Bug 1686680

Summary: python-volatility crashing when used on system with kernel 4.9+
Product: [Fedora] Fedora Reporter: Michal Ambroz <rebus>
Component: python-volatilityAssignee: Michal Ambroz <rebus>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 28CC: alon, rebus
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python-volatility-2.6.1-1.fc29 python-volatility-2.6.1-1.el7 python-volatility-2.6.1-1.fc30 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-03-25 06:04:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michal Ambroz 2019-03-08 01:51:12 UTC 
Description of problem:
python-volatility crashing when used on system with kernel 4.9+
Some kernel memory structures have changed and it breaks the interface between Volatility framework and the libdwarf

Version-Release number of selected component (if applicable):
2.6.0

How reproducible:
100%

Steps to Reproduce:
1. vol -f example.dmp imageinfo


Actual results:
$ vol -f ch2.dmp imageinfo
Volatility Foundation Volatility Framework 2.6
INFO    : volatility.debug    : Determining profile based on KDBG search...
Traceback (most recent call last):
  File "/usr/bin/vol", line 192, in <module>
    main()
  File "/usr/bin/vol", line 183, in main
    command.execute()
  File "/usr/lib/python2.7/site-packages/volatility/commands.py", line 147, in execute
    func(outfd, data)
  File "/usr/lib/python2.7/site-packages/volatility/plugins/imageinfo.py", line 45, in render_text
    for k, t, v in data:
  File "/usr/lib/python2.7/site-packages/volatility/plugins/imageinfo.py", line 55, in calculate
    suglist = [ s for s, _ in kdbgscan.KDBGScan.calculate(self)]
  File "/usr/lib/python2.7/site-packages/volatility/plugins/kdbgscan.py", line 116, in calculate
    buf = addrspace.BufferAddressSpace(self._config)
  File "/usr/lib/python2.7/site-packages/volatility/addrspace.py", line 378, in __init__
    BaseAddressSpace.__init__(self, None, config, **kwargs)
  File "/usr/lib/python2.7/site-packages/volatility/addrspace.py", line 73, in __init__
    self.profile = self._set_profile(config.PROFILE)
  File "/usr/lib/python2.7/site-packages/volatility/addrspace.py", line 98, in _set_profile
    ret = profs[profile_name]()
  File "/usr/lib/python2.7/site-packages/volatility/plugins/overlays/linux/linux.py", line 216, in __init__
    obj.Profile.__init__(self, *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/volatility/obj.py", line 862, in __init__
    self.reset()
  File "/usr/lib/python2.7/site-packages/volatility/plugins/overlays/linux/linux.py", line 227, in reset
    self.load_vtypes()
  File "/usr/lib/python2.7/site-packages/volatility/plugins/overlays/linux/linux.py", line 264, in load_vtypes
    vtypesvar = dwarf.DWARFParser(dwarfdata).finalize()
  File "/usr/lib/python2.7/site-packages/volatility/dwarf.py", line 71, in __init__
    self.feed_line(line)
  File "/usr/lib/python2.7/site-packages/volatility/dwarf.py", line 162, in feed_line
    self.process_statement(**parsed) #pylint: disable-msg=W0142
  File "/usr/lib/python2.7/site-packages/volatility/dwarf.py", line 204, in process_statement
    self.vtypes[name] = [ int(data['DW_AT_byte_size'], self.base), {} ]
KeyError: 'DW_AT_byte_size'


Expected results:
$ vol -f ch2.dmp  imageinfo 
Volatility Foundation Volatility Framework 2.6.1
INFO    : volatility.debug    : Determining profile based on KDBG search...
          Suggested Profile(s) : Win7SP1x86_23418, Win7SP0x86, Win7SP1x86_24000, Win7SP1x86
                     AS Layer1 : IA32PagedMemoryPae (Kernel AS)
                     AS Layer2 : FileAddressSpace (/mnt/extra/tmp/rootme/ch2.dmp)
                      PAE type : PAE
                           DTB : 0x185000L
                          KDBG : 0x82929be8L
          Number of Processors : 1
     Image Type (Service Pack) : 0
                KPCR for CPU 0 : 0x8292ac00L
             KUSER_SHARED_DATA : 0xffdf0000L
           Image date and time : 2013-01-12 16:59:18 UTC+0000
     Image local date and time : 2013-01-12 17:59:18 +0100
Comment 1 Fedora Update System 2019-03-08 02:12:10 UTC 
python-volatility-2.6.1-1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-ceaa9857b6
Comment 2 Fedora Update System 2019-03-08 02:12:17 UTC 
python-volatility-2.6.1-1.fc30 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-2046a66439
Comment 3 Fedora Update System 2019-03-08 02:12:27 UTC 
python-volatility-2.6.1-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-df37454881
Comment 4 Fedora Update System 2019-03-08 19:45:23 UTC 
python-volatility-2.6.1-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-2046a66439
Comment 5 Fedora Update System 2019-03-08 22:39:03 UTC 
python-volatility-2.6.1-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-df37454881
Comment 6 Fedora Update System 2019-03-08 22:40:46 UTC 
python-volatility-2.6.1-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-ceaa9857b6
Comment 7 Fedora Update System 2019-03-25 06:04:49 UTC 
python-volatility-2.6.1-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2019-03-25 06:52:38 UTC 
python-volatility-2.6.1-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2019-03-29 19:11:04 UTC 
python-volatility-2.6.1-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.