554965 – gcore tool produces unusable corefile with MRG kernel

Bug 554965 - gcore tool produces unusable corefile with MRG kernel

Summary: gcore tool produces unusable corefile with MRG kernel

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise MRG
Classification:	Red Hat
Component:	realtime-kernel
Sub Component:
Version:	1.2
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	1.2.5
Target Release:	---
Assignee:	Arnaldo Carvalho de Melo
QA Contact:	David Sommerseth
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-01-13 08:37 UTC by Roland Westrelin
Modified:	2016-05-22 23:29 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-03-23 15:43:19 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2010:0161	0	normal	SHIPPED_LIVE	Important: kernel-rt security and bug fix update	2010-03-23 15:42:25 UTC

Description Roland Westrelin 2010-01-13 08:37:31 UTC

Description of problem:

/usr/bin/gcore part of gdb-6.8-37.el5 produces core files that gdb can't use.

Version-Release number of selected component (if applicable):

/usr/bin/gcore from gdb-6.8-37.el5 run on MRG kernel 2.6.24.7-139.el5rt

How reproducible:

Always reproducible

Steps to Reproduce:
1.

Compile and run simple program

#include <unistd.h>                                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                                                                 
int main(int argc, char* argv[]) {                                                                                                                                                                                                                                               
  while(1) {                                                                                                                                                                                                                                                                     
    sleep(60);                                                                                                                                                                                                                                                                   
  }                                                                                                                                                                                                                                                                              
  return 0;                                                                                                                                                                                                                                                                      
}       

2.

Find pid of program from step 1 and run gcore

3.
  
open corefile with gdb. Try where command.

Actual results:

$ gdb /tmp/loop /tmp/core.15579 
GNU gdb Fedora (6.8-37.el5)
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...
Failed to read a valid object file image from memory.
Core was generated by `/tmp/loop'.
[New process 15579]
#0  0xb7f29410 in ?? ()
(gdb) where
#0  0xb7f29410 in ?? ()
Cannot access memory at address 0xbf971a9c
(gdb) 


Expected results:

Same test on kernel 2.6.18-164.9.1.el5:

$ gdb /tmp/loop /tmp/core.3978
GNU gdb Fedora (6.8-37.el5)
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...

warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Core was generated by `/tmp/loop'.
[New process 3978]
#0  0x003d3402 in __kernel_vsyscall ()
(gdb) where
#0  0x003d3402 in __kernel_vsyscall ()
#1  0x4adcc970 in __nanosleep_nocancel () from /lib/libc.so.6
#2  0x4adcc7bf in sleep () from /lib/libc.so.6
#3  0x080483a1 in main () at loop.c:5
(gdb) 


Additional info:

works with RHEL standard kernel: 2.6.18-164.9.1.el5

Comment 1 Luis Claudio R. Goncalves 2010-02-08 16:23:05 UTC

Arnaldo and Oleg wrote a patch to fix this issue. The patch bz554965-bz516684-CVE-2009-2691-0001-Fixup-8181bd7-kernel-proc-pid-maps-visible-durin.patch was added to kernel 2.6.24.7-148 queue.

Comment 4 David Sommerseth 2010-03-16 18:50:22 UTC

Verified by code review and running reproducing routine.  Patch mentioned in comment #1.

Reproduced it by compiling the test program (bz554965.c) from the initial comment and running it.  In another shell, the following was observed:

The old kernel:
--------------------------------------------------------------------------------
[root@hp-bl685c-01 ~]# uname -r
2.6.24.7-146.el5rt
[root@hp-bl685c-01 ~]# pidof bz554965
3765
[root@hp-bl685c-01 ~]# gcore 3765
0xb7f73410 in __kernel_vsyscall ()
Saved corefile core.3765
[root@hp-bl685c-01 ~]# gdb ./bz554965 core.3765 
GNU gdb Fedora (6.8-37.el5)[...snip...gdb copyright notice...]
This GDB was configured as "i386-redhat-linux-gnu"...
Failed to read a valid object file image from memory.
Core was generated by `/root/bz554965'.
[New process 3765]
#0  0xb7f73410 in ?? ()
(gdb) bt
#0  0xb7f73410 in ?? ()
Cannot access memory at address 0xbfb3be0c
(gdb) quit

--------------------------------------------------------------------------------

The new kernel:
--------------------------------------------------------------------------------
[root@hp-bl685c-01 ~]# uname -r
2.6.24.7-149.el5rt
[root@hp-bl685c-01 ~]# pidof bz554965
1398
[root@hp-bl685c-01 ~]# gcore 1398
0xb7f71410 in __kernel_vsyscall ()
Saved corefile core.1398
[root@hp-bl685c-01 ~]# gdb ./bz554965 core.1398 
GNU gdb Fedora (6.8-37.el5)
[...snip...gdb copyright notice...]
This GDB was configured as "i386-redhat-linux-gnu"...
warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Core was generated by `/root/bz554965'.
[New process 1398]
#0  0xb7f71410 in __kernel_vsyscall ()
(gdb) bt
#0  0xb7f71410 in __kernel_vsyscall ()
#1  0x003fd970 in __nanosleep_nocancel () from /lib/libc.so.6
#2  0x003fd7bf in sleep () from /lib/libc.so.6
#3  0x080483a1 in main () at bz554965.c:5
(gdb) quit
--------------------------------------------------------------------------------

Comment 11 errata-xmlrpc 2010-03-23 15:43:19 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2010-0161.html

Note You need to log in before you can comment on or make changes to this bug.