From nobody@FreeBSD.org  Wed Feb 20 06:20:18 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1979616A400
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 20 Feb 2008 06:20:18 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 0BB2F13C467
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 20 Feb 2008 06:20:18 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m1K6Hkvq098360
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 20 Feb 2008 06:17:46 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m1K6HkgT098359;
	Wed, 20 Feb 2008 06:17:46 GMT
	(envelope-from nobody)
Message-Id: <200802200617.m1K6HkgT098359@www.freebsd.org>
Date: Wed, 20 Feb 2008 06:17:46 GMT
From: Dmitry Andrianov <666.root@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: fstat exit on signall 11
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         120872
>Category:       kern
>Synopsis:       [libkvm] [patch] fstat exit on signal 11
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Feb 20 06:30:02 UTC 2008
>Closed-Date:    
>Last-Modified:  Fri Oct 15 09:15:19 UTC 2010
>Originator:     Dmitry Andrianov
>Release:        FreeBSD 7 RC2
>Organization:
79.120.123.5
>Environment:
FreeBSD zingel.dubki.ru 7.0-RC2 FreeBSD 7.0-RC2 #0: Sun Feb 17 00:02:07 EET 2008     admin666@zingel.dubki.ru:/usr/obj/usr/src/sys/BEASTIE-RC4  i386

>Description:
Hello.

I beg pardon for my language.

There was a 'little' problem at the use of command fstat:

***********

root@zingel:/$ fstat -M /COPYRIGHT
Segmentation fault: 11

************

root@zingel:/$ truss -f /usr/bin/fstat -M /COPYRIGHT
98975: munmap(0x28185094,453623)                 = 0 (0x0)
98975: munmap(0x2818434c,1160)                   = 0 (0x0)
98975: fstat(4,{mode=-r-xr-xr-x ,inode=141340,size=6327435,blksize=4096}) = 0 (0x0)
98975: mmap(0x0,6327435,PROT_READ,MAP_PRIVATE,4,0x0) = 1402195968 (0x5393d000)
98975: munmap(0x5393d000,6327435)                = 0 (0x0)
98975: lseek(4,0x0,SEEK_SET)                     = 0 (0x0)
98975: read(4,"\^?ELF\^A\^A\^A\t\0\0\0\0\0\0\0"...,52) = 52 (0x34)
98975: fstat(4,{mode=-r-xr-xr-x ,inode=141340,size=6327435,blksize=4096}) = 0 (0x0)
98975: mmap(0x0,1160,PROT_READ,0x0,4,0x54434c)   = 672678732 (0x2818434c)
98975: mmap(0x0,453623,PROT_READ,0x0,4,0x59a094) = 672682132 (0x28185094)
98975: lseek(4,0x5447d4,SEEK_SET)                = 5523412 (0x5447d4)
98975: read(4,"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,16384) = 16384 (0x4000)
98975: read(4,"\M-.R\0\0\M-p\^EJ\M-@\M-h\^A\0\0"...,16384) = 16384 (0x4000)
98975: read(4,":\M-,\0\0\M^H\M-|\M^R\M-@\^D\0\0"...,16384) = 16384 (0x4000)
98975: read(4,"a\M-~\0\0P\^D\M^H\M-@\^D\0\0\0"...,16384) = 16384 (0x4000)
98975: read(4,"\M-|S\^A\0\M-4\M-W\M^M\M-@\^D\0"...,16384) = 16384 (0x4000)
98975: read(4,"E\M-9\^A\0\M-x\M-;\M^M\M-@\^D\0"...,16384) = 16384 (0x4000)
98975: read(4,"\M-1$\^B\0\M-`\M^_\\\M-@\M-R\0\0"...,16384) = 16384 (0x4000)
98975: read(4,"$\M^I\^B\0L\^T\M^P\M-@\f\0\0\0"...,16384) = 16384 (0x4000)
98975: read(4,"\M^W\M-\\^B\0Ha\M^H\M-@\^D\0\0\0"...,16384) = 16384 (0x4000)
98975: read(4,"F?\^C\0\M-h\M-z\M^T\M-@\^X\0\0\0"...,16384) = 16384 (0x4000)
98975: read(4,"\M-{\M-<\^C\0\\\M-F\M^M\M-@\^D\0"...,16384) = 16384 (0x4000)
98975: read(4,"\0\^\\^D\0d\M-H\M^M\M-@\^D\0\0\0"...,16384) = 16384 (0x4000)
98975: read(4,"\240}\^D\0\M-l\M-I\M^M\M-@\^D\0"...,16384) = 16384 (0x4000)
98975: read(4,"\M-K\M-N\^D\0\M-@+\M^R\M-@,\0\0"...,16384) = 16384 (0x4000)
98975: read(4,"?"\^E\0\M-`\M-LH\M-@^\^D\0\0\^R"...,16384) = 16384 (0x4000)
98975: read(4,"<`\^E\0\M-P\M-c\^?\M-@\^X\0\0\0"...,16384) = 16384 (0x4000)
98975: read(4,"\M-;\M^^\^E\0@\M-w_\M-@X\0\0\0"...,16384) = 16384 (0x4000)
98975: read(4,"a\M-]\^E\0\^P!U\M-@\M^B\0\0\0\^R"...,16384) = 16384 (0x4000)
98975: munmap(0x28185094,453623)                 = 0 (0x0)
98975: munmap(0x2818434c,1160)                   = 0 (0x0)
98975: SIGNAL 11 (SIGSEGV)
-----------------------------

root@zingel:/$ gdb fstat
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...(no debugging symbols found)...
(gdb) r -M /COPYRIGHT
Starting program: /usr/bin/fstat -M /COPYRIGHT
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x28084112 in _kvm_minidump_freevtop () from /lib/libkvm.so.4
(gdb) where
#0  0x28084112 in _kvm_minidump_freevtop () from /lib/libkvm.so.4
#1  0x2808452b in _kvm_kvatop () from /lib/libkvm.so.4
#2  0x28085087 in kvm_read () from /lib/libkvm.so.4
#3  0x280848f2 in _kvm_initvtop () from /lib/libkvm.so.4
#4  0x2808534a in kvm_read () from /lib/libkvm.so.4
#5  0x0804a5fa in ?? ()
#6  0x00000000 in ?? ()
#7  0xbfbfe3b8 in ?? ()
#8  0x00000000 in ?? ()
#9  0x00000000 in ?? ()
#10 0xbfbfe3b8 in ?? ()
....
#1475 0x00000000 in ?? ()
#1476 0x00000000 in ?? ()
#1477 0x00000000 in ?? ()
#1478 0x00000000 in ?? ()
#1479 0x00000000 in ?? ()
#1480 0x00000000 in ?? ()
#1481 0x00000000 in ?? ()
#1482 0x102454ff in ?? ()
#1483 0x2024448d in ?? ()
#1484 0x5440f750 in ?? ()
#1485 0x00020000 in ?? ()
#1486 0x688e0375 in ?? ()
#1487 0x01a1b814 in ?? ()
#1488 0xcd500000 in ?? ()
#1489 0x90feeb80 in ?? ()
#1490 0x102454ff in ?? ()
#1491 0x1424448d in ?? ()
#1492 0x5440f750 in ?? ()
#1493 0x00020000 in ?? ()
#1494 0x688e0375 in ?? ()
#1495 0x0158b814 in ?? ()
#1496 0xcd500000 in ?? ()
#1497 0x90feeb80 in ?? ()
#1498 0xbfbfec30 in ?? ()
#1499 0x00000003 in ?? ()
#1500 0xbfbfec40 in ?? ()
#1501 0x0000001e in ?? ()
Error accessing memory address 0xbfc00000: Bad address.
(gdb) i r
eax            0x3a36   14902
ecx            0x48682e31       1214787121
edx            0x28300000       674234368
ebx            0x28087424       671642660
esp            0xbfbfe1e0       0xbfbfe1e0
ebp            0xbfbfe1f8       0xbfbfe1f8
esi            0x8e11ec 9310700
edi            0x0      0
eip            0x28084112       0x28084112
eflags         0x10202  66050
cs             0x33     51
ss             0x3b     59
ds             0x3b     59
es             0x3b     59
fs             0x3b     59
gs             0x1b     27

--------------------------


I thank you after
attention, all good.
>How-To-Repeat:
fstat -M /COPYRIGHT
>Fix:


>Release-Note:
>Audit-Trail:

From: Volker <volker@vwsoft.com>
To: bug-followup@FreeBSD.org, 666.root@gmail.com
Cc:  
Subject: Re: i386/120872: fstat exit on signall 11
Date: Wed, 20 Feb 2008 12:01:18 +0100

 Dmitry,
 
 from man fstat(1):
 SYNOPSIS
      fstat [-fmnv] [-M core] [-N system] [-p pid] [-u user] [file ...]
 
 when using the -M parameter, you should give it a core dump file, so
 it's not clear to me, if your example is wrong usage or you wanted to
 tell us something more.
 
 Clearly, it would be nice to have the fstat utility being either more
 flexible with wrong usage or giving a more meaningful error message.

From: Volker <volker@vwsoft.com>
To: Dmitry Andrianov <666.root@gmail.com>
Cc: bug-followup@FreeBSD.org
Subject: Re: i386/120872: fstat exit on signall 11
Date: Wed, 20 Feb 2008 17:03:24 +0100

 Dmitry,
 
 I still don't get the picutre. Can you try to explain what you are going
 to try? The -M parameter requires a core dump file to be given. If
 given, fstat tries to list you all opened files of a process at the time
 the process was getting killed.
 
 I agree, it's not nice to have it failing with a segfault but while
 looking at the code, I'm not quite sure if the error message can be
 changed easily.
 
 fstat needs to check if the file given as -M (core) is really a core
 dump file before it's getting processed. That's an extra sanity check
 that would be needed to suppress that message and fail with a better
 message earlier. I'll leave this to the developers if they'll implement
 that extra check and if it's possible to check that at all.
 
 PS: Please followup to the PR

From: Dmitry Andrianov <666.root@gmail.com>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: i386/120872: fstat exit on signall 11
Date: Wed, 20 Feb 2008 19:14:42 +0300

 I bequeathed already, but while why does not see to result. I will be at 
 home will write once again, if a result will be the same.
 
 Thk.

From: "Dmitry Andrianov" <666.root@gmail.com>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: i386/120872: fstat exit on signall 11
Date: Wed, 20 Feb 2008 18:56:07 +0300

 ------=_Part_22870_27418674.1203522967266
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline
 
 Possibly, followings lines to you it will be helped something:
 
 root@zingel:~$ fstat -M test.c
 Segmentation fault: 11
 root@zingel:~$ ls -al test.c
 -rw-r--r--  1 root  wheel   142B Jan 30 14:13 test.c
 root@zingel:~$ perl -e "print 'A' x45" > test1.c
 root@zingel:~$ fstat -M test1.c
 Segmentation fault: 11
 root@zingel:~$ ls -la test1.c
 -rw-r--r--  1 root  wheel   142B Feb 20 17:53 test1.c
 root@zingel:~$ cat > test2.c
 AAABBBCCCC
 ^C
 root@zingel:~$ fstat -M test2.c
 fstat: cannot read IdlePTD
 root@zingel:~$ ls -la test2.c
 -rw-r--r--  1 root  wheel    11B Feb 20 17:55 test2.c
 
 In all good.
 
 -- 
 Dmitry A.
 
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mQCNA0ag7M8AAAEEAK/SJGU4h8U7SJ1uI2wYJIO5HsaOgsu5jZaCNGc0iTkawUei
 kF8vxD0q8FJvMGI5dFgRM6t/2OkX+RAq7au8UJC7psygZ54qV1mQ9tq46LJWLYg5
 pPsRAkPxJdmnwx4eqCZ8sXtizcUS1ySSn1ofNUMsYHR1hYI1W/xAuzQKwMNVAAUR
 tChEbWl0cnkgQS4gQW5kcmlhbm92IDw2NjYucm9vdEBnbWFpbC5jb20+iQCVAwUQ
 RqDsz/xAuzQKwMNVAQFcKQP/Tb8dFC4/5lT3o3l1FE1H+HR8cXEQW2c4ybXqgISd
 5v2Ye+MZrY5Xl48FWM7MV7SkwjSVqkG/EOvVo6tVn1q8tphIdvhFHnGCoM0uB6PL
 zHDd7KI3uCVXIbaB+k5ob8u92IM4owMbyE7KLkc5FEtApyS9KZ5co07QZHZT+8G6
 kTE==Nw9e
 -----END PGP PUBLIC KEY BLOCK-----
 
From: "Dmitry Andrianov" <666.root@gmail.com>
To: bug-followup@freebsd.org
Cc:  
Subject: Re: i386/120872: fstat exit on signall 11
Date: Thu, 21 Feb 2008 07:04:31 +0200

 ------=_Part_1623_24327854.1203570271951
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline
 
 I thought at first, that problem in  kern.coredump: 0
 
 
 root@zingel:~$ sysctl -a | grep core
 kern.corefile: %N.core
 kern.nodump_coredump: 0
 kern.coredump: 0
 kern.sugid_coredump: 0
 debug.elf32_legacy_coredump: 0
 
 but after setting of values on initial, a situation did not change, I will
 make attempt get a core-file and test this command on it.
 I found out this error quite by chance, entangling command parameters, such
 situation does not interfere with me, but so being does not must.
 I am afraid that bad uncles can take advantage of such error and I reported
 here =)
 
 I will answer after testing of this error.
 
 -- 
 Dmitry A.
 
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mQCNA0ag7M8AAAEEAK/SJGU4h8U7SJ1uI2wYJIO5HsaOgsu5jZaCNGc0iTkawUei
 kF8vxD0q8FJvMGI5dFgRM6t/2OkX+RAq7au8UJC7psygZ54qV1mQ9tq46LJWLYg5
 pPsRAkPxJdmnwx4eqCZ8sXtizcUS1ySSn1ofNUMsYHR1hYI1W/xAuzQKwMNVAAUR
 tChEbWl0cnkgQS4gQW5kcmlhbm92IDw2NjYucm9vdEBnbWFpbC5jb20+iQCVAwUQ
 RqDsz/xAuzQKwMNVAQFcKQP/Tb8dFC4/5lT3o3l1FE1H+HR8cXEQW2c4ybXqgISd
 5v2Ye+MZrY5Xl48FWM7MV7SkwjSVqkG/EOvVo6tVn1q8tphIdvhFHnGCoM0uB6PL
 zHDd7KI3uCVXIbaB+k5ob8u92IM4owMbyE7KLkc5FEtApyS9KZ5co07QZHZT+8G6
 kTE==Nw9e
 -----END PGP PUBLIC KEY BLOCK-----

From: "Alexander V. Chernikov" <admin@su29.net>
To: bug-followup@FreeBSD.org, 666.root@gmail.com
Cc:  
Subject: Re: i386/120872: fstat exit on signall 11
Date: Sat, 23 Feb 2008 18:26:52 +0300

 This is a multi-part message in MIME format.
 --------------090107020803020707010507
 Content-Type: text/plain; charset=KOI8-R; format=flowed
 Content-Transfer-Encoding: 7bit
 
 The following patch fixes an issue on i386/amd64 platforms
 
 kvm_checkheader is a simple cut-n-paste from imgact_elf.c check_header
 
 
 
 --------------090107020803020707010507
 Content-Type: text/plain;
  name="kvm_elf2.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="kvm_elf2.diff"
 
 diff -urN lib/libkvm.orig/kvm.c lib/libkvm/kvm.c
 --- lib/libkvm.orig/kvm.c	2008-02-23 17:48:27.000000000 +0300
 +++ lib/libkvm/kvm.c	2008-02-23 17:48:33.000000000 +0300
 @@ -64,6 +64,8 @@
  #include <string.h>
  #include <unistd.h>
  
 +#include <machine/elf.h>
 +
  #include "kvm_private.h"
  
  /* from src/lib/libc/gen/nlist.c */
 @@ -136,6 +138,21 @@
  	return (p);
  }
  
 +int
 +_kvm_checkheader(void *e)
 +{
 +  	Elf_Ehdr *hdr = e;
 +	if (!IS_ELF(*hdr) ||
 +	    hdr->e_ident[EI_CLASS] != ELF_TARG_CLASS ||
 +	    hdr->e_ident[EI_DATA] != ELF_TARG_DATA ||
 +	    hdr->e_ident[EI_VERSION] != EV_CURRENT ||
 +	    hdr->e_phentsize != sizeof(Elf_Phdr) ||
 +	    hdr->e_version != ELF_TARG_VER ||
 +	    hdr->e_machine > MAX_BRANDS)
 +		return (ENOEXEC);
 +return (0);
 +}
 +
  static kvm_t *
  _kvm_open(kd, uf, mf, flag, errout)
  	kvm_t *kd;
 diff -urN lib/libkvm.orig/kvm_amd64.c lib/libkvm/kvm_amd64.c
 --- lib/libkvm.orig/kvm_amd64.c	2008-02-23 17:48:27.000000000 +0300
 +++ lib/libkvm/kvm_amd64.c	2008-02-23 17:51:27.000000000 +0300
 @@ -170,6 +170,11 @@
  			return (-1);
  
  		ehdr = kd->vmst->mmapbase;
 +		if (_kvm_checkheader(ehdr) != 0) {
 +			_kvm_err(kd, kd->program, "core is not valid ELF core");
 +			return (-1);
 +		}
 +
  		hdrsz = ehdr->e_phoff + ehdr->e_phentsize * ehdr->e_phnum;
  		if (_kvm_maphdrs(kd, hdrsz) == -1)
  			return (-1);
 diff -urN lib/libkvm.orig/kvm_i386.c lib/libkvm/kvm_i386.c
 --- lib/libkvm.orig/kvm_i386.c	2008-02-23 17:51:03.000000000 +0300
 +++ lib/libkvm/kvm_i386.c	2008-02-23 17:51:14.000000000 +0300
 @@ -177,6 +177,11 @@
  			return (-1);
  
  		ehdr = kd->vmst->mmapbase;
 +		if (_kvm_checkheader(ehdr) != 0) {
 +			_kvm_err(kd, kd->program, "core is not valid ELF core");
 +			return (-1);
 +		}
 +
  		hdrsz = ehdr->e_phoff + ehdr->e_phentsize * ehdr->e_phnum;
  		if (_kvm_maphdrs(kd, hdrsz) == -1)
  			return (-1);
 diff -urN lib/libkvm.orig/kvm_private.h lib/libkvm/kvm_private.h
 --- lib/libkvm.orig/kvm_private.h	2008-02-23 17:48:28.000000000 +0300
 +++ lib/libkvm/kvm_private.h	2008-02-23 17:48:33.000000000 +0300
 @@ -79,6 +79,9 @@
  	    __printflike(3, 4);
  int	 _kvm_uvatop(kvm_t *, const struct proc *, u_long, u_long *);
  
 +#define MAX_BRANDS	8 /* from sys/imgact_elf.h */
 +int	 _kvm_checkheader(void *);
 +
  #if defined(__amd64__) || defined(__i386__)
  void	 _kvm_minidump_freevtop(kvm_t *);
  int	 _kvm_minidump_initvtop(kvm_t *);
 
 --------------090107020803020707010507--
 
Responsible-Changed-From-To: freebsd-i386->freebsd-bugs 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sun Mar 2 06:15:36 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=120872 
State-Changed-From-To: open->feedback 
State-Changed-By: jh 
State-Changed-When: Fri Oct 15 08:10:49 UTC 2010 
State-Changed-Why:  
Is this still a problem on 8.1? 


Responsible-Changed-From-To: freebsd-bugs->jh 
Responsible-Changed-By: jh 
Responsible-Changed-When: Fri Oct 15 08:10:49 UTC 2010 
Responsible-Changed-Why:  
Track. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=120872 
State-Changed-From-To: feedback->open 
State-Changed-By: jh 
State-Changed-When: Fri Oct 15 09:14:12 UTC 2010 
State-Changed-Why:  
Still a problem on 8-STABLE. 


Responsible-Changed-From-To: jh->freebsd-bugs 
Responsible-Changed-By: jh 
Responsible-Changed-When: Fri Oct 15 09:14:12 UTC 2010 
Responsible-Changed-Why:  
Back to pool. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=120872 
>Unformatted:
