Bug 554965

Summary: gcore tool produces unusable corefile with MRG kernel
Product: Red Hat Enterprise MRG Reporter: Roland Westrelin <roland.westrelin>
Component: realtime-kernelAssignee: Arnaldo Carvalho de Melo <acme>
Status: CLOSED ERRATA QA Contact: David Sommerseth <davids>
Severity: medium Docs Contact:
Priority: low    
Version: 1.2CC: bhu, David.Holmes, lgoncalv, onestero, ovasik, williams
Target Milestone: 1.2.5   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-03-23 15:43:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Roland Westrelin 2010-01-13 08:37:31 UTC 
Description of problem:

/usr/bin/gcore part of gdb-6.8-37.el5 produces core files that gdb can't use.

Version-Release number of selected component (if applicable):

/usr/bin/gcore from gdb-6.8-37.el5 run on MRG kernel 2.6.24.7-139.el5rt

How reproducible:

Always reproducible

Steps to Reproduce:
1.

Compile and run simple program

#include <unistd.h>                                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                                                                 
int main(int argc, char* argv[]) {                                                                                                                                                                                                                                               
  while(1) {                                                                                                                                                                                                                                                                     
    sleep(60);                                                                                                                                                                                                                                                                   
  }                                                                                                                                                                                                                                                                              
  return 0;                                                                                                                                                                                                                                                                      
}       

2.

Find pid of program from step 1 and run gcore

3.
  
open corefile with gdb. Try where command.

Actual results:

$ gdb /tmp/loop /tmp/core.15579 
GNU gdb Fedora (6.8-37.el5)
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...
Failed to read a valid object file image from memory.
Core was generated by `/tmp/loop'.
[New process 15579]
#0  0xb7f29410 in ?? ()
(gdb) where
#0  0xb7f29410 in ?? ()
Cannot access memory at address 0xbf971a9c
(gdb) 


Expected results:

Same test on kernel 2.6.18-164.9.1.el5:

$ gdb /tmp/loop /tmp/core.3978
GNU gdb Fedora (6.8-37.el5)
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...

warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Core was generated by `/tmp/loop'.
[New process 3978]
#0  0x003d3402 in __kernel_vsyscall ()
(gdb) where
#0  0x003d3402 in __kernel_vsyscall ()
#1  0x4adcc970 in __nanosleep_nocancel () from /lib/libc.so.6
#2  0x4adcc7bf in sleep () from /lib/libc.so.6
#3  0x080483a1 in main () at loop.c:5
(gdb) 


Additional info:

works with RHEL standard kernel: 2.6.18-164.9.1.el5
Comment 1 Luis Claudio R. Goncalves 2010-02-08 16:23:05 UTC 
Arnaldo and Oleg wrote a patch to fix this issue. The patch bz554965-bz516684-CVE-2009-2691-0001-Fixup-8181bd7-kernel-proc-pid-maps-visible-durin.patch was added to kernel 2.6.24.7-148 queue.
Comment 4 David Sommerseth 2010-03-16 18:50:22 UTC 
Verified by code review and running reproducing routine.  Patch mentioned in comment #1.

Reproduced it by compiling the test program (bz554965.c) from the initial comment and running it.  In another shell, the following was observed:

The old kernel:
--------------------------------------------------------------------------------
[root@hp-bl685c-01 ~]# uname -r
2.6.24.7-146.el5rt
[root@hp-bl685c-01 ~]# pidof bz554965
3765
[root@hp-bl685c-01 ~]# gcore 3765
0xb7f73410 in __kernel_vsyscall ()
Saved corefile core.3765
[root@hp-bl685c-01 ~]# gdb ./bz554965 core.3765 
GNU gdb Fedora (6.8-37.el5)[...snip...gdb copyright notice...]
This GDB was configured as "i386-redhat-linux-gnu"...
Failed to read a valid object file image from memory.
Core was generated by `/root/bz554965'.
[New process 3765]
#0  0xb7f73410 in ?? ()
(gdb) bt
#0  0xb7f73410 in ?? ()
Cannot access memory at address 0xbfb3be0c
(gdb) quit

--------------------------------------------------------------------------------

The new kernel:
--------------------------------------------------------------------------------
[root@hp-bl685c-01 ~]# uname -r
2.6.24.7-149.el5rt
[root@hp-bl685c-01 ~]# pidof bz554965
1398
[root@hp-bl685c-01 ~]# gcore 1398
0xb7f71410 in __kernel_vsyscall ()
Saved corefile core.1398
[root@hp-bl685c-01 ~]# gdb ./bz554965 core.1398 
GNU gdb Fedora (6.8-37.el5)
[...snip...gdb copyright notice...]
This GDB was configured as "i386-redhat-linux-gnu"...
warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Core was generated by `/root/bz554965'.
[New process 1398]
#0  0xb7f71410 in __kernel_vsyscall ()
(gdb) bt
#0  0xb7f71410 in __kernel_vsyscall ()
#1  0x003fd970 in __nanosleep_nocancel () from /lib/libc.so.6
#2  0x003fd7bf in sleep () from /lib/libc.so.6
#3  0x080483a1 in main () at bz554965.c:5
(gdb) quit
--------------------------------------------------------------------------------
Comment 11 errata-xmlrpc 2010-03-23 15:43:19 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2010-0161.html