Accepting request 974769 from home:markkp:branches:Base:System
- Added s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch for bsc#1199128. zgetdump --info may lead to a core dump when issued for the device node (not a partition) right after installing multi-volume dump tool (without taking actual dump). OBS-URL: https://build.opensuse.org/request/show/974769 OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=135
This commit is contained in:
Mark Post
Git OBS Bridge
parent
e797d2291b
commit
26778d88f7
@ -0,0 +1,70 @@
|
|||||||
|
Subject: [PATCH] [BZ 197814] zdump/dfi: Fix segfault due to double free
|
||||||
|
From: Mikhail Zaslonko <zaslonko@linux.ibm.com>
|
||||||
|
|
||||||
|
Description: zdump: segfault on zgetdump -i for multi-volume dump
|
||||||
|
Symptom: zgetdump --info may lead to the core dump when issued for
|
||||||
|
the device node (not a partition) right after installing
|
||||||
|
multi-volume dump tool (without taking actual dump).
|
||||||
|
Problem: Double free condition occurs on zg_close() call at the end of
|
||||||
|
the while loop in dfi_init() in scope of zgetdump processing.
|
||||||
|
Solution: Do not call zg_close() at the end of open_dump() function during
|
||||||
|
multi-volume dump initialization.
|
||||||
|
Reproduction: 1) Install multi-volume dump tool
|
||||||
|
2) Run zgetdump -i using the device node of one of the dump
|
||||||
|
volumes as a parameter without taking actual dump.
|
||||||
|
Upstream-ID: c4e4b926b471da9c488a6468e6bd966512d1d14c
|
||||||
|
Problem-ID: 197814
|
||||||
|
|
||||||
|
Upstream-Description:
|
||||||
|
|
||||||
|
zdump/dfi: Fix segfault due to double free
|
||||||
|
|
||||||
|
The problem can happen when dfi_s390mv_init_gen() returns with an error
|
||||||
|
code to dfi_init() in dfi.c.
|
||||||
|
Double free condition occurs on zg_close() call at the end of the
|
||||||
|
while loop in dfi_init() if zg_close() has already been called for the
|
||||||
|
same file handle at the end of open_dump() function in scope of
|
||||||
|
dfi_s390mv_init_gen() processing.
|
||||||
|
This global file handle is not closed during init() call for any
|
||||||
|
other dump formats. Since it is not reopened/reused after open_dump() call
|
||||||
|
during multi-volume dump initialization, we should not close it at all.
|
||||||
|
|
||||||
|
The problem can be reproduced in the following steps:
|
||||||
|
|
||||||
|
1) Install multi-volume dump tool
|
||||||
|
|
||||||
|
# zipl -M mvdump.conf
|
||||||
|
Dump target: 2 partitions with a total size of 4732 MB.
|
||||||
|
Warning: All information on the following partitions will be lost!
|
||||||
|
/dev/dasdb2
|
||||||
|
/dev/dasdb3
|
||||||
|
Do you want to continue creating multi-volume dump partitions (y/n)?y
|
||||||
|
Done.
|
||||||
|
|
||||||
|
2) Run zgetdump -i using device (not partition) as a parameter without
|
||||||
|
taking actual dump.
|
||||||
|
|
||||||
|
# zgetdump -i /dev/dasdb
|
||||||
|
free(): double free detected in tcache 2
|
||||||
|
Aborted (core dumped)
|
||||||
|
|
||||||
|
Signed-off-by: Mikhail Zaslonko <zaslonko@linux.ibm.com>
|
||||||
|
Reviewed-by: Alexander Egorenkov <egorenar@linux.ibm.com>
|
||||||
|
Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>
|
||||||
|
|
||||||
|
|
||||||
|
Signed-off-by: Mikhail Zaslonko <zaslonko@linux.ibm.com>
|
||||||
|
---
|
||||||
|
zdump/dfi_s390mv.c | 1 -
|
||||||
|
1 file changed, 1 deletion(-)
|
||||||
|
|
||||||
|
--- a/zdump/dfi_s390mv.c
|
||||||
|
+++ b/zdump/dfi_s390mv.c
|
||||||
|
@@ -556,7 +556,6 @@ static int open_dump(void)
|
||||||
|
}
|
||||||
|
if (mv_dumper_read() != 0)
|
||||||
|
return -ENODEV;
|
||||||
|
- zg_close(g.fh);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
@ -1,3 +1,11 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue May 3 18:10:58 UTC 2022 - Mark Post <mpost@suse.com>
|
||||||
|
|
||||||
|
- Added s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch
|
||||||
|
for bsc#1199128. zgetdump --info may lead to a core dump when
|
||||||
|
issued for the device node (not a partition) right after
|
||||||
|
installing multi-volume dump tool (without taking actual dump).
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Apr 14 13:57:12 UTC 2022 - Mark Post <mpost@suse.com>
|
Thu Apr 14 13:57:12 UTC 2022 - Mark Post <mpost@suse.com>
|
||||||
|
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package s390-tools
|
# spec file for package s390-tools
|
||||||
#
|
#
|
||||||
# Copyright (c) 2021-2022 SUSE LLC
|
# Copyright (c) 2001-2022 SUSE LLC
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -100,6 +100,7 @@ Patch004: s390-tools-sles15sp4-zdev-Fix-path-resolution-for-multi-mount-po
|
|||||||
Patch005: s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch
|
Patch005: s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch
|
||||||
Patch006: s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch
|
Patch006: s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch
|
||||||
Patch007: s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch
|
Patch007: s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch
|
||||||
|
Patch008: s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch
|
||||||
|
|
||||||
# SUSE patches
|
# SUSE patches
|
||||||
Patch900: s390-tools-sles12-zipl_boot_msg.patch
|
Patch900: s390-tools-sles12-zipl_boot_msg.patch
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user