review.tizen.org Git - platform/upstream/elfutils.git/log

libelf: Check for mremap, elf_update needs it for ELF_C_RDWR_MMAP

Add a AC_CHECK_FUNCS configure check for mremap. Some systems like
KFreeBSD and the Hurd don't have it. Also add a configure warning
because without mremap elf_update will often fail when ELF_C_RDWR_MMAP
is used. ELF_C_RDWR_MMAP is an elfutils extension to libelf.

https://sourceware.org/bugzilla/show_bug.cgi?id=27337

Signed-off-by: Mark Wielaard <mark@klomp.org>

elfclassify: Fix --no-stdin flag

The no-stdin option was using the wrong flag, classify_flag_stdin,
instead of classify_flag_no_stdin.

https://sourceware.org/bugzilla/show_bug.cgi?id=28724

Signed-off-by: Mark Wielaard <mark@klomp.org>

debuginfod: Use MHD_USE_ITC in MHD_start_daemon flags

This prevents the "Server reached connection limit. Closing inbound
connection." issue we have been seeing in the
run-debuginfod-webapi-concurrency.sh testcase. From the manual:

    If the connection limit is reached, MHD’s behavior depends a bit
    on other options. If MHD_USE_ITC was given, MHD will stop
    accepting connections on the listen socket. This will cause the
    operating system to queue connections (up to the listen() limit)
    above the connection limit. Those connections will be held until
    MHD is done processing at least one of the active connections. If
    MHD_USE_ITC is not set, then MHD will continue to accept() and
    immediately close() these connections.

https://sourceware.org/bugzilla/show_bug.cgi?id=28708

Signed-off-by: Mark Wielaard <mark@klomp.org>

tests: Lower parallel lookups in run-debuginfod-webapi-concurrency.sh

With 100 parallel lookups we sometimes see:
Server reached connection limit. Closing inbound connection.

Lower parallel lookups to 64

Signed-off-by: Mark Wielaard <mark@klomp.org>

config: simplify profile.*sh.in

1. Simplify needless sh -c "cat glob 2>/dev/null"
into cat glob 2>/dev/null under sh
and fix re-expansion/-e protection under csh
2. Use $( instead of ` under sh
3. Assign to DEBUGINFOD_URLS directly and either export it or unset it

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>

readelf: Define dyn_mem outside the while loop.

The GCC address sanitizer might complain otherwise:
stack-use-after-scope src/readelf.c:1787 in get_dyn_ents

Signed-off-by: Mark Wielaard <mark@klomp.org>

readelf: Don't consider padding DT_NULL as dynamic section entry

when using `$ eu-readelf -d {FILE}` to get the number of dynamic
section entris, it wrongly counts the padding DT_NULLs as dynamic
section entries. However, DT_NULL Marks end of dynamic section.
They should not be considered as dynamic section entries.

https://sourceware.org/bugzilla/show_bug.cgi?id=28928

Signed-off-by: Di Chen <dichen@redhat.com>

libdw: Remove unused atomics.h include from libdwP.h

Signed-off-by: Mark Wielaard <mark@klomp.org>

tests: Don't try to corrupt sqlite database during test.

In run-debuginfod-federation-sqlite.sh we used to try to corrupt
the sqlite database while the debuginfod server was running and
check it detected errors, but that was unreliably and slightly
dangerous since part of the database was already mapped into memory.
Instead trigger some some random activity, then trigger a shutdown.

Signed-off-by: Mark Wielaard <mark@klomp.org>

PR29022: 000-permissions files cause problems for backups

000-permission files currently used for negative caching can cause
permission problems for some backup software and disk usage checkers.
Fix this by using empty files for negative caching instead.

Also use each empty file's mtime to determine the time since
last download attempt instead of the cache_miss_s file's mtime.

https://sourceware.org/bugzilla/show_bug.cgi?id=29022

Tested-by: Milian Wolff <mail@milianw.de>
Signed-off-by: Aaron Merey <amerey@redhat.com>

libdw: Add DWARF5 package file section identifiers, DW_SECT_*

This only adds the constants. There is no handling of DWARF
package file (dwp) files for now.

https://sourceware.org/bugzilla/show_bug.cgi?id=29048

Signed-off-by: Mark Wielaard <mark@klomp.org>

config: Add versioned requires on libs/libelf for debuginfod-client

elfutils-debuginfod-client contains the debuginfod-client binary
which is uses libelf and libdw. Add explicit versioned requires
on elfutils-libs and elfutils-libelf so they will always be in sync
like done with all other inter sub package dependencies.

Signed-off-by: Mark Wielaard <mark@klomp.org>

debuginfod: Include "IPv4 IPv6" in server startup message

At startup debuginfod prints a message indicating the port which the
server is listening to.  Prior to commit 4e4082be03 this message would
include "IPv4" and/or "IPv6"

    [...] (48671/48671): started http server on IPv4 IPv6 port=8002

As of commit 4e4082be03 the IP versions have been removed from this
message.  This change can cause issues in any applications that
parse the message for this information.  Fix this by adding
"IPv4 IPv6" back to the message.

Signed-off-by: Aaron Merey <amerey@redhat.com>

libelf: Return already gotten Elf_Data from elf_getdata_rawchunk

elf_getdata_rawchunk keeps a list of Elf_Data_Chunk to track which
Elf_Data structures have already been requested. This allows elf_end
to clean up all internal data structures and the Elf_Data d_buf if
it was malloced.

But it didn't check if a chunk was already requested earlier. This
meant that if for example dwelf_elf_gnu_build_id was called multiple
times to lookup a build-id from the phdrs a new Elf_Data_Chunk was
created. This could slowly leak memory.

So also keep track of the offset from which the size and type of
the rawdata was requested so we can return existing data if it is
requested multiple times.

Note that the current cache is a simple linked list but the chain
is normally not that long. It is normally used to get chunks from
the phdrs, and there are normally less than 10.

Signed-off-by: Mark Wielaard <mark@klomp.org>

debuginfod: use single ipv4+ipv6 microhttpd daemon configuration

Use a single MHD_USE_DUAL_STACK mhd daemon. This way, the thread
connection pool is not doubled, saving memory and better matching user
expectations. A slight tweak to logging is required to pull IPv4
remote addresses back out, and also to allow IPv6 ::-laden address
forwarding through federation links.

Signed-off-by: Frank Ch. Eigler <fche@redhat.com>

PR28708: debuginfod: use MHD_USE_EPOLL for microhttpd threads

Testing on s390x and other architectures indicates that this
configuration reduces thundering-herd wakeups and saturation of a
small number of threads. The run-debuginfod-webapi-concurrency.sh
test appears solid now.

Signed-off-by: Frank Ch. Eigler <fche@redhat.com>

libelf: Also copy/convert partial datastructures in xlate functions

The generated xlate functions can only convert full datastructures,
dropping any trailing partial data on the floor. That means some of
the data might be undefined. Just copy over the trailing bytes as
is. That data isn't really usable. But at least it is defined data.

https://sourceware.org/bugzilla/show_bug.cgi?id=29000

Signed-off-by: Mark Wielaard <mark@klomp.org>

Introduce error_exit as a noreturn variant of error (EXIT_FAILURE, ...)

error (EXIT_FAILURE, ...) should be noreturn but on some systems it
isn't.  This may cause warnings about code that should not be
reachable.  So have an explicit error_exit wrapper that is noreturn
(because it calls exit explicitly).  Use error_exit in all tools under
the src directory.

https://bugzilla.redhat.com/show_bug.cgi?id=2068692

Signed-off-by: Mark Wielaard <mark@klomp.org>

elflint: Recognize NT_FDO_PACKAGING_METADATA

Signed-off-by: Mark Wielaard <mark@klomp.org>

libebl: recognize FDO Packaging Metadata ELF note

As defined on: https://systemd.io/COREDUMP_PACKAGE_METADATA/
this note will be used starting from Fedora 36. Allow
readelf --notes to pretty print it:

Note section [ 3] '.note.package' of 76 bytes at offset 0x2e8:
  Owner          Data size  Type
  FDO                   57  FDO_PACKAGING_METADATA
    Packaging Metadata: {"type":"deb","name":"fsverity-utils","version":"1.3-1"}

Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>

libelf: Sync elf.h from glibc.

Adds EM_INTELGT, NT_ARM_TAGGED_ADDR_CTRL, NT_ARM_PAC_ENABLED_KEYS,
ELF_NOTE_FDO, NT_FDO_PACKAGING_METADATA and OpenRISC 1000 specific
relocs.

It also adds and renames some GNU_PROPERTY constants. But none of the
constants the elfutils code uses was renamed or given a different
constant value.

dwelf_elf_e_machine_string was updated to handle EM_INTELGT.

Signed-off-by: Mark Wielaard <mark@klomp.org>

configure: Don't check whether -m64 works for 32bit host biarch check

Running a 32bit backtrace test against a 64bit binary doesn't work.
Only a 64bit binary can backtrace a 32bit binary. So disable the
biarch check that inserts -m64 for a 32bit host.

https://sourceware.org/bugzilla/show_bug.cgi?id=24158

Signed-off-by: Mark Wielaard <mark@klomp.org>

tests: Check addsections test binary is 64bit for run-large-elf-file.sh

The test binary should be 64bit to be able to create 4GB, or larger,
ELF files.

https://sourceware.org/bugzilla/show_bug.cgi?id=28975

Signed-off-by: Mark Wielaard <mark@klomp.org>

libelf: Correct alignment of ELF_T_GNUHASH data for ELFCLASS64

ELF_T_GNUHASH data is just 32bit words for ELFCLASS32. But for
ELFCLASS64 it is a mix of 32bit and 64bit words. In the
elf_cvt_gnuhash function we rely on the alignment of the whole to be
64bit word aligned, even though the first 4 words are
32bits. Otherwise we might try to convert an unaligned 64bit word.

Signed-off-by: Mark Wielaard <mark@klomp.org>

libelf: Don't overflow offsets in elf_cvt_Verneed and elf_cvt_Verdef

The conversion functions for Verdef and Verneed keep offsets to the next
structure. Make sure that following vd_aux, vda_next, vd_next, vn_aux,
vna_next and vn_next don't overflow (and wrap around) the offsets.

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Use memcpy to assign image header field values

The values in the kernel image header aren't properly aligned.
Use memcpy and the LE16, LE32 macros to assign and check the
values.

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Close ar members when they cannot be processed.

When reporting ar members they should be closed when they cannot
be processed. A comment in offline.c said that process_file called
elf_end if it returned NULL. But this is incorrect. And other places
that call process_file do call elf_end explicitly when it returns
NULL.

Signed-off-by: Mark Wielaard <mark@klomp.org>

libelf: Check alignment of Verdef, Verdaux, Verneed and Vernaux offsets

The Verdef, Verdaux, Verneed and Vernaux structures contain fields
which point to the next structures. Make sure these offsets are
correctly aligned for the structures they point to.

Signed-off-by: Mark Wielaard <mark@klomp.org>

libelf: Make sure ar_size starts with a digit before calling atol.

The ar_size field is a 10 character string, not zero terminated, of
decimal digits right padded with spaces. Make sure it actually starts
with a digit before calling atol on it. We already make sure it is
zero terminated. Otherwise atol might produce unexpected results.

Signed-off-by: Mark Wielaard <mark@klomp.org>

libelf: Take map offset into account for Shdr alignment check in elf_begin

The sh_num function tries to get at the zero section Shdr directly.
When the file is mmapped it has to make sure the offset into the file
to the start of the Elf structure is taken into account when trying to
cast the address to make sure the alignment is correct.

Signed-off-by: Mark Wielaard <mark@klomp.org>

configure: Use AS_HELP_STRING instead of AC_HELP_STRING.

In most places we already used AS_HELP_STRING. A few places used
AC_HELP_STRING. Which has been deprecated for a long time. Use
AS_HELP_STRING instead of AC_HELP_STRING everywhere.

Signed-off-by: Mark Wielaard <mark@klomp.org>

addr2line: Make --absolute the default, add --relative option.

Make --absolute (including the compilation directory in file names)
the default and add a new option --relative to get the previous
default behavior.

https://www.sourceware.org/bugzilla/show_bug.cgi?id=28951

Signed-off-by: Mark Wielaard <mark@klomp.org>

configure: Test for _FORTIFY_SOURCE=3 support.

_FORTIFY_SOURCE=3 adds extra glibc (dynamic) fortification checks
when using GCC 12.

This adds a configure check to see if -D_FORTIFY_SOURCE=3 can be used.
If not, configure will fall back to -D_FORTIFY_SOURCE=2.

On some older glibc versions (glibc 2.17) using -D_FORTIFY_SOURCE=3
provides the same fortification as _FORTIFY_SOURCE=2. On some newer
glibc versions and older GCC (glibc 2.34 amd gcc 11) using
-D_FORTIFY_SOURCE=3 produces a not supported warning (and we fall
back to -D_FORTIFY_SOURCE=2). With newer glibc and newer GCC versions
(glibc 2.35 and gcc 12) -D_FORTIFY_SOURCE=3 will use the newer dynamic
fortification checks.

This patch also makes sure that AC_PROG_CXX is used earlier so that
CXXFLAGS is always setup correctly (even if we then don't use it).
And it outputs both the CFLAGS and CXXFLAGS as used at the end.

Signed-off-by: Mark Wielaard <mark@klomp.org>

backends: Use PTRACE_GETREGSET for ppc_set_initial_registers_tid

The code in ppc_initreg.c used PTRACE_PEEKUSER to fetch all registers
one by one. Which is slightly inefficient. It did this because it wanted
things to work on linux 2.6.18 which didn't support PTRACE_GETREGSET.

PTRACE_GETREGSET was only officially since 2.6.34 (but backported
to some earlier versions). It seems ok to require a linux kernel that
supports PTRACE_GETREGSET now. This is much more efficient since it
takes just one ptrace call instead of 44 calls to fetch each register
individually.

For some really old versions we need to include <linux/ptrace.h> to
get PTRACE_GETREGSET defined. And on ppc64 there is no 32bit version
of struct pt_regs available, so we define that ourselves and check
how much data is returned to know whether this is a full pt_regs or
one for a 32bit process. An alternative would be to use the raw
iov_base bytes with 64bit or 32bit offset constants to get at the
registers instead of using a struct with names.

The code works for inspecting a 32bit process from a 64bit build,
but not the other way around (the previous code also didn't). This
could work if we also defined and used a 64bit pt_regs struct on
ppc32. But it seems a use case that is not really used (it was hard
enough finding ppc32 setups to test this on).

Tested against ppc and ppc64 on linux 2.6.32 and glibc 2.12 and
ppc and ppc64 on linux 3.10.0 with glibc 2.17.

Signed-off-by: Mark Wielaard <mark@klomp.org>

man debuginfod-client-config.7: Elaborate $DEBUGINFOD_URLS

Add reference to /etc/profile.d and /etc/debuginfod/*.urls as possible
source of default. (No need to autoconf @prefix@ it, these paths are
customarily distro standard rather than elfutils configurables.)
Drop warning about federation loops, due to protection via PR27917 (0.186).

Signed-off-by: Frank Ch. Eigler <fche@redhat.com>

libdwfl: Declare possible zero sized arrays only when non-zero

The gcc undefined sanitizer complains when seeing a zero sized array
declaration. Move the declaration to the point in the code where we
know they aren't zero sized.

https://sourceware.org/bugzilla/show_bug.cgi?id=28720

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Handle unaligned Dyns in dwfl_segment_report_module

The xlate functions only handle correctly aligned buffers. But they do
handle src == dest. So if the source buffer isn't aligned correctly
just copy it first into the destination (which is already correctly
aligned).

https://sourceware.org/bugzilla/show_bug.cgi?id=28720

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Fix overflow check in link_map.c read_addrs

The buffer_available overflow check wasn't complete. Also check nb
isn't too big.

https://sourceware.org/bugzilla/show_bug.cgi?id=28720

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Calculate addr to read by hand in link_map.c read_addrs.

The gcc undefined sanitizer doesn't like the trick we use to calculate
the (possibly) unaligned addresses to read. So calculate them by hand
as unsigned char pointers.

https://sourceware.org/bugzilla/show_bug.cgi?id=28720

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Call xlatetom on aligned buffers in dwfl_link_map_report

Make sure that when calling xlatetom for Phdrs and Dyns in
dwfl_link_map_report the input buffer is correctly aligned by calling
memcpy and setting in.d_buf to out.d_buf.

https://sourceware.org/bugzilla/show_bug.cgi?id=28720

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Make sure dwfl_elf_phdr_memory_callback returns at least minread

The callers of dwfl_elf_phdr_memory_callback assume at least minread
bytes are read and available. Make sure to check start is smaller than
elf->maximum_size before reading more. Return false if end - start is
smaller than minread.

Found by afl-fuzz.

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Always clean up build_id.memory

There was a small memory leak if an error was detected in some places
in dwfl_segment_report_module after the build_id.memory was alredy
allocated. Fix this by moving initialization of struct elf_build_id
early and always free the memory, if not NULL, at exit.

https://sourceware.org/bugzilla/show_bug.cgi?id=28685

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Handle unaligned Nhdr in dwfl_segment_report_module

The xlate functions only handle correctly aligned buffers. But they do
handle src == dest. So if the source buffer isn't aligned correctly
just copy it first into the destination (which is already correctly
aligned).

https://sourceware.org/bugzilla/show_bug.cgi?id=28715

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Handle unaligned Phdr in dwfl_segment_report_module

The xlate functions only handle correctly aligned buffers. But they do
handle src == dest. So if the source buffer isn't aligned correctly
just copy it first into the destination (which is already correctly
aligned).

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Handle unaligned Ehdr in dwfl_segment_report_module

The xlate functions only handle correctly aligned buffers. But they do
handle src == dest. So if the source buffer isn't aligned correctly
just copy it first into the destination (which is already correctly
aligned).

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Rewrite GElf_Nhdr reading in dwfl_segment_report_module

Make sure that the notes filesz is not too big. Rewrite reading of the
notes to check for overflow at every step. Also limit the size of the
buildid bytes.

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Make sure dyn_filesz has a sane size

In dwfl_segment_report_module dyn_filesz should be able to hold at
least one Elf_Dyn element, and not be larger than possible.

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Make sure that ph_buffer_size has room for at least one phdr

dwfl_segment_report_module might otherwise try to handle half a phdr
taking the other half from after the buffer.

Signed-off-by: Mark Wielaard <mark@klomp.org>

libelf: Only set shdr state when there is at least one shdr

The elf shdr state only needs to be set when scncnt is at least
one. Otherwise e_shoff can be bogus. Also use unsigned arithmetic for
checking e_shoff alignment.

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Make sure the note len increases each iteration

In dwfl_segment_report_module we have an overflow check when reading
notes, but we could still not make any progress if the number of bytes
read (len) didn't increase at all. Check len > last_len.

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Make dwfl_segment_report_module aware of maximum Elf size

At the end of dwfl_segment_report_module we might try to read in
the whole contents described by a core file. To do this we first
allocate a zeroed block of memory that is as big as possible. The
core file however may describe much more loaded data than is actually
available in the Elf image. So pass the maximum size so we can
limit the amount of memory we reserve.

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Make sure note data is properly aligned.

In dwfl_segment_report_module the note data might not be properly
aligned. Check that it is before accessing the data directly.
Otherwise convert data so it is properly aligned.

Also fix NOTE_ALIGN4 and NOTE_ALIGN8 to work correctly with long
types.

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Make sure there is at least one phdr

The buffer read in needs to contain room for at least one Phdr.

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Make sure there is at least one dynamic entry

The buffer read in needs to contain room for at least one Elf32_Dyn or
Elf64_Dyn entry.

Signed-off-by: Mark Wielaard <mark@klomp.org>

tests: Use /bin/sh instead of /bin/ls as always there binary

run-debuginfod-query-retry.sh would fail when /bin/ls wasn't available.
Use /bin/sh instead which really is always available.

GNU Guix doesn't have any other standard binary in /bin except for sh.

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Add overflow check while iterating in dwfl_segment_report_module

While iterating the notes we could overflow the len variable if the
note name or description was too big. Fix this by adding an (unsigned)
overflow check.

https://sourceware.org/bugzilla/show_bug.cgi?id=28654

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Make sure phent is sane and there is at least one phdr

dwfl_link_map_report can only handle program headers that are the
correct (32 or 64 bit) size. The buffer read in needs to contain room
for at least one Phdr.

https://sourceware.org/bugzilla/show_bug.cgi?id=28660

Signed-off-by: Mark Wielaard <mark@klomp.org>

libelf: Use offsetof to get field of unaligned

gcc undefined sanitizer flags:

elf_begin.c:230:18: runtime error: member access within misaligned
address 0xf796400a for type 'struct Elf64_Shdr', which requires 4 byte
alignment struct.

We aren't actually accessing the field member of the struct, but are
taking the address of it. Which the compiler can take as a hint that
the address is correctly aligned. But we can do the same by adding
the field offsetof to the base address. Which doesn't trigger a
runtime error.

Signed-off-by: Mark Wielaard <mark@klomp.org>

debuginfod/debuginfod-client.c: use long for cache time configurations

time_t is platform dependent and some of architectures e.g.
x32, riscv32, arc use 64bit time_t even while they are 32bit
architectures, therefore directly using integer printf formats will not
work portably.

Use a plain long everywhere as the intervals are small enough
that it will not be problematic.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>

libdwfl: Don't allocate more than SIZE_MAX in dwfl_segment_report_module.

The code in dwfl_segment_report_module tries to allocate and fill in
memory as described in a core file. Normally all memory in filled in
through the (phdrs) memory_callback or the read_eagerly callback. If
the last callback doesn't work we try to calloc file_trimmed_end bytes
and then try to fill in the parts of memory we can from the core file
at the correct offsets.

file_trimmed_end is a GElf_Off which is an unsigned 64bit type. On
32bit systems this means when cast to a size_t to do an allocation
might allocate truncated (much smaller) value. So make sure to not
allocate more than SIZE_MAX bytes.

It would be nice to have a better way to limit the amount of memory
allocated here. A core file might describe really big memory areas for
which it doesn't provide any data. In that case we really shouldn't
calloc mega- or giga-bytes of zeroed out memory.

Reported-by: Evgeny Vereshchagin <evvers@ya.ru>
Signed-off-by: Mark Wielaard <mark@klomp.org>

PR28661: debuginfo connection thread pool support

Add an option -C, which activates libmicrohttpd's thread-pool mode for
handling incoming http connections.  Add libmicrohttpd error-logging
callback function so as to receive indication of its internal errors,
and relay counts to our metrics.  Some of these internal errors tipped
us off to a microhttpd bug that thread pooling works around.  Document
in debuginfod.8 page.  Hand-tested against "ulimit -u NNN" shells, and
with a less strenuous new test case.

Signed-off-by: Frank Ch. Eigler <fche@redhat.com>

libdwfl: Don't try to convert too many dyns in dwfl_link_map_report

When trying to read (corrupt) dynamic entries from a core file we only
want to read and convert the entries we could read. Also make sure we
don't try to allocate too bug a buffer.

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Don't install an Elf handle in a Dwfl_Module twice

dwfl_segment_report_module can be called with the same module
name, start and end address twice (probably because of a corrupt
core file). In that case don't override the main.elf handle if
it already exists.

https://sourceware.org/bugzilla/show_bug.cgi?id=28655

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Don't trust e_shentsize in dwfl_segment_report_module

When calulating the possible section header table end us the actual size
of the section headers (sizeof (Elf32_Shdr) or sizeof (Elf64_Shdr)),
not the ELF header e_shentsize value, which can be corrupted. This
prevents a posssible overflow, but we check the shdrs_end is sane
later anyway.

https://sourceware.org/bugzilla/show_bug.cgi?id=28659

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Make sure we know the phdr entry size before searching phdrs.

Without the program header entry size we cannot search through the
phdrs.

https://sourceware.org/bugzilla/show_bug.cgi?id=28657

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Don't try to convert too many bytes in dwfl_link_map_report

When trying to read (corrupt) phdrs from a core file we only want
to read and convert the bytes we could read. Also make sure we don't
try to allocate too big buffers.

https://sourceware.org/bugzilla/show_bug.cgi?id=28666

Signed-off-by: Mark Wielaard <mark@klomp.org>

debuginfod: Don't format clog using 'right' or 'setw(20)'.

Keep the logs just plain unformatted text.

This really is a workaround for an apparent bug with gcc 8.3
-fsanitizer=undefined on arm32, which complains about the
'right' formatter:

debuginfod.cxx:3472:12: runtime error: reference binding to
misaligned address 0x00561ec9 for type '<unknown>', which
requires 2 byte alignment

Signed-off-by: Mark Wielaard <mark@klomp.org>

configure: Add --enable-sanitize-address

--enable-sanitize-address makes sure that all code is compiled with
-fsanitizer=address and all tests run against libasan.

It can be combined with --enable-sanitize-undefined, but not with
--enable-valgrind.

In maintainer mode there is one program that causes leaks, i386_gendis,
so disable leak detection for that program.

One testcase, test_nlist, needs special linker flags, make sure it also
uses -fsanitizer=address when using the address sanitizer.

Signed-off-by: Mark Wielaard <mark@klomp.org>

debuginfod: Fix debuginfod_pool leak

gcc address sanitizer detected a dangling debuginfod_client handler
when debuginfod exits. Make sure to groom the debuginfod client pool
before exit after all threads are done.

Signed-off-by: Mark Wielaard <mark@klomp.org>

tests: varlocs workaround format-overflow errors

In function ‘printf’,
inlined from ‘handle_attr’ at varlocs.c:932:3:
error: ‘%s’ directive argument is null [-Werror=format-overflow=]

The warning is technically correct. A %s argument should not be
NULL. Although in practice all implementations will print it as
"(null)". Workaround this by simply changing the dwarf string
functions to return an "<unknown>" string. The test is for the correct
names, either "(null)" or "<unknown>" would make it fail (also remove
a now unnecessary assert, the switch statement will check for unknown
opcodes anyway).

Signed-off-by: Mark Wielaard <mark@klomp.org>

readelf: Workaround stringop-truncation error

In function ‘strncpy’,
inlined from ‘print_ehdr’ at readelf.c:1175:4:
error: ‘__builtin_strncpy’ specified bound 512 equals destination size
[-Werror=stringop-truncation]

strncpy doesn't terminate the copied string if there is not enough
room. We compensate later by explicitly adding a zero terminator at
buf[sizeof (buf) - 1]. Normally gcc does see this, but with
-fsanitize=address there is too much (checking) code in between. But
it is actually better to not let strncpy do too much work, so
substract one from the size.

Signed-off-by: Mark Wielaard <mark@klomp.org>

debuginfod: Check result of calling MHD_add_response_header.

Although unlikely the MHD_add_response_header can fail for
various reasons. If it fails something odd is going on.
So check we can actually add a response header and log an
error if we cannot.

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdwfl: Don't read beyond end of file in dwfl_segment_report_module

The ELF might not be fully mapped into memory (which probably means
the phdrs are bogus). Don't try to read beyond what we have in memory
already.

Reported-by: Evgeny Vereshchagin <evvers@ya.ru>
Signed-off-by: Mark Wielaard <mark@klomp.org>

debuginfod: correct concurrency bug in fdcache metrics

The intern() function called set_metrics() outside a necessary lock
being held. helgrind identified this race condition. No QA impact.

Signed-off-by: Frank Ch. Eigler <fche@redhat.com>

debuginfod: Clear and reset debuginfod_client winning_headers on reuse

gcc address sanitizer detected a leak of the debuginfod_client
winning_headers when the handle was reused. Make sure to free and
reset the winning_headers field before reuse.

Signed-off-by: Mark Wielaard <mark@klomp.org>

debuginfod: Fix some memory leaks on debuginfod-client error paths.

In a couple of places we might leak some memory when we encounter
an error. tmp_url might leak if realloc failed. escaped_string might
leak when setting up the data handle fails and we don't use it.
And one of the goto out1 should have been goto out2 to make sure
we release all allocated resources on exit (also updated a wrong
comment about that).

Signed-off-by: Mark Wielaard <mark@klomp.org>

debuginfod: sqlite3_sharedprefix_fn should not compare past end of string

gcc address sanitizer detected a read after the end of string in
sqlite3_sharedprefix_fn. Make sure to stop comparing the strings when
seeing the zero terminator.

Signed-off-by: Mark Wielaard <mark@klomp.org>

debuginfod: Use gmtime_r instead of gmtime to avoid data race

Since we are multi-threaded using gmtime might cause a data race
because gmtime reuses a global struct to write data into. Make
sure that each thread uses their own struct tm and use gmtime_r
instead.

Signed-off-by: Mark Wielaard <mark@klomp.org>

tests: Add -rdynamic to dwfl_proc_attach_LDFLAGS

dwfl-proc-attach uses (overrides) dlopen (so it does nothing). This
seems to cause a versioned dlopen symbol to be pulled in when building
with LTO. Resulting in a link failure (when dlopen isn't integrated
into libc):

/usr/bin/ld: dwfl-proc-attach.o (symbol from plugin): undefined
reference to symbol 'dlopen@@GLIBC_2.2.5'
/usr/bin/ld: /usr/lib64/libdl.so.2: error adding symbols: DSO missing
from command line collect2: error: ld returned 1 exit status

Add -rdynamic to the LDFLAGS to add all symbols to the dynamic symbol
table for dwfl-proc-attach.

Signed-off-by: Mark Wielaard <mark@klomp.org>

dwfl: fix potential overflow when reporting on kernel modules

dwfl_linux_kernel_report_modules_ has an outstanding ancient bug when
reading kernel module information from a modules list file. The target
buffer for the module name was sized too small to hold potential values.
Fix that by increasing the value to account for the null termination.

In practice, this unlikely ever happened, but it now got diagnosed by
LLVM as part of a stricter -Wfortify-source implementation [1]:

libdwfl/linux-kernel-modules.c:1019:7: error: 'sscanf' may overflow; destination buffer in argument 3 has size 128, but the corresponding specifier may require size 129 [-Werror,-Wfortify-source]
modname, &modsz, &modaddr) == 3)

[1] https://github.com/llvm/llvm-project/commit/2db66f8d48beeea835cb9a6940e25bc04ab5d941

Suggested-by: Paul Pluzhnikov <ppluzhnikov@google.com>
Signed-off-by: Matthias Maennich <maennich@google.com>

tests: Don't set DEBUGINFOD_TIMEOUT

Various tests set DEBUGINFOD_TIMEOUT to 10. Which is less than the default
of 90. None of the tests relied on a lower timeout. So just don't set it.

Signed-off-by: Mark Wielaard <mark@klomp.org>

debuginfod: fix compilation on platforms without <error.h>

"system.h" only declares the error() function, so it needs to be in an
'extern "C"' block, otherwise linking fails.

Since we are here, use quotes for "system.h" header, since it's a local
header, not a system one.

Signed-off-by: Érico Nogueira <erico.erc@gmail.com>

Prepare for 0.186

Set version to 0.186
Update NEWS and elfutils.spec.in
Regenerate po/*.po files

Signed-off-by: Mark Wielaard <mark@klomp.org>

PR28430: debuginfod: support --passive mode

Add support for a limited mode for debuginfod that uses a pure
read-only sqlite index. This mode is useful for load spreading based
on naively shared or replicated databases.

Signed-off-by: Frank Ch. Eigler <fche@redhat.com>

libdw, readelf: Read inlining info in NVIDIA extended line map

As of CUDA 11.2, NVIDIA added extensions to the line map section
of CUDA binaries to represent inlined functions. These extensions
include

- two new fields in a line table row to represent inline
   information: context, and functionname,

- two new DWARF extended opcodes: DW_LNE_NVIDIA_inlined_call,
   DW_LNE_NVIDIA_set_function_name,

- an additional word in the line table header that indicates
   the offset in the .debug_str function where the function
   names for this line table begin, and

A line table row for an inlined function contains a non-zero "context"
value. The “context” field indicates the index of the line table row
that serves as the call site for an inlined context.

The "functionname" field in a line table row is only meaningful if the
"context" field of the row is non-zero. A meaningful "functionname"
field contains an index into the .debug_str section relative to the
base offset established in the line table header; the position in the
.debug_str section indicates the name of the inlined function.

These extensions resemble the proposed DWARF extensions
(http://dwarfstd.org/ShowIssue.php?issue=140906.1) by Cary Coutant,
but are not identical.

This commit integrates support for handling NVIDIA's extended line
maps into elfutil's libdw library, by adding two functions
dwarf_linecontext and dwarf_linefunctionname, and the readelf
--debug-dump=line command line utility.

Signed-off-by: John M Mellor-Crummey <johnmc@rice.edu>
Signed-off-by: Mark Wielaard <mark@klomp.org>

libdw: dwarf_elf_begin should use either plain, dwo or lto DWARF sections.

When opening an ELF file that contained a mix of plain, dwo or lto .debug
sections the result could be confusing. Add a check to pick just the plain
.debug sections, or the .dwo sections or the .gnu.debuglto_.debug sections
(in that order of preference). That way there is always a consistent set.

https://sourceware.org/bugzilla/show_bug.cgi?id=27367

Signed-off-by: Mark Wielaard <mark@klomp.org>

Improve building with LTO

Use symver attribute for symbol versioning instead of .symver
assembler directive when available. Convert to use double @ syntax
for default version in all cases (required when using the attribute).

Add the attributes externally_visible, no_reorder if available when
using assembler directives to improve the situation for < gcc-10.
This is not 100% reliable, though; -flto-partition=none may still be
needed in some cases.

Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=24498
Signed-off-by: Alexander Miller <alex.miller@gmx.de>

PR28514: debuginfod: limit groom operation times

For large databases and many stale files, it was possible to starve
rescan operations by numerous groom "nuke" (database delete ops).
Under the theory that including new data is at least as important as
aging old, we now impose a rough deadline on groom queries.

In the process, we discovered that we were commiting some
undefined-behaviour sqlite ops (deleting rows while iterating), which
may explain some previous heisenbug occurrences. So the groom nuke
operations are split into decision & action phases, with associated
progress-tracking metrics.

Testing the timeout facility requires hand-testing beyond the
testsuite (since it requires LARGE databases to show measurable query
times). So confirmed this part by hand.

Signed-off-by: Frank Ch. Eigler <fche@redhat.com>

NEWS: make automake check-news / dist happy

automake's check-news option requires not too much new content
before a line that includes the current version number.

Signed-off-by: Frank Ch. Eigler <fche@redhat.com>

NEWS: list some 0.186 debuginfod client & server features

Signed-off-by: Frank Ch. Eigler <fche@redhat.com>

PR28240: debuginfod client root-safe negative caching

Negative cache (000-permission) files were incorrectly treated as
valid cached files for the root user, because root can open even
000-perm files without -EACCES.  Corrected this checking sequence.

Fixed the debuginfod testsuite to run to completion as root or
as an ordinary user, correcting corresponding permission checks:
    stat -c %A $FILE
is right and
    [ -w $FILE]  [ -r $FILE ]
were wrong.

Signed-off-by: Frank Ch. Eigler <fche@redhat.com>

libdw: Don't pass NULL to dwarf_peel_type

commit c3a6a9dfc "libdw: Use signedness of subrange type to
determine array bounds" introduced a type check on a DIE which
exposed a latent bug in the get_type function. Even if the type
of a DIE couldn't be determined it would call dwarf_peel_type
on it. The gcc undefined sanitizer would flag this as being
undefined behaviour because the second argument of the function
is marked as non-NULL. Fix this by checking we actually have
a non-NULL type DIE.

Signed-off-by: Mark Wielaard <mark@klomp.org>

libdw: Use signedness of subrange type to determine array bounds

When calculating the array size check if the subrange has an associate
type, if it does then check the type to determine whether the upper
and lower values need to be interpreted as signed of unsigned
values. We default to signed because that is what the testcase
run-aggregate-size.sh testfile-size4 expects (this is an hardwritten
testcase, we could have chosen a different default).

https://sourceware.org/bugzilla/show_bug.cgi?id=28294

Signed-off-by: Mark Wielaard <mark@klomp.org>

debuginfod-client: Stick to + https:// + file:// protocols

Make sure we don't use any of the more experimental protocols
libcurl might support. URLs can be redirected and we might want
to follow http -> https, but not e.g. gopher or pop3.

Suggested-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Signed-off-by: Mark Wielaard <mark@klomp.org>

PR27783: switch default debuginfod-urls to drop-in style files

Rewrote and commented the /etc/profile.d csh and sh script fragments
to take the default $DEBUGINFOD_URLS from the union of drop-in files:
/etc/debuginfod/*.urls. Hand-tested with csh and bash, with
conditions including no prior $DEBUGINFOD_URLS, nonexistent .urls
files, multiple entries in .urls files.

Signed-off-by: Frank Ch. Eigler <fche@redhat.com>

tests: Handle dwarf_attr_string returning NULL in show-die-info.c

Reported-by: Jan-Benedict Glaw <jbglaw@lug-owl.de>
Signed-off-by: Mark Wielaard <mark@klomp.org>

elflint.c: Don't dereference databits if bad

elflint.c: In function 'check_sections':
elflint.c:4105:48: error: null pointer dereference [-Werror=null-dereference]
4105 | idx < databits->d_size && ! bad;
| ~~~~~~~~^~~~~~~~

Fix this by testing for ! bad first.

Reported-by: Jan-Benedict Glaw <jbglaw@lug-owl.de>
Signed-off-by: Mark Wielaard <mark@klomp.org>

PR28242: debuginfod prometheus metric widening

This patch aims to extend http_responses_* metrics with another label
"type" by getting the extra artifact-type content added as a new
key=value tag.

v2, tweaked patch to perform artifact-type sanitization at point of
vulnerability rather than in general metric tabulation logic.

Signed-off-by: Di Chen <dichen@redhat.com>
Signed-off-by: Frank Ch. Eigler <fche@redhat.com>

RISC-V: PR27925 Add support for LP64 and LP64F ABIs return values

The RISC-V Linux kernel is compiled without floating point (the LP64
ABI) and elfutils could not obtain return value locations for
functions in the kernel. This issue was noticed when Systemtap
generated RISC-V kernel modules for scripts that used $return target
variables in function return probes. This patch adds the needed
support to provide return value information for the LP64 and LP64F
ABIs.

Signed-off-by: William Cohen <wcohen@redhat.com>

debuginfod: Remove checking for unsafe headers

Some http response header checks were removed such as checking for
Connection and Cache-Control. These headers are not guarenteed to be
received and depend on proxy and libmicrohttpd versions. Checking for
the existance of Content-Length and DEBUGINFOD-* headers is sufficient
since Content-Length is added upon creation of an MHD_Response object
and DEBUGINFOD-* are added manually.
(source on Content-Length being added:
https://www.gnu.org/software/libmicrohttpd/manual/libmicrohttpd.html#
microhttpd_002dresponse-headers )

Signed-off-by: Noah Sanci <nsanci@redhat.com>