/wpa.c Hunk #1 succeeded at 2378 (offset -62 lines). checking file src/rsn_supp/wpa_ft.c checking file src/rsn_supp/wpa_i.h Hunk #1 succeeded at 123 (offset -5 lines). So split the wpa-supplicant/key-replay-cve-multiple to 8 patches. Signed-off-by: Hong Liu <hongl.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
halstead
pushed a commit
that referenced
this pull request
Jul 2, 2018
When switch PATCHTOOL to patch, applying 'key-replay-cve-multiple.patch' failed: checking file src/ap/ieee802_11.c checking file src/ap/wpa_auth.c checking file src/ap/wpa_auth.h checking file src/ap/wpa_auth_ft.c checking file src/ap/wpa_auth_i.h checking file src/common/wpa_common.h checking file src/rsn_supp/wpa.c checking file src/rsn_supp/wpa_i.h checking file src/rsn_supp/wpa.c Hunk #1 FAILED at 709. Hunk #2 FAILED at 757. Hunk #3 succeeded at 840 (offset -12 lines). Hunk #4 FAILED at 868. Hunk #5 FAILED at 900. Hunk #6 FAILED at 924. Hunk #7 succeeded at 1536 (offset -38 lines). Hunk #8 FAILED at 2386. Hunk #9 FAILED at 2920. Hunk #10 succeeded at 2940 (offset -46 lines). Hunk #11 FAILED at 2998. 8 out of 11 hunks FAILED checking file src/rsn_supp/wpa_i.h Hunk #1 FAILED at 32. 1 out of 1 hunk FAILED checking file src/common/wpa_common.h Hunk #1 succeeded at 215 with fuzz 1. checking file src/rsn_supp/wpa.c checking file src/rsn_supp/wpa_i.h checking file src/ap/wpa_auth.c Hunk #1 succeeded at 1898 (offset -3 lines). Hunk #2 succeeded at 2470 (offset -3 lines). checking file src/rsn_supp/tdls.c checking file wpa_supplicant/wnm_sta.c checking file src/rsn_supp/wpa.c Hunk #1 succeeded at 2378 (offset -62 lines). checking file src/rsn_supp/wpa_ft.c checking file src/rsn_supp/wpa_i.h Hunk #1 succeeded at 123 (offset -5 lines). So split the wpa-supplicant/key-replay-cve-multiple to 8 patches. (From OE-Core rev: 4e9bc51) Signed-off-by: Hong Liu <hongl.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 61e587b) Signed-off-by: Armin Kuster <akuster808@gmail.com>
DengkeDu
pushed a commit
to DengkeDu/openembedded-core
that referenced
this pull request
Jul 5, 2018
When switch PATCHTOOL to patch, applying 'key-replay-cve-multiple.patch' failed: checking file src/ap/ieee802_11.c checking file src/ap/wpa_auth.c checking file src/ap/wpa_auth.h checking file src/ap/wpa_auth_ft.c checking file src/ap/wpa_auth_i.h checking file src/common/wpa_common.h checking file src/rsn_supp/wpa.c checking file src/rsn_supp/wpa_i.h checking file src/rsn_supp/wpa.c Hunk openembedded#1 FAILED at 709. Hunk openembedded#2 FAILED at 757. Hunk #3 succeeded at 840 (offset -12 lines). Hunk #4 FAILED at 868. Hunk openembedded#5 FAILED at 900. Hunk openembedded#6 FAILED at 924. Hunk #7 succeeded at 1536 (offset -38 lines). Hunk openembedded#8 FAILED at 2386. Hunk #9 FAILED at 2920. Hunk openembedded#10 succeeded at 2940 (offset -46 lines). Hunk openembedded#11 FAILED at 2998. 8 out of 11 hunks FAILED checking file src/rsn_supp/wpa_i.h Hunk openembedded#1 FAILED at 32. 1 out of 1 hunk FAILED checking file src/common/wpa_common.h Hunk openembedded#1 succeeded at 215 with fuzz 1. checking file src/rsn_supp/wpa.c checking file src/rsn_supp/wpa_i.h checking file src/ap/wpa_auth.c Hunk openembedded#1 succeeded at 1898 (offset -3 lines). Hunk openembedded#2 succeeded at 2470 (offset -3 lines). checking file src/rsn_supp/tdls.c checking file wpa_supplicant/wnm_sta.c checking file src/rsn_supp/wpa.c Hunk openembedded#1 succeeded at 2378 (offset -62 lines). checking file src/rsn_supp/wpa_ft.c checking file src/rsn_supp/wpa_i.h Hunk openembedded#1 succeeded at 123 (offset -5 lines). So split the wpa-supplicant/key-replay-cve-multiple to 8 patches. (From OE-Core rev: 4e9bc51) Signed-off-by: Hong Liu <hongl.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead
pushed a commit
that referenced
this pull request
Mar 7, 2019
Updating the systemtap 4.0 SRCREV to pick up changes that have been made to support newer kernels (and in particular 5.0). root@qemux86-64:~# stap --disable-cache -DSTP_NO_VERREL_CHECK ./hello.stp [ 246.303263] stap_4843: loading out-of-tree module taints kernel. hello world root@qemux86-64:~# The following commits are included in this update: 90ff34ac0 If available, use kernel's save_stack_trace_regs() for fallback stack unwind a9b0aa4db testsuite/systemtap.bpf :: tests should return, not exit 0 83f229abb cachestat.stp: workaround the current limitations of trace_printk f912d520f Newer kernels tapsets may use the kprobe.function("*") adjust alias_tapset.exp. fe569f964 Handle name change of do_brk to do_brk_flags in the newer kernels 71dbdc9f9 Newer kernels tapsets may use the kprobe.function("*") adjust pp.exp check. 20d23f97a Correct at_register.stp test arch name for arm64. e0bcc2f92 cachestat.stp: new example based on a bpftrace script by David Valin 18d1baceb session.cxx diagnostics: don't dump kernel_functions below verbose=6 25b181ae4 Add __NR_chmod for missing defines on aarch64 2276b109e Add more __NR_* for missing defines on aarch64 (and ppc64) e34d66dee PR24239: avoid symbol/type resolution of unused globals/functions 49d74d4fa Correct the at_register.exp test c77884dcd Turn on guru mode for at_deref1.stp use of @kderef a9a15a3f8 RHBZ1689180: correct group name typos in staprun.8 e7146dbfe Regenerate syscall_num.stp grouped by syscall name. 6bcf09813 Group initialization using the same string literal together in syscall_num.stp 3752574dc Regenerate the syscall mapping information to add aarch32 to aarch64 syscalls af74da7b7 Update dump-syscalls.sh to generate 32-bit syscalls for aarch64 60144c0fa Match arm64 non-dwarf syscall probe points d36f6fee8 PR24199: don't use exceptions to signal type-resolution failures 5e50524ff PR24199: at pass-2 verbosity > 3, trace $var error-chaining events 40f855fd5 PR24199: loc2stap: propagate dwarf DIE() source locations better af9ef3369 Adjust noptrace.stp to avoid modifying ptrace syscall arguments ca3946e62 Update pfiles.stp to work with Linux 4.17 and newer 9d3a1cd66 PR24217: stap -p2 speedup, condition-expression processing ba7b83ec1 Conditionally define __NR_bdflush in systemtap runtime. cdf77a210 testsuite/systemtap.bpf :: couple of bpf_tests clarifications d6b529c43 fix embedded-c tag memoization thinko d81a001ad pass-2 optimization: embedded-c code pragma searching 1832b8f51 Set up a BPF related testcase blacklist for regression testsing purposes. 4e7686951 linux api update: compat_time* structs 1ac5a4499 linux api update: FAN_ALL_CLASS_BITS 17c2d352a unwinder: increase MAX_CFI to 8192 after a census of CFI sizes on Fedora 29 2e373d294 runtime: adapt to uapi/linux/mount.h changes 6b0430b6b dummy commit to force buildbot rebuilds d3964067f buildrun.cxx: older g++ compatibility: no std::string.back() 6b2838df5 Handle installation without stapusr group f90ca3096 Simplify creation of groups during installation 38184abcd Fix get_user_pages() autoconf test for 4.4.y kernel e2e13220f lkm-runtime time.c: prefer 4.15+ ktime_get_real_fast_ns eb8c8de94 linux 5.0-rc3 adaptations de5061899 parser: allow larger arrays 0fc1a5019 stap man page: document histogram per-bucket access/iteration 905865da1 PR16406 fixup :: correct comparison in _stp_module_check c8084763b PR10280 initial fix: force vermagic for guru-mode scripts 3a29a2eef Make testcase at_var.exp work with stap-4.1+ and kernel-4.17+ 53ff2b5df stap-prep: switch typo ($NEEDED => $package) 68bd23fd0 PR16596: add support for DW_OP_GNU_entry_value in location expressions aacee6563 Make sysc_bdflush.stp compatible with 4.17+ kernels. 891810c24 configury: tolerate dyninst10's need for -lboost_system ec3b46eb9 RHBZ1655631: systemtap.spec: use Recommends: for kernel-*-devel eef17e743 runtime/unwind: Allow to increase MAX_CFI 47ce37a14 systemtap.spec: merge unbotch - missing %changelog f082df49d systemtap.spec: importing fedora rawhide changes c9a393275 staprun/mainloop.c :: fix for loop initial decls 266c72bd0 PR23866 part: expose raw syscall tracepoint to bpf ab368ac2a PR23891: Make sure stap and staprun respond to SIGTERM when stderr/stdout are blocked 0a0595509 Fix segfaults in dwarf array pointer subscripting when -vvv is specified 4a8652800 Make opeartor @var() no longer assume @entry() in return probes. f5c19712c Add the ucalls.stp to the systemtap examples. 7d82f1bdc Adjust tcp_trace.stp example to work with newer Linux kernel's timers f6d683666 Adjust the vfs_open to provide cred variable with 4.18 kernels 008a0cbfd Userspace_probing.xml: change '-ldd' to '--ldd' command line option. e6227e5df bpf-translate.cxx: don't clobber any earlier value of c cbf3b6e6a bpf-translate.cxx: quiet a compiler warning 824e9ab80 PR23890 bonus: show nicer messages upon a buildid mismatch fba365b4d PR23890: tolerate f29+ style ELF files 6c94b6d42 PR23747: tolerate symbols with odd section#s d60dac71a systemtap.bpf/asm_tests :: fix documentation / expected result 0eaf4f196 PR23875 bpf_unparser::visit_foreach_loop(): temporarily disable string key iteration 8c1452d10 PR23875: another testcase that loops indefinitely 584d61dc0 PR23875 bpf.exp: fail testcase on 'stack smashing' 0128e1daf PR23860 bpf_interpret() :: NEG should not fall through to DIV 75640f70d Adjust the periodic.stp example to work with newer Linux kernels ca225a1cc stap -vv: also print kernel build-tree path name 28cf23f8e testcase for PR23875 3733caeba PR23860: reduce stack pressure from format strings 7a5716bb8 PR23860: additional ugly stack/clobber protection for strings 021f906e5 PR23860: additional stack protection for strings 02861e63c PR23860 bugfix: incorrect comparison direction in string_copy() e428db474 PR23507: add new command-line option to disable automatic unread global variable display b2ba3af9a pr23860 verifier workaround :: be sure to delete all mov rN,rN 08861a20f PR23507: add underscores to global @this variables 4ee1ae49a PR23761: generalized @entry cc6e13e62 standardize ktime_get_ns() across lkm, bpf runtimes fbee58bda bpf behind-the-scenes :: useful DEBUG_CODEGEN diagnostic 7209427d4 Always use nssInit for http and nss server. 72ef87bba PR23860 partial fix: fix BPF_NEG opcode generation. 8fb0cb4a7 PR23829 :: fallback defines __BPF_FUNC_MAPPER and BPF_J{LT,LE,SLT,SLE} for older kernels 686ba2980 tapset/bpf/task.stp :: rudiment of task tapset 0e6a26ff4 PR23849 -- temporarily disable stapbpf script caching c0002c5ad prometheus-exporter samples: change reported metric name 1b50200ff stap-exporter: drop initial demo scripts under .examples; not used 3582845f5 powerpc64: add missing system call defines 57550d39d aarch64: add missing system call defines 856ddcedb tapset/bpf/context.stp :: add execname(), triage other functions 61b00f37d tapset/bpf/conversions.stp bugfix :: helper name in kernel_string(addr, err_msg) a47bc40eb bpf-asm.exp bugfix :: bad_output does occur 14e5ff4e6 bpf-translate.cxx :: fix segfault with malformed register b530b0193 Fix miscellaneous errors/typos in syscall tapset ae51c4d99 On aarch64 Linux system calls related SystemTap scripts compilation fail with "__NR_compat_[exit|read|write] redefined" errors after following two commits: 3d9e0d2a5 Adjust the BPF translate error report formatting to work on 32-bit architectures 0a4d384a8 session.cxx :: enable caching for bpf backend 5ada58a9f bpf-translate.cxx :: plug an exception gap in is_numeric() c009fe88d Merge branch 'serhei/bpf_asm' -- kernel_string() tapset and experimental bpf assembler 0b3a813f5 testsuite/systemtap.bpf :: diagnose a bug in print_format("%s%s", ...) 110f739b3 stapbpf assembler WIP #8 :: bpf-asm.exp driver and more testcases 4d68a526b stapbpf assembler WIP #7 :: fixed kernel_string() tapset and testcase da6c4aef4 stapbpf assembler WIP #6 :: other call functions ({s}printf and tapset) e534cf2a7 PR21080: support added for new pkey_* syscalls 0e0f0e386 stap-exporter examples: use symlinks rather than copies fddf715d1 Use NSS_InitContext instead of NSS_Init. 6a3a804e4 prometheus tapset: add dump_array_*_unquoted variants 4e81610ae nfsd tapset: adapt nfsd.proc4.commit probe to different kernel versions 4cd50f30a PR23799 - sprint_ustack() always returns empty string values 8bc640345 nfsd tapset: adapt nfsd.proc4.read probe to different kernel versions 7b76b6b60 step-prep: on debian/ubuntu machines, attempt "apt-get -y install" 10b3f049e Use cast to make c->cycles_sum aways match the %lld format. d95f81630 Add more quantitative data to error message when probes exceed threshold f4d49b79b Avoid using target variable in target_set.stp for syscall.* probes. 5aafdc55e Avoid using target variables for syscall.write in print_user_buffer.stp. bb93c70a1 Avoid using target variables in signal.stp for syscall.* based probe points. 784d4fc04 Add buildok/syscall_any.stp to list of tests dyninst will not run. 910395ba0 kprocess.exec_complete should avoid using $return from syscall.execve.return d4550e6c0 stapbpf assembler WIP #5 :: basic kernel_string() implementation 9ae578690 stapbpf assembler WIP #4 :: alloc and (helper) call operations f12e7d8eb stapbpf assembler WIP #3 :: additional assembly test cases f3fdcc936 Fix searching of kernel_source_tree for kernel built with O option dd57c7387 postrelease version bump for future version 4.1 2881d9d95 stapbpf assembler WIP #2 :: testcases (no driver so far) db79925e5 stapbpf assembler WIP #1 :: basic parser and control flow Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead
pushed a commit
that referenced
this pull request
Mar 7, 2019
Updating the systemtap 4.0 SRCREV to pick up changes that have been made to support newer kernels (and in particular 5.0). root@qemux86-64:~# stap --disable-cache -DSTP_NO_VERREL_CHECK ./hello.stp [ 246.303263] stap_4843: loading out-of-tree module taints kernel. hello world root@qemux86-64:~# The following commits are included in this update: 90ff34ac0 If available, use kernel's save_stack_trace_regs() for fallback stack unwind a9b0aa4db testsuite/systemtap.bpf :: tests should return, not exit 0 83f229abb cachestat.stp: workaround the current limitations of trace_printk f912d520f Newer kernels tapsets may use the kprobe.function("*") adjust alias_tapset.exp. fe569f964 Handle name change of do_brk to do_brk_flags in the newer kernels 71dbdc9f9 Newer kernels tapsets may use the kprobe.function("*") adjust pp.exp check. 20d23f97a Correct at_register.stp test arch name for arm64. e0bcc2f92 cachestat.stp: new example based on a bpftrace script by David Valin 18d1baceb session.cxx diagnostics: don't dump kernel_functions below verbose=6 25b181ae4 Add __NR_chmod for missing defines on aarch64 2276b109e Add more __NR_* for missing defines on aarch64 (and ppc64) e34d66dee PR24239: avoid symbol/type resolution of unused globals/functions 49d74d4fa Correct the at_register.exp test c77884dcd Turn on guru mode for at_deref1.stp use of @kderef a9a15a3f8 RHBZ1689180: correct group name typos in staprun.8 e7146dbfe Regenerate syscall_num.stp grouped by syscall name. 6bcf09813 Group initialization using the same string literal together in syscall_num.stp 3752574dc Regenerate the syscall mapping information to add aarch32 to aarch64 syscalls af74da7b7 Update dump-syscalls.sh to generate 32-bit syscalls for aarch64 60144c0fa Match arm64 non-dwarf syscall probe points d36f6fee8 PR24199: don't use exceptions to signal type-resolution failures 5e50524ff PR24199: at pass-2 verbosity > 3, trace $var error-chaining events 40f855fd5 PR24199: loc2stap: propagate dwarf DIE() source locations better af9ef3369 Adjust noptrace.stp to avoid modifying ptrace syscall arguments ca3946e62 Update pfiles.stp to work with Linux 4.17 and newer 9d3a1cd66 PR24217: stap -p2 speedup, condition-expression processing ba7b83ec1 Conditionally define __NR_bdflush in systemtap runtime. cdf77a210 testsuite/systemtap.bpf :: couple of bpf_tests clarifications d6b529c43 fix embedded-c tag memoization thinko d81a001ad pass-2 optimization: embedded-c code pragma searching 1832b8f51 Set up a BPF related testcase blacklist for regression testsing purposes. 4e7686951 linux api update: compat_time* structs 1ac5a4499 linux api update: FAN_ALL_CLASS_BITS 17c2d352a unwinder: increase MAX_CFI to 8192 after a census of CFI sizes on Fedora 29 2e373d294 runtime: adapt to uapi/linux/mount.h changes 6b0430b6b dummy commit to force buildbot rebuilds d3964067f buildrun.cxx: older g++ compatibility: no std::string.back() 6b2838df5 Handle installation without stapusr group f90ca3096 Simplify creation of groups during installation 38184abcd Fix get_user_pages() autoconf test for 4.4.y kernel e2e13220f lkm-runtime time.c: prefer 4.15+ ktime_get_real_fast_ns eb8c8de94 linux 5.0-rc3 adaptations de5061899 parser: allow larger arrays 0fc1a5019 stap man page: document histogram per-bucket access/iteration 905865da1 PR16406 fixup :: correct comparison in _stp_module_check c8084763b PR10280 initial fix: force vermagic for guru-mode scripts 3a29a2eef Make testcase at_var.exp work with stap-4.1+ and kernel-4.17+ 53ff2b5df stap-prep: switch typo ($NEEDED => $package) 68bd23fd0 PR16596: add support for DW_OP_GNU_entry_value in location expressions aacee6563 Make sysc_bdflush.stp compatible with 4.17+ kernels. 891810c24 configury: tolerate dyninst10's need for -lboost_system ec3b46eb9 RHBZ1655631: systemtap.spec: use Recommends: for kernel-*-devel eef17e743 runtime/unwind: Allow to increase MAX_CFI 47ce37a14 systemtap.spec: merge unbotch - missing %changelog f082df49d systemtap.spec: importing fedora rawhide changes c9a393275 staprun/mainloop.c :: fix for loop initial decls 266c72bd0 PR23866 part: expose raw syscall tracepoint to bpf ab368ac2a PR23891: Make sure stap and staprun respond to SIGTERM when stderr/stdout are blocked 0a0595509 Fix segfaults in dwarf array pointer subscripting when -vvv is specified 4a8652800 Make opeartor @var() no longer assume @entry() in return probes. f5c19712c Add the ucalls.stp to the systemtap examples. 7d82f1bdc Adjust tcp_trace.stp example to work with newer Linux kernel's timers f6d683666 Adjust the vfs_open to provide cred variable with 4.18 kernels 008a0cbfd Userspace_probing.xml: change '-ldd' to '--ldd' command line option. e6227e5df bpf-translate.cxx: don't clobber any earlier value of c cbf3b6e6a bpf-translate.cxx: quiet a compiler warning 824e9ab80 PR23890 bonus: show nicer messages upon a buildid mismatch fba365b4d PR23890: tolerate f29+ style ELF files 6c94b6d42 PR23747: tolerate symbols with odd section#s d60dac71a systemtap.bpf/asm_tests :: fix documentation / expected result 0eaf4f196 PR23875 bpf_unparser::visit_foreach_loop(): temporarily disable string key iteration 8c1452d10 PR23875: another testcase that loops indefinitely 584d61dc0 PR23875 bpf.exp: fail testcase on 'stack smashing' 0128e1daf PR23860 bpf_interpret() :: NEG should not fall through to DIV 75640f70d Adjust the periodic.stp example to work with newer Linux kernels ca225a1cc stap -vv: also print kernel build-tree path name 28cf23f8e testcase for PR23875 3733caeba PR23860: reduce stack pressure from format strings 7a5716bb8 PR23860: additional ugly stack/clobber protection for strings 021f906e5 PR23860: additional stack protection for strings 02861e63c PR23860 bugfix: incorrect comparison direction in string_copy() e428db474 PR23507: add new command-line option to disable automatic unread global variable display b2ba3af9a pr23860 verifier workaround :: be sure to delete all mov rN,rN 08861a20f PR23507: add underscores to global @this variables 4ee1ae49a PR23761: generalized @entry cc6e13e62 standardize ktime_get_ns() across lkm, bpf runtimes fbee58bda bpf behind-the-scenes :: useful DEBUG_CODEGEN diagnostic 7209427d4 Always use nssInit for http and nss server. 72ef87bba PR23860 partial fix: fix BPF_NEG opcode generation. 8fb0cb4a7 PR23829 :: fallback defines __BPF_FUNC_MAPPER and BPF_J{LT,LE,SLT,SLE} for older kernels 686ba2980 tapset/bpf/task.stp :: rudiment of task tapset 0e6a26ff4 PR23849 -- temporarily disable stapbpf script caching c0002c5ad prometheus-exporter samples: change reported metric name 1b50200ff stap-exporter: drop initial demo scripts under .examples; not used 3582845f5 powerpc64: add missing system call defines 57550d39d aarch64: add missing system call defines 856ddcedb tapset/bpf/context.stp :: add execname(), triage other functions 61b00f37d tapset/bpf/conversions.stp bugfix :: helper name in kernel_string(addr, err_msg) a47bc40eb bpf-asm.exp bugfix :: bad_output does occur 14e5ff4e6 bpf-translate.cxx :: fix segfault with malformed register b530b0193 Fix miscellaneous errors/typos in syscall tapset ae51c4d99 On aarch64 Linux system calls related SystemTap scripts compilation fail with "__NR_compat_[exit|read|write] redefined" errors after following two commits: 3d9e0d2a5 Adjust the BPF translate error report formatting to work on 32-bit architectures 0a4d384a8 session.cxx :: enable caching for bpf backend 5ada58a9f bpf-translate.cxx :: plug an exception gap in is_numeric() c009fe88d Merge branch 'serhei/bpf_asm' -- kernel_string() tapset and experimental bpf assembler 0b3a813f5 testsuite/systemtap.bpf :: diagnose a bug in print_format("%s%s", ...) 110f739b3 stapbpf assembler WIP #8 :: bpf-asm.exp driver and more testcases 4d68a526b stapbpf assembler WIP #7 :: fixed kernel_string() tapset and testcase da6c4aef4 stapbpf assembler WIP #6 :: other call functions ({s}printf and tapset) e534cf2a7 PR21080: support added for new pkey_* syscalls 0e0f0e386 stap-exporter examples: use symlinks rather than copies fddf715d1 Use NSS_InitContext instead of NSS_Init. 6a3a804e4 prometheus tapset: add dump_array_*_unquoted variants 4e81610ae nfsd tapset: adapt nfsd.proc4.commit probe to different kernel versions 4cd50f30a PR23799 - sprint_ustack() always returns empty string values 8bc640345 nfsd tapset: adapt nfsd.proc4.read probe to different kernel versions 7b76b6b60 step-prep: on debian/ubuntu machines, attempt "apt-get -y install" 10b3f049e Use cast to make c->cycles_sum aways match the %lld format. d95f81630 Add more quantitative data to error message when probes exceed threshold f4d49b79b Avoid using target variable in target_set.stp for syscall.* probes. 5aafdc55e Avoid using target variables for syscall.write in print_user_buffer.stp. bb93c70a1 Avoid using target variables in signal.stp for syscall.* based probe points. 784d4fc04 Add buildok/syscall_any.stp to list of tests dyninst will not run. 910395ba0 kprocess.exec_complete should avoid using $return from syscall.execve.return d4550e6c0 stapbpf assembler WIP #5 :: basic kernel_string() implementation 9ae578690 stapbpf assembler WIP #4 :: alloc and (helper) call operations f12e7d8eb stapbpf assembler WIP #3 :: additional assembly test cases f3fdcc936 Fix searching of kernel_source_tree for kernel built with O option dd57c7387 postrelease version bump for future version 4.1 2881d9d95 stapbpf assembler WIP #2 :: testcases (no driver so far) db79925e5 stapbpf assembler WIP #1 :: basic parser and control flow Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
kraj
pushed a commit
to YoeDistro/openembedded-core
that referenced
this pull request
Apr 7, 2019
Currently there are three issues which can be enhanced: 1. Fuzz warnings cannot be configured as errors for hardening. It happened often to me that these warnings were overseen and detected after commits were already out. 2. The output is too verbose - particularly when more than one file is affected. Meanwhile all users should know why patch fuzz check is performed. So move links with background information to insane.bbclass. 3. Reduce copy & paste effort slightly by printing PN (nit: <recipe> was not a correct suggestion e.g for native extended recipe - see example below) To achieve patch.py drops patch-fuzz info encapsulated by a header- and footer- string into log.do_patch. With this insane.bbclass can drop warnings/errors depending on 'patch-fuzz' in ERROR_QA or WARN_QA. Default remains unchanged: Spit out warnings only. A message for two fuzzed patches and 'pact-fuzz' in ERROR_QA now looks like: | ERROR: autoconf-native-2.69-r11 do_patch: Fuzz detected: | | Applying patch autoreconf-exclude.patch | patching file bin/autoreconf.in | Hunk #1 succeeded at 73 with fuzz 1 (offset -3 lines). | Hunk openembedded#2 succeeded at 143 (offset 6 lines). | Hunk #3 succeeded at 167 (offset 6 lines). | Hunk #4 succeeded at 177 (offset 6 lines). | Hunk openembedded#5 succeeded at 281 (offset 15 lines). | Hunk openembedded#6 succeeded at 399 (offset 15 lines). | Hunk #7 succeeded at 571 (offset 20 lines). | Hunk openembedded#8 succeeded at 612 (offset 20 lines). | Hunk #9 succeeded at 636 (offset 20 lines). | Hunk openembedded#10 succeeded at 656 (offset 20 lines). | Hunk openembedded#11 succeeded at 683 (offset 20 lines). | | Applying patch autoreconf-gnuconfigize.patch | patching file bin/autoreconf.in | Hunk #1 succeeded at 55 with fuzz 1 (offset -3 lines). | Hunk #3 succeeded at 663 (offset 18 lines). | | The context lines in the patches can be updated with devtool: | | devtool modify autoconf-native | devtool finish --force-patch-refresh autoconf-native <layer_path> | | Don't forget to review changes done by devtool! | | ERROR: autoconf-native-2.69-r11 do_patch: QA Issue: Patch log indicates that patches do not apply cleanly. [patch-fuzz] Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
kraj
pushed a commit
to YoeDistro/openembedded-core
that referenced
this pull request
Apr 8, 2019
Currently there are three issues which can be enhanced: 1. Fuzz warnings cannot be configured as errors for hardening. It happened often to me that these warnings were overseen and detected after commits were already out. 2. The output is too verbose - particularly when more than one file is affected. Meanwhile all users should know why patch fuzz check is performed. So move links with background information to insane.bbclass. 3. Reduce copy & paste effort slightly by printing PN (nit: <recipe> was not a correct suggestion e.g for native extended recipe - see example below) To achieve patch.py drops patch-fuzz info encapsulated by a header- and footer- string into log.do_patch. With this insane.bbclass can drop warnings/errors depending on 'patch-fuzz' in ERROR_QA or WARN_QA. Default remains unchanged: Spit out warnings only. A message for two fuzzed patches and 'pact-fuzz' in ERROR_QA now looks like: | ERROR: autoconf-native-2.69-r11 do_patch: Fuzz detected: | | Applying patch autoreconf-exclude.patch | patching file bin/autoreconf.in | Hunk #1 succeeded at 73 with fuzz 1 (offset -3 lines). | Hunk openembedded#2 succeeded at 143 (offset 6 lines). | Hunk #3 succeeded at 167 (offset 6 lines). | Hunk #4 succeeded at 177 (offset 6 lines). | Hunk openembedded#5 succeeded at 281 (offset 15 lines). | Hunk openembedded#6 succeeded at 399 (offset 15 lines). | Hunk #7 succeeded at 571 (offset 20 lines). | Hunk openembedded#8 succeeded at 612 (offset 20 lines). | Hunk #9 succeeded at 636 (offset 20 lines). | Hunk openembedded#10 succeeded at 656 (offset 20 lines). | Hunk openembedded#11 succeeded at 683 (offset 20 lines). | | Applying patch autoreconf-gnuconfigize.patch | patching file bin/autoreconf.in | Hunk #1 succeeded at 55 with fuzz 1 (offset -3 lines). | Hunk #3 succeeded at 663 (offset 18 lines). | | The context lines in the patches can be updated with devtool: | | devtool modify autoconf-native | devtool finish --force-patch-refresh autoconf-native <layer_path> | | Don't forget to review changes done by devtool! | | ERROR: autoconf-native-2.69-r11 do_patch: QA Issue: Patch log indicates that patches do not apply cleanly. [patch-fuzz] Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead
pushed a commit
that referenced
this pull request
Apr 9, 2019
Currently there are three issues which can be enhanced: 1. Fuzz warnings cannot be configured as errors for hardening. It happened often to me that these warnings were overseen and detected after commits were already out. 2. The output is too verbose - particularly when more than one file is affected. Meanwhile all users should know why patch fuzz check is performed. So move links with background information to insane.bbclass. 3. Reduce copy & paste effort slightly by printing PN (nit: <recipe> was not a correct suggestion e.g for native extended recipe - see example below) To achieve patch.py drops patch-fuzz info encapsulated by a header- and footer- string into log.do_patch. With this insane.bbclass can drop warnings/errors depending on 'patch-fuzz' in ERROR_QA or WARN_QA. Default remains unchanged: Spit out warnings only. A message for two fuzzed patches and 'pact-fuzz' in ERROR_QA now looks like: | ERROR: autoconf-native-2.69-r11 do_patch: Fuzz detected: | | Applying patch autoreconf-exclude.patch | patching file bin/autoreconf.in | Hunk #1 succeeded at 73 with fuzz 1 (offset -3 lines). | Hunk #2 succeeded at 143 (offset 6 lines). | Hunk #3 succeeded at 167 (offset 6 lines). | Hunk #4 succeeded at 177 (offset 6 lines). | Hunk #5 succeeded at 281 (offset 15 lines). | Hunk #6 succeeded at 399 (offset 15 lines). | Hunk #7 succeeded at 571 (offset 20 lines). | Hunk #8 succeeded at 612 (offset 20 lines). | Hunk #9 succeeded at 636 (offset 20 lines). | Hunk #10 succeeded at 656 (offset 20 lines). | Hunk #11 succeeded at 683 (offset 20 lines). | | Applying patch autoreconf-gnuconfigize.patch | patching file bin/autoreconf.in | Hunk #1 succeeded at 55 with fuzz 1 (offset -3 lines). | Hunk #3 succeeded at 663 (offset 18 lines). | | The context lines in the patches can be updated with devtool: | | devtool modify autoconf-native | devtool finish --force-patch-refresh autoconf-native <layer_path> | | Don't forget to review changes done by devtool! | | ERROR: autoconf-native-2.69-r11 do_patch: QA Issue: Patch log indicates that patches do not apply cleanly. [patch-fuzz] Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead
pushed a commit
that referenced
this pull request
Jun 14, 2019
Building `systemd-resolve` from systemd 242 with OpenSSL 1.1.1c and enabling DNS over TLS ends up calling abort (on 32 bit armhf): Program terminated with signal SIGABRT, Aborted. #0 __libc_do_syscall () at libc-do-syscall.S:49 49 libc-do-syscall.S: No such file or directory. (gdb) where #0 __libc_do_syscall () at libc-do-syscall.S:49 #1 0xb6940ea4 in __libc_signal_restore_set (set=0xbec68b78) at ../sysdeps/unix/sysv/linux/internal-signals.h:84 #2 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:48 #3 0xb69336e0 in __GI_abort () at abort.c:79 #4 0xb6968428 in __libc_message (action=action@entry=do_abort, fmt=<optimized out>) at ../sysdeps/posix/libc_fatal.c:181 #5 0xb696c7e6 in malloc_printerr (str=<optimized out>) at malloc.c:5352 #6 0xb696ca1a in munmap_chunk (p=<optimized out>) at malloc.c:2840 #7 0xb6bd1c4a in CRYPTO_clear_realloc (str=0xd0e59a, old_len=388, num=<optimized out>, file=0xb6c300dc "../../../../../../workspace/sources/openssl/crypto/buffer/buffer.c", line=135) at ../../../../../../workspace/sources/openssl/crypto/mem.c:290 #8 0xb6b5da3a in BUF_MEM_grow_clean (str=0xcfb960, len=len@entry=393) at ../../../../../../workspace/sources/openssl/crypto/buffer/buffer.c:135 #9 0xb6b486a0 in mem_write (b=0xcf8300, in=0xd07c6b "\027\003\003", inl=24) at ../../../../../../workspace/sources/openssl/crypto/bio/bss_mem.c:235 #10 0xb6b45c86 in bwrite_conv (bio=<optimized out>, data=<optimized out>, datal=<optimized out>, written=0xbec68ec8) at ../../../../../../workspace/sources/openssl/crypto/bio/bio_meth.c:77 #11 0xb6b452d4 in bio_write_intern (written=0xbec68ec8, dlen=24, data=0xd07c6b, b=0xcf8300) at ../../../../../../workspace/sources/openssl/crypto/bio/bio_lib.c:343 #12 bio_write_intern (b=0xcf8300, data=0xd07c6b, dlen=24, written=0xbec68ec8) at ../../../../../../workspace/sources/openssl/crypto/bio/bio_lib.c:320 #13 0xb6b455b2 in BIO_write (b=<optimized out>, data=<optimized out>, dlen=<optimized out>) at ../../../../../../workspace/sources/openssl/crypto/bio/bio_lib.c:363 #14 0xb6cabd1a in ssl3_write_pending (s=s@entry=0xcfd2d8, type=type@entry=23, buf=buf@entry=0xcfcc28 "", len=len@entry=2, written=written@entry=0xbec698b0) at ../../../../../../workspace/sources/openssl/ssl/record/rec_layer_s3.c:1146 #15 0xb6cac72e in do_ssl3_write (s=s@entry=0xcfd2d8, type=type@entry=23, buf=buf@entry=0xcfcc28 "", pipelens=pipelens@entry=0xbec698b4, numpipes=numpipes@entry=1, create_empty_fragment=create_empty_fragment@entry=0, written=written@entry=0xbec698b0) at ../../../../../../workspace/sources/openssl/ssl/record/rec_layer_s3.c:1107 #16 0xb6cac92e in ssl3_write_bytes (s=0xcfd2d8, type=23, buf_=0xcfcc28, len=<optimized out>, written=0xbec699c0) at ../../../../../../workspace/sources/openssl/ssl/record/rec_layer_s3.c:613 #17 0xb6cb1698 in ssl3_write (s=<optimized out>, buf=0xcfcc28, len=2, written=0xbec699c0) at ../../../../../../workspace/sources/openssl/ssl/s3_lib.c:4460 #18 0xb6cb87b2 in ssl_write_internal (s=<optimized out>, buf=buf@entry=0xcfcc28, num=num@entry=2, written=written@entry=0xbec699c0) at ../../../../../../workspace/sources/openssl/ssl/ssl_lib.c:1943 #19 0xb6cb8896 in SSL_write (s=<optimized out>, buf=buf@entry=0xcfcc28, num=num@entry=2) at ../../../../../../workspace/sources/openssl/ssl/ssl_lib.c:1957 #20 0x004ddac8 in dnstls_stream_write (stream=stream@entry=0xcfca60, buf=0xcfcc28 "", count=2) at ../git/src/resolve/resolved-dnstls-openssl.c:270 #21 0x004d8d5c in dns_stream_writev (s=s@entry=0xcfca60, iov=iov@entry=0xbec69b4c, iovcnt=iovcnt@entry=2, flags=flags@entry=0) at ../git/src/resolve/resolved-dns-stream.c:225 #22 0x004d9516 in on_stream_io (es=<optimized out>, fd=<optimized out>, revents=4, userdata=0xcfca60) at ../git/src/resolve/resolved-dns-stream.c:334 #23 0xb6e7f020 in source_dispatch (s=0xcf3658) at ../git/src/libsystemd/sd-event/sd-event.c:2821 #24 0xb6e806b0 in sd_event_dispatch (e=e@entry=0xced6d0) at ../git/src/libsystemd/sd-event/sd-event.c:3234 #25 0xb6e807f6 in sd_event_run (e=0xced6d0, timeout=<optimized out>) at ../git/src/libsystemd/sd-event/sd-event.c:3291 #26 0xb6e809bc in sd_event_loop (e=0xced6d0) at ../git/src/libsystemd/sd-event/sd-event.c:3312 #27 0x004bb64c in run (argv=<optimized out>, argc=<optimized out>) at ../git/src/resolve/resolved.c:84 #28 main (argc=<optimized out>, argv=<optimized out>) at ../git/src/resolve/resolved.c:91 Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead
pushed a commit
that referenced
this pull request
Jun 14, 2019
Building `systemd-resolve` from systemd 242 with OpenSSL 1.1.1c and enabling DNS over TLS ends up calling abort (on 32 bit armhf): Program terminated with signal SIGABRT, Aborted. #0 __libc_do_syscall () at libc-do-syscall.S:49 49 libc-do-syscall.S: No such file or directory. (gdb) where #0 __libc_do_syscall () at libc-do-syscall.S:49 #1 0xb6940ea4 in __libc_signal_restore_set (set=0xbec68b78) at ../sysdeps/unix/sysv/linux/internal-signals.h:84 #2 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:48 #3 0xb69336e0 in __GI_abort () at abort.c:79 #4 0xb6968428 in __libc_message (action=action@entry=do_abort, fmt=<optimized out>) at ../sysdeps/posix/libc_fatal.c:181 #5 0xb696c7e6 in malloc_printerr (str=<optimized out>) at malloc.c:5352 #6 0xb696ca1a in munmap_chunk (p=<optimized out>) at malloc.c:2840 #7 0xb6bd1c4a in CRYPTO_clear_realloc (str=0xd0e59a, old_len=388, num=<optimized out>, file=0xb6c300dc "../../../../../../workspace/sources/openssl/crypto/buffer/buffer.c", line=135) at ../../../../../../workspace/sources/openssl/crypto/mem.c:290 #8 0xb6b5da3a in BUF_MEM_grow_clean (str=0xcfb960, len=len@entry=393) at ../../../../../../workspace/sources/openssl/crypto/buffer/buffer.c:135 #9 0xb6b486a0 in mem_write (b=0xcf8300, in=0xd07c6b "\027\003\003", inl=24) at ../../../../../../workspace/sources/openssl/crypto/bio/bss_mem.c:235 #10 0xb6b45c86 in bwrite_conv (bio=<optimized out>, data=<optimized out>, datal=<optimized out>, written=0xbec68ec8) at ../../../../../../workspace/sources/openssl/crypto/bio/bio_meth.c:77 #11 0xb6b452d4 in bio_write_intern (written=0xbec68ec8, dlen=24, data=0xd07c6b, b=0xcf8300) at ../../../../../../workspace/sources/openssl/crypto/bio/bio_lib.c:343 #12 bio_write_intern (b=0xcf8300, data=0xd07c6b, dlen=24, written=0xbec68ec8) at ../../../../../../workspace/sources/openssl/crypto/bio/bio_lib.c:320 #13 0xb6b455b2 in BIO_write (b=<optimized out>, data=<optimized out>, dlen=<optimized out>) at ../../../../../../workspace/sources/openssl/crypto/bio/bio_lib.c:363 #14 0xb6cabd1a in ssl3_write_pending (s=s@entry=0xcfd2d8, type=type@entry=23, buf=buf@entry=0xcfcc28 "", len=len@entry=2, written=written@entry=0xbec698b0) at ../../../../../../workspace/sources/openssl/ssl/record/rec_layer_s3.c:1146 #15 0xb6cac72e in do_ssl3_write (s=s@entry=0xcfd2d8, type=type@entry=23, buf=buf@entry=0xcfcc28 "", pipelens=pipelens@entry=0xbec698b4, numpipes=numpipes@entry=1, create_empty_fragment=create_empty_fragment@entry=0, written=written@entry=0xbec698b0) at ../../../../../../workspace/sources/openssl/ssl/record/rec_layer_s3.c:1107 #16 0xb6cac92e in ssl3_write_bytes (s=0xcfd2d8, type=23, buf_=0xcfcc28, len=<optimized out>, written=0xbec699c0) at ../../../../../../workspace/sources/openssl/ssl/record/rec_layer_s3.c:613 #17 0xb6cb1698 in ssl3_write (s=<optimized out>, buf=0xcfcc28, len=2, written=0xbec699c0) at ../../../../../../workspace/sources/openssl/ssl/s3_lib.c:4460 #18 0xb6cb87b2 in ssl_write_internal (s=<optimized out>, buf=buf@entry=0xcfcc28, num=num@entry=2, written=written@entry=0xbec699c0) at ../../../../../../workspace/sources/openssl/ssl/ssl_lib.c:1943 #19 0xb6cb8896 in SSL_write (s=<optimized out>, buf=buf@entry=0xcfcc28, num=num@entry=2) at ../../../../../../workspace/sources/openssl/ssl/ssl_lib.c:1957 #20 0x004ddac8 in dnstls_stream_write (stream=stream@entry=0xcfca60, buf=0xcfcc28 "", count=2) at ../git/src/resolve/resolved-dnstls-openssl.c:270 #21 0x004d8d5c in dns_stream_writev (s=s@entry=0xcfca60, iov=iov@entry=0xbec69b4c, iovcnt=iovcnt@entry=2, flags=flags@entry=0) at ../git/src/resolve/resolved-dns-stream.c:225 #22 0x004d9516 in on_stream_io (es=<optimized out>, fd=<optimized out>, revents=4, userdata=0xcfca60) at ../git/src/resolve/resolved-dns-stream.c:334 #23 0xb6e7f020 in source_dispatch (s=0xcf3658) at ../git/src/libsystemd/sd-event/sd-event.c:2821 #24 0xb6e806b0 in sd_event_dispatch (e=e@entry=0xced6d0) at ../git/src/libsystemd/sd-event/sd-event.c:3234 #25 0xb6e807f6 in sd_event_run (e=0xced6d0, timeout=<optimized out>) at ../git/src/libsystemd/sd-event/sd-event.c:3291 #26 0xb6e809bc in sd_event_loop (e=0xced6d0) at ../git/src/libsystemd/sd-event/sd-event.c:3312 #27 0x004bb64c in run (argv=<optimized out>, argc=<optimized out>) at ../git/src/resolve/resolved.c:84 #28 main (argc=<optimized out>, argv=<optimized out>) at ../git/src/resolve/resolved.c:91 Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead
pushed a commit
that referenced
this pull request
Jun 14, 2019
Building `systemd-resolve` from systemd 242 with OpenSSL 1.1.1c and enabling DNS over TLS ends up calling abort (on 32 bit armhf): Program terminated with signal SIGABRT, Aborted. #0 __libc_do_syscall () at libc-do-syscall.S:49 49 libc-do-syscall.S: No such file or directory. (gdb) where #0 __libc_do_syscall () at libc-do-syscall.S:49 #1 0xb6940ea4 in __libc_signal_restore_set (set=0xbec68b78) at ../sysdeps/unix/sysv/linux/internal-signals.h:84 #2 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:48 #3 0xb69336e0 in __GI_abort () at abort.c:79 #4 0xb6968428 in __libc_message (action=action@entry=do_abort, fmt=<optimized out>) at ../sysdeps/posix/libc_fatal.c:181 #5 0xb696c7e6 in malloc_printerr (str=<optimized out>) at malloc.c:5352 #6 0xb696ca1a in munmap_chunk (p=<optimized out>) at malloc.c:2840 #7 0xb6bd1c4a in CRYPTO_clear_realloc (str=0xd0e59a, old_len=388, num=<optimized out>, file=0xb6c300dc "../../../../../../workspace/sources/openssl/crypto/buffer/buffer.c", line=135) at ../../../../../../workspace/sources/openssl/crypto/mem.c:290 #8 0xb6b5da3a in BUF_MEM_grow_clean (str=0xcfb960, len=len@entry=393) at ../../../../../../workspace/sources/openssl/crypto/buffer/buffer.c:135 #9 0xb6b486a0 in mem_write (b=0xcf8300, in=0xd07c6b "\027\003\003", inl=24) at ../../../../../../workspace/sources/openssl/crypto/bio/bss_mem.c:235 #10 0xb6b45c86 in bwrite_conv (bio=<optimized out>, data=<optimized out>, datal=<optimized out>, written=0xbec68ec8) at ../../../../../../workspace/sources/openssl/crypto/bio/bio_meth.c:77 #11 0xb6b452d4 in bio_write_intern (written=0xbec68ec8, dlen=24, data=0xd07c6b, b=0xcf8300) at ../../../../../../workspace/sources/openssl/crypto/bio/bio_lib.c:343 #12 bio_write_intern (b=0xcf8300, data=0xd07c6b, dlen=24, written=0xbec68ec8) at ../../../../../../workspace/sources/openssl/crypto/bio/bio_lib.c:320 #13 0xb6b455b2 in BIO_write (b=<optimized out>, data=<optimized out>, dlen=<optimized out>) at ../../../../../../workspace/sources/openssl/crypto/bio/bio_lib.c:363 #14 0xb6cabd1a in ssl3_write_pending (s=s@entry=0xcfd2d8, type=type@entry=23, buf=buf@entry=0xcfcc28 "", len=len@entry=2, written=written@entry=0xbec698b0) at ../../../../../../workspace/sources/openssl/ssl/record/rec_layer_s3.c:1146 #15 0xb6cac72e in do_ssl3_write (s=s@entry=0xcfd2d8, type=type@entry=23, buf=buf@entry=0xcfcc28 "", pipelens=pipelens@entry=0xbec698b4, numpipes=numpipes@entry=1, create_empty_fragment=create_empty_fragment@entry=0, written=written@entry=0xbec698b0) at ../../../../../../workspace/sources/openssl/ssl/record/rec_layer_s3.c:1107 #16 0xb6cac92e in ssl3_write_bytes (s=0xcfd2d8, type=23, buf_=0xcfcc28, len=<optimized out>, written=0xbec699c0) at ../../../../../../workspace/sources/openssl/ssl/record/rec_layer_s3.c:613 #17 0xb6cb1698 in ssl3_write (s=<optimized out>, buf=0xcfcc28, len=2, written=0xbec699c0) at ../../../../../../workspace/sources/openssl/ssl/s3_lib.c:4460 #18 0xb6cb87b2 in ssl_write_internal (s=<optimized out>, buf=buf@entry=0xcfcc28, num=num@entry=2, written=written@entry=0xbec699c0) at ../../../../../../workspace/sources/openssl/ssl/ssl_lib.c:1943 #19 0xb6cb8896 in SSL_write (s=<optimized out>, buf=buf@entry=0xcfcc28, num=num@entry=2) at ../../../../../../workspace/sources/openssl/ssl/ssl_lib.c:1957 #20 0x004ddac8 in dnstls_stream_write (stream=stream@entry=0xcfca60, buf=0xcfcc28 "", count=2) at ../git/src/resolve/resolved-dnstls-openssl.c:270 #21 0x004d8d5c in dns_stream_writev (s=s@entry=0xcfca60, iov=iov@entry=0xbec69b4c, iovcnt=iovcnt@entry=2, flags=flags@entry=0) at ../git/src/resolve/resolved-dns-stream.c:225 #22 0x004d9516 in on_stream_io (es=<optimized out>, fd=<optimized out>, revents=4, userdata=0xcfca60) at ../git/src/resolve/resolved-dns-stream.c:334 #23 0xb6e7f020 in source_dispatch (s=0xcf3658) at ../git/src/libsystemd/sd-event/sd-event.c:2821 #24 0xb6e806b0 in sd_event_dispatch (e=e@entry=0xced6d0) at ../git/src/libsystemd/sd-event/sd-event.c:3234 #25 0xb6e807f6 in sd_event_run (e=0xced6d0, timeout=<optimized out>) at ../git/src/libsystemd/sd-event/sd-event.c:3291 #26 0xb6e809bc in sd_event_loop (e=0xced6d0) at ../git/src/libsystemd/sd-event/sd-event.c:3312 #27 0x004bb64c in run (argv=<optimized out>, argc=<optimized out>) at ../git/src/resolve/resolved.c:84 #28 main (argc=<optimized out>, argv=<optimized out>) at ../git/src/resolve/resolved.c:91 Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead
pushed a commit
that referenced
this pull request
Apr 3, 2020
Backport fixes introduced in 2.63.6 for memory leaks and memory corruption in GMainContext Upstream merge: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1353 Fixes SIGSEGV in GStreamer: Thread 2 "multihandlesink" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ffff6bb9700 (LWP 18045)] 0x00007ffff7d65992 in g_source_unref_internal (source=0x7ffff00047d0, context=0x55555561c800, have_lock=1) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:2146 2146 ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c: No such file or directory. (gdb) bt #0 0x00007ffff7d65992 in g_source_unref_internal (source=0x7ffff00047d0, context=0x55555561c800, have_lock=1) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:2146 #1 0x00007ffff7d65bb6 in g_source_iter_next (iter=iter@entry=0x7ffff6bb8db0, source=source@entry=0x7ffff6bb8da8) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:980 #2 0x00007ffff7d67ef3 in g_main_context_prepare (context=context@entry=0x55555561c800, priority=priority@entry=0x7ffff6bb8e30) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:944 #3 0x00007ffff7d6896b in g_main_context_iterate (context=context@entry=0x55555561c800, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:3900 #4 0x00007ffff7d68b4c in g_main_context_iteration (context=0x55555561c800, may_block=may_block@entry=1) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:3981 #5 0x00007ffff6be4482 in gst_multi_socket_sink_thread (mhsink=0x555555679ab0 [GstMultiSocketSink]) at ../../../gst-plugins-base-1.14.4/gst/tcp/gstmultisocketsink.c:1164 #6 0x00007ffff7d8fb35 in g_thread_proxy (data=0x55555565c770) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gthread.c:784 #7 0x00007ffff7841ebd in start_thread (arg=<optimized out>) at pthread_create.c:486 #8 0x00007ffff7aa12bf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 #8 0x00007ffff7aa12bf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 Signed-off-by: Daniel Gomez <daniel@qtec.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
kraj
pushed a commit
to YoeDistro/openembedded-core
that referenced
this pull request
Apr 3, 2020
Backport fixes introduced in 2.63.6 for memory leaks and memory corruption in GMainContext Upstream merge: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1353 Fixes SIGSEGV in GStreamer: Thread 2 "multihandlesink" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ffff6bb9700 (LWP 18045)] 0x00007ffff7d65992 in g_source_unref_internal (source=0x7ffff00047d0, context=0x55555561c800, have_lock=1) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:2146 2146 ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c: No such file or directory. (gdb) bt #0 0x00007ffff7d65992 in g_source_unref_internal (source=0x7ffff00047d0, context=0x55555561c800, have_lock=1) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:2146 #1 0x00007ffff7d65bb6 in g_source_iter_next (iter=iter@entry=0x7ffff6bb8db0, source=source@entry=0x7ffff6bb8da8) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:980 openembedded#2 0x00007ffff7d67ef3 in g_main_context_prepare (context=context@entry=0x55555561c800, priority=priority@entry=0x7ffff6bb8e30) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:944 #3 0x00007ffff7d6896b in g_main_context_iterate (context=context@entry=0x55555561c800, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:3900 #4 0x00007ffff7d68b4c in g_main_context_iteration (context=0x55555561c800, may_block=may_block@entry=1) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:3981 openembedded#5 0x00007ffff6be4482 in gst_multi_socket_sink_thread (mhsink=0x555555679ab0 [GstMultiSocketSink]) at ../../../gst-plugins-base-1.14.4/gst/tcp/gstmultisocketsink.c:1164 openembedded#6 0x00007ffff7d8fb35 in g_thread_proxy (data=0x55555565c770) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gthread.c:784 #7 0x00007ffff7841ebd in start_thread (arg=<optimized out>) at pthread_create.c:486 openembedded#8 0x00007ffff7aa12bf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 openembedded#8 0x00007ffff7aa12bf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 Signed-off-by: Daniel Gomez <daniel@qtec.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead
pushed a commit
that referenced
this pull request
Apr 3, 2020
Backport fixes introduced in 2.63.6 for memory leaks and memory corruption in GMainContext Upstream merge: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1353 Fixes SIGSEGV in GStreamer: Thread 2 "multihandlesink" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ffff6bb9700 (LWP 18045)] 0x00007ffff7d65992 in g_source_unref_internal (source=0x7ffff00047d0, context=0x55555561c800, have_lock=1) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:2146 2146 ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c: No such file or directory. (gdb) bt #0 0x00007ffff7d65992 in g_source_unref_internal (source=0x7ffff00047d0, context=0x55555561c800, have_lock=1) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:2146 #1 0x00007ffff7d65bb6 in g_source_iter_next (iter=iter@entry=0x7ffff6bb8db0, source=source@entry=0x7ffff6bb8da8) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:980 #2 0x00007ffff7d67ef3 in g_main_context_prepare (context=context@entry=0x55555561c800, priority=priority@entry=0x7ffff6bb8e30) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:944 #3 0x00007ffff7d6896b in g_main_context_iterate (context=context@entry=0x55555561c800, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:3900 #4 0x00007ffff7d68b4c in g_main_context_iteration (context=0x55555561c800, may_block=may_block@entry=1) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:3981 #5 0x00007ffff6be4482 in gst_multi_socket_sink_thread (mhsink=0x555555679ab0 [GstMultiSocketSink]) at ../../../gst-plugins-base-1.14.4/gst/tcp/gstmultisocketsink.c:1164 #6 0x00007ffff7d8fb35 in g_thread_proxy (data=0x55555565c770) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gthread.c:784 #7 0x00007ffff7841ebd in start_thread (arg=<optimized out>) at pthread_create.c:486 #8 0x00007ffff7aa12bf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 #8 0x00007ffff7aa12bf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 Signed-off-by: Daniel Gomez <daniel@qtec.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
eigendude
added a commit
to eigendude/openembedded-core
that referenced
this pull request
Sep 17, 2022
Use local GCC 8 for building native packages
halstead
pushed a commit
that referenced
this pull request
Jul 10, 2023
* inherit python_setuptools_build_meta since setup.py was dropped https://github.com/pytest-dev/pytest-subtests/blob/main/CHANGELOG.rst#0110-2023-05-15 * Logging is displayed for failing subtests (#92) * Passing subtests no longer turn the pytest output to yellow (as if warnings have been issued) (#86). Thanks to Andrew-Brock for providing the solution. * Now the msg contents of a subtest is displayed when running pytest with -v (#6). Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead
pushed a commit
that referenced
this pull request
Sep 6, 2024
In systemd/systemd@924453c ProtectHome was set to true for systemd-coredump in order to reduce risk, since an attacker could craft a malicious binary in order to compromise systemd-coredump. At that point the object analysis was done in the main systemd-coredump process. Because of this systemd-coredump is unable to product symbolicated call-stacks for binaries running under /home ("n/a" is shown instead of function names). However, later in systemd/systemd@61aea45 systemd-coredump was changed to do the object analysis in a forked process, covering those security concerns. Let's set ProtectHome to read-only so that systemd-coredump produces symbolicated call-stacks for processes running under /home. Note: it still does not work in /tmp (because of PrivateTmp=yes) and in /root (for unknown reasons). Before the change (with minidebuginfo enabled): root@qemux86-64:~# /home/sleep 1000 & [1] 426 root@qemux86-64:~# kill -11 $(pidof sleep) root@qemux86-64:~# coredumpctl info PID: 426 (sleep) UID: 0 (root) GID: 0 (root) Signal: 11 (SEGV) Timestamp: Fri 2024-09-06 17:25:18 UTC (3s ago) Command Line: /home/sleep 1000 Executable: /home/sleep Control Group: /system.slice/system-serial\x2dgetty.slice/serial-getty@ttyS0.service Unit: serial-getty@ttyS0.service Slice: system-serial\x2dgetty.slice Boot ID: 44ef4ddfaad249ceaa29d1e9f330d3b5 Machine ID: fb279f18f2c849c59768754c7a274ee3 Hostname: qemux86-64 Storage: /var/lib/systemd/coredump/core.sleep.0.44ef4ddfaad249ceaa29d1e9f330d3b5.426.1725643518000000.zst (present) Size on Disk: 16.5K Message: Process 426 (sleep) of user 0 dumped core. Stack trace of thread 426: #0 0x00007f365f3849a7 clock_nanosleep (libc.so.6 + 0xd49a7) #1 0x00007f365f38f667 __nanosleep (libc.so.6 + 0xdf667) #2 0x0000561fee703737 n/a (/home/sleep + 0x7737) #3 0x000000003a6227c5 n/a (n/a + 0x0) ELF object binary architecture: AMD x86-64 [1]+ Segmentation fault (core dumped) /home/sleep 1000 After the change (with minidebuginfo enabled): root@qemux86-64:~# /home/sleep 1000 & [1] 450 root@qemux86-64:~# kill -11 $(pidof sleep) root@qemux86-64:~# coredumpctl info PID: 450 (sleep) UID: 0 (root) GID: 0 (root) Signal: 11 (SEGV) Timestamp: Fri 2024-09-06 17:30:12 UTC (4s ago) Command Line: /home/sleep 1000 Executable: /home/sleep Control Group: /system.slice/system-serial\x2dgetty.slice/serial-getty@ttyS0.service Unit: serial-getty@ttyS0.service Slice: system-serial\x2dgetty.slice Boot ID: 44ef4ddfaad249ceaa29d1e9f330d3b5 Machine ID: fb279f18f2c849c59768754c7a274ee3 Hostname: qemux86-64 Storage: /var/lib/systemd/coredump/core.sleep.0.44ef4ddfaad249ceaa29d1e9f330d3b5.450.1725643812000000.zst (present) Size on Disk: 16.5K Message: Process 450 (sleep) of user 0 dumped core. Stack trace of thread 450: #0 0x00007f795dd689a7 clock_nanosleep (libc.so.6 + 0xd49a7) #1 0x00007f795dd73667 __nanosleep (libc.so.6 + 0xdf667) #2 0x0000561965c9d737 rpl_nanosleep (sleep + 0x7737) #3 0x0000561965c9d0c1 xnanosleep (sleep + 0x70c1) #4 0x0000561965c985c8 main (sleep + 0x25c8) #5 0x00007f795dcba01b __libc_start_call_main (libc.so.6 + 0x2601b) #6 0x00007f795dcba0d9 __libc_start_main (libc.so.6 + 0x260d9) #7 0x0000561965c98685 _start (sleep + 0x2685) ELF object binary architecture: AMD x86-64 [1]+ Segmentation fault (core dumped) /home/sleep 1000 Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead
pushed a commit
that referenced
this pull request
Sep 7, 2024
In systemd/systemd@924453c ProtectHome was set to true for systemd-coredump in order to reduce risk, since an attacker could craft a malicious binary in order to compromise systemd-coredump. At that point the object analysis was done in the main systemd-coredump process. Because of this systemd-coredump is unable to product symbolicated call-stacks for binaries running under /home ("n/a" is shown instead of function names). However, later in systemd/systemd@61aea45 systemd-coredump was changed to do the object analysis in a forked process, covering those security concerns. Let's set ProtectHome to read-only so that systemd-coredump produces symbolicated call-stacks for processes running under /home. Note: it still does not work in /tmp (because of PrivateTmp=yes) and in /root (for unknown reasons). Before the change (with minidebuginfo enabled): root@qemux86-64:~# /home/sleep 1000 & [1] 426 root@qemux86-64:~# kill -11 $(pidof sleep) root@qemux86-64:~# coredumpctl info PID: 426 (sleep) UID: 0 (root) GID: 0 (root) Signal: 11 (SEGV) Timestamp: Fri 2024-09-06 17:25:18 UTC (3s ago) Command Line: /home/sleep 1000 Executable: /home/sleep Control Group: /system.slice/system-serial\x2dgetty.slice/serial-getty@ttyS0.service Unit: serial-getty@ttyS0.service Slice: system-serial\x2dgetty.slice Boot ID: 44ef4ddfaad249ceaa29d1e9f330d3b5 Machine ID: fb279f18f2c849c59768754c7a274ee3 Hostname: qemux86-64 Storage: /var/lib/systemd/coredump/core.sleep.0.44ef4ddfaad249ceaa29d1e9f330d3b5.426.1725643518000000.zst (present) Size on Disk: 16.5K Message: Process 426 (sleep) of user 0 dumped core. Stack trace of thread 426: #0 0x00007f365f3849a7 clock_nanosleep (libc.so.6 + 0xd49a7) #1 0x00007f365f38f667 __nanosleep (libc.so.6 + 0xdf667) #2 0x0000561fee703737 n/a (/home/sleep + 0x7737) #3 0x000000003a6227c5 n/a (n/a + 0x0) ELF object binary architecture: AMD x86-64 [1]+ Segmentation fault (core dumped) /home/sleep 1000 After the change (with minidebuginfo enabled): root@qemux86-64:~# /home/sleep 1000 & [1] 450 root@qemux86-64:~# kill -11 $(pidof sleep) root@qemux86-64:~# coredumpctl info PID: 450 (sleep) UID: 0 (root) GID: 0 (root) Signal: 11 (SEGV) Timestamp: Fri 2024-09-06 17:30:12 UTC (4s ago) Command Line: /home/sleep 1000 Executable: /home/sleep Control Group: /system.slice/system-serial\x2dgetty.slice/serial-getty@ttyS0.service Unit: serial-getty@ttyS0.service Slice: system-serial\x2dgetty.slice Boot ID: 44ef4ddfaad249ceaa29d1e9f330d3b5 Machine ID: fb279f18f2c849c59768754c7a274ee3 Hostname: qemux86-64 Storage: /var/lib/systemd/coredump/core.sleep.0.44ef4ddfaad249ceaa29d1e9f330d3b5.450.1725643812000000.zst (present) Size on Disk: 16.5K Message: Process 450 (sleep) of user 0 dumped core. Stack trace of thread 450: #0 0x00007f795dd689a7 clock_nanosleep (libc.so.6 + 0xd49a7) #1 0x00007f795dd73667 __nanosleep (libc.so.6 + 0xdf667) #2 0x0000561965c9d737 rpl_nanosleep (sleep + 0x7737) #3 0x0000561965c9d0c1 xnanosleep (sleep + 0x70c1) #4 0x0000561965c985c8 main (sleep + 0x25c8) #5 0x00007f795dcba01b __libc_start_call_main (libc.so.6 + 0x2601b) #6 0x00007f795dcba0d9 __libc_start_main (libc.so.6 + 0x260d9) #7 0x0000561965c98685 _start (sleep + 0x2685) ELF object binary architecture: AMD x86-64 [1]+ Segmentation fault (core dumped) /home/sleep 1000 Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead
pushed a commit
that referenced
this pull request
Sep 9, 2024
In systemd/systemd@924453c ProtectHome was set to true for systemd-coredump in order to reduce risk, since an attacker could craft a malicious binary in order to compromise systemd-coredump. At that point the object analysis was done in the main systemd-coredump process. Because of this systemd-coredump is unable to product symbolicated call-stacks for binaries running under /home ("n/a" is shown instead of function names). However, later in systemd/systemd@61aea45 systemd-coredump was changed to do the object analysis in a forked process, covering those security concerns. Let's set ProtectHome to read-only so that systemd-coredump produces symbolicated call-stacks for processes running under /home. Note: it still does not work in /tmp (because of PrivateTmp=yes) and in /root (for unknown reasons). Before the change (with minidebuginfo enabled): root@qemux86-64:~# /home/sleep 1000 & [1] 426 root@qemux86-64:~# kill -11 $(pidof sleep) root@qemux86-64:~# coredumpctl info PID: 426 (sleep) UID: 0 (root) GID: 0 (root) Signal: 11 (SEGV) Timestamp: Fri 2024-09-06 17:25:18 UTC (3s ago) Command Line: /home/sleep 1000 Executable: /home/sleep Control Group: /system.slice/system-serial\x2dgetty.slice/serial-getty@ttyS0.service Unit: serial-getty@ttyS0.service Slice: system-serial\x2dgetty.slice Boot ID: 44ef4ddfaad249ceaa29d1e9f330d3b5 Machine ID: fb279f18f2c849c59768754c7a274ee3 Hostname: qemux86-64 Storage: /var/lib/systemd/coredump/core.sleep.0.44ef4ddfaad249ceaa29d1e9f330d3b5.426.1725643518000000.zst (present) Size on Disk: 16.5K Message: Process 426 (sleep) of user 0 dumped core. Stack trace of thread 426: #0 0x00007f365f3849a7 clock_nanosleep (libc.so.6 + 0xd49a7) #1 0x00007f365f38f667 __nanosleep (libc.so.6 + 0xdf667) #2 0x0000561fee703737 n/a (/home/sleep + 0x7737) #3 0x000000003a6227c5 n/a (n/a + 0x0) ELF object binary architecture: AMD x86-64 [1]+ Segmentation fault (core dumped) /home/sleep 1000 After the change (with minidebuginfo enabled): root@qemux86-64:~# /home/sleep 1000 & [1] 450 root@qemux86-64:~# kill -11 $(pidof sleep) root@qemux86-64:~# coredumpctl info PID: 450 (sleep) UID: 0 (root) GID: 0 (root) Signal: 11 (SEGV) Timestamp: Fri 2024-09-06 17:30:12 UTC (4s ago) Command Line: /home/sleep 1000 Executable: /home/sleep Control Group: /system.slice/system-serial\x2dgetty.slice/serial-getty@ttyS0.service Unit: serial-getty@ttyS0.service Slice: system-serial\x2dgetty.slice Boot ID: 44ef4ddfaad249ceaa29d1e9f330d3b5 Machine ID: fb279f18f2c849c59768754c7a274ee3 Hostname: qemux86-64 Storage: /var/lib/systemd/coredump/core.sleep.0.44ef4ddfaad249ceaa29d1e9f330d3b5.450.1725643812000000.zst (present) Size on Disk: 16.5K Message: Process 450 (sleep) of user 0 dumped core. Stack trace of thread 450: #0 0x00007f795dd689a7 clock_nanosleep (libc.so.6 + 0xd49a7) #1 0x00007f795dd73667 __nanosleep (libc.so.6 + 0xdf667) #2 0x0000561965c9d737 rpl_nanosleep (sleep + 0x7737) #3 0x0000561965c9d0c1 xnanosleep (sleep + 0x70c1) #4 0x0000561965c985c8 main (sleep + 0x25c8) #5 0x00007f795dcba01b __libc_start_call_main (libc.so.6 + 0x2601b) #6 0x00007f795dcba0d9 __libc_start_main (libc.so.6 + 0x260d9) #7 0x0000561965c98685 _start (sleep + 0x2685) ELF object binary architecture: AMD x86-64 [1]+ Segmentation fault (core dumped) /home/sleep 1000 Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead
pushed a commit
that referenced
this pull request
Sep 9, 2024
In systemd/systemd@924453c ProtectHome was set to true for systemd-coredump in order to reduce risk, since an attacker could craft a malicious binary in order to compromise systemd-coredump. At that point the object analysis was done in the main systemd-coredump process. Because of this systemd-coredump is unable to product symbolicated call-stacks for binaries running under /home ("n/a" is shown instead of function names). However, later in systemd/systemd@61aea45 systemd-coredump was changed to do the object analysis in a forked process, covering those security concerns. Let's set ProtectHome to read-only so that systemd-coredump produces symbolicated call-stacks for processes running under /home. Note: it still does not work in /tmp (because of PrivateTmp=yes) and in /root (for unknown reasons). Before the change (with minidebuginfo enabled): root@qemux86-64:~# /home/sleep 1000 & [1] 426 root@qemux86-64:~# kill -11 $(pidof sleep) root@qemux86-64:~# coredumpctl info PID: 426 (sleep) UID: 0 (root) GID: 0 (root) Signal: 11 (SEGV) Timestamp: Fri 2024-09-06 17:25:18 UTC (3s ago) Command Line: /home/sleep 1000 Executable: /home/sleep Control Group: /system.slice/system-serial\x2dgetty.slice/serial-getty@ttyS0.service Unit: serial-getty@ttyS0.service Slice: system-serial\x2dgetty.slice Boot ID: 44ef4ddfaad249ceaa29d1e9f330d3b5 Machine ID: fb279f18f2c849c59768754c7a274ee3 Hostname: qemux86-64 Storage: /var/lib/systemd/coredump/core.sleep.0.44ef4ddfaad249ceaa29d1e9f330d3b5.426.1725643518000000.zst (present) Size on Disk: 16.5K Message: Process 426 (sleep) of user 0 dumped core. Stack trace of thread 426: #0 0x00007f365f3849a7 clock_nanosleep (libc.so.6 + 0xd49a7) #1 0x00007f365f38f667 __nanosleep (libc.so.6 + 0xdf667) #2 0x0000561fee703737 n/a (/home/sleep + 0x7737) #3 0x000000003a6227c5 n/a (n/a + 0x0) ELF object binary architecture: AMD x86-64 [1]+ Segmentation fault (core dumped) /home/sleep 1000 After the change (with minidebuginfo enabled): root@qemux86-64:~# /home/sleep 1000 & [1] 450 root@qemux86-64:~# kill -11 $(pidof sleep) root@qemux86-64:~# coredumpctl info PID: 450 (sleep) UID: 0 (root) GID: 0 (root) Signal: 11 (SEGV) Timestamp: Fri 2024-09-06 17:30:12 UTC (4s ago) Command Line: /home/sleep 1000 Executable: /home/sleep Control Group: /system.slice/system-serial\x2dgetty.slice/serial-getty@ttyS0.service Unit: serial-getty@ttyS0.service Slice: system-serial\x2dgetty.slice Boot ID: 44ef4ddfaad249ceaa29d1e9f330d3b5 Machine ID: fb279f18f2c849c59768754c7a274ee3 Hostname: qemux86-64 Storage: /var/lib/systemd/coredump/core.sleep.0.44ef4ddfaad249ceaa29d1e9f330d3b5.450.1725643812000000.zst (present) Size on Disk: 16.5K Message: Process 450 (sleep) of user 0 dumped core. Stack trace of thread 450: #0 0x00007f795dd689a7 clock_nanosleep (libc.so.6 + 0xd49a7) #1 0x00007f795dd73667 __nanosleep (libc.so.6 + 0xdf667) #2 0x0000561965c9d737 rpl_nanosleep (sleep + 0x7737) #3 0x0000561965c9d0c1 xnanosleep (sleep + 0x70c1) #4 0x0000561965c985c8 main (sleep + 0x25c8) #5 0x00007f795dcba01b __libc_start_call_main (libc.so.6 + 0x2601b) #6 0x00007f795dcba0d9 __libc_start_main (libc.so.6 + 0x260d9) #7 0x0000561965c98685 _start (sleep + 0x2685) ELF object binary architecture: AMD x86-64 [1]+ Segmentation fault (core dumped) /home/sleep 1000 Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The patch has been picked up from libxcb git and is only
applicable to v1.10 while it gets fixed in mainstream v1.11.
http://cgit.freedesktop.org/xcb/libxcb/commit/?id=be0fe56c3bcad5124dcc6c47a2fad01acd16f71a
Signed-off-by: Awais Belal awais_belal@mentor.com