crash (7.2.3+real-1~16.04.1) xenial; urgency=medium * Backport to xenial. LP: #1746088 - Build-Depends on debhelper 9. -- Thadeu Lima de Souza Cascardo Tue, 26 Jun 2018 14:32:30 -0300 crash (7.2.3+real-1) unstable; urgency=medium * Revert wget addition and re-include embedded gdb (Closes: #901863) -- Troy Heber Fri, 22 Jun 2018 15:39:16 -0600 crash (7.2.3-2) unstable; urgency=medium * Add wget as a builddep -- Troy Heber Tue, 22 May 2018 09:16:03 -0600 crash (7.2.3-1) unstable; urgency=medium * Fix for a crash-7.2.2 regression that may cause the "mount" command to generate a segmentation violation. The bug is dependent upon the compiler version used to build the crash utility, where a buffer overrun is not seen with more recent versions of gcc, which hide the bug due to a different stack layout of a function's local variables. * Fix for a second crash-7.2.2 buffer overrun regression that may cause the "rd -S" option to generate a segmentation violation if a displayed memory location contains a slab object address. * Fix for a third, highly unlikely, crash-7.2.2 buffer overrun regression, that could potentially occur during session initialization. -- Troy Heber Mon, 21 May 2018 14:01:30 -0600 crash (7.2.2-1) UNRELEASED; urgency=medium * Fix to support Linux 4.16-rc1 and later ARM64 kernels, which fail during session initialization with the error message "crash: cannot determine page size". The failure to determine the page size is due to the combination of the following kernel commits: - Linux 4.6 commit 6ad1fe5d9077a1ab40bf74b61994d2e770b00b14 arm64: avoid R_AARCH64_ABS64 relocations for Image header fields - Linux 4.10 commit 4b65a5db362783ab4b04ca1c1d2ad70ed9b0ba2a arm64: Introduce uaccess_{disable,enable} functionality based on TTBR0_EL1 - Linux 4.16 commit 1e1b8c04fa3451e2b7190930adae43c95f0fae31 arm64: entry: Move the trampoline to be before PAN * Fix the search for the booted kernel on a live system to prevent selecting the unusable "vmlinux.o" file found in private build directories. Without the patch, the non-executable vmlinux.o file may be selected, and the resulting fatal error message indicates a somewhat misleading "crash: cannot resolve _stext". * Implemented a new "ps -A" option that restricts the task output to just the active tasks on each cpu. * As the first step in optimizing the is_page_ptr() function, save the maximum SPARSEMEM section number during initialization, and use it as the topmost delimeter in subsequent mem_section searches. Also allow for per-architecture machdep->is_page_ptr() plugin functions. * Implemented the x86_64 machdep->is_page_ptr() plugin function. If the kernel is configured with CONFIG_SPARSEMEM_VMEMMAP, the plugin function optimizes the mem_section search, reducing the computation effort and time consumed by commands that repeatedly call the is_page_ptr() function on large-memory systems. * Fixes for 32-bit X86 "bt" command on kernels that have been compiled with retpoline gcc support. Without the patch, backtraces may fail with the error message "bt: cannot resolve stack trace", followed by the text symbols found on the stack and possible exception frames. * Fix the "help foreach" argument list to include the new "gleader" task qualifier option that was added in version 7.1.2. * VMware VMSS dumpfiles contain the state of each vCPU at the time when the VM was suspended. This patch enables crash to read the relevant registers from each vCPU state for use as the starting hooks by the "bt" command. Also, support for "help -[D|n]" to display dumpfile contents, and "help -r" to display vCPU register sets has been implemented. This is also the first step towards implementing automatic KASLR offset calculations for VMSS dumpfiles. * Commit 45b74b89530d611b3fa95a1041e158fbb865fa84 added support for calculating phys_base and the mapped kernel offset for KASLR-enabled kernels on SADUMP dumpfiles by using a technique developed by Takao Indoh. Originally, the patchset included support for kdumps, but this was dropped in v2, as it was deemed unnecessary due to the upstream implementation of the "vmcoreinfo device" in QEMU. However, there are still several reasons for which the vmcoreinfo device may not be present at the time when a memory dump is taken from a VM, ranging from a host running older QEMU/libvirt versions, to misconfigured VMs or environments running Hypervisors that doesn't support this device. This patchset generalizes the KASLR-related functions from sadump.c and moves them to kaslr_helper.c, and makes kdump analysis fall back to KASLR offset calculation if vmcoreinfo data is missing. * Fix for the "bt" command on 4.16 and later kernels size in which the "thread_union" data structure is not contained in the vmlinux file's debuginfo data. Without the patch, the kernel stack size is not calculated correctly, and defaults to 8K. As a result "bt" fails with the message "bt: invalid RSP:
bt->stackbase/stacktop:
/
cpu: ". * Fix for the x86_64 "bt" command for kernels that are configured with CONFIG_FRAME_POINTER. Without the patch, the per-text-return-address framesize cache may contain invalid entries for functions that have an "and $0xfffffffffffffff0,%rsp" instruction in their prologue, which aligns the stack on a 16-byte boundary; therefore any cached framesize for a text-return-address in such a function may be incorrect depending upon the alignment of the stack address of a calling function. If an invalid cached framesize is utilized by "bt", the backtrace may skip over several frames, or may display one or more invalid (stale) frames. The patch introduces a new cache that contains functions for which framesize values should not be cached. * Speed up the "bt" command by avoiding the text value cache that was put in place many years ago when the crash utility supported the analysis of remote dumpfiles using the deprecated "crash daemon" running on the remote host. The performance improvement will be most noticable when running the first instance of "foreach bt", where there would often be a "hitch" when it was determining the framesize of kernel module text return addresses. * Optimization of the crash startup time and "ps" command processing time when analyzing dumpfiles/systems with extremely large task counts. For example, running with a dumpfile containing over a million tasks, startup time and "ps" processing time was reduced from 90 minutes to less then 40 seconds. * Speed up the "ps -r" option by stashing the length of the task_struct.rlim or signal_struct.rlim array in the internal array_table[]. Without the patch, the length of the array is determined by a call to the embedded gdb module for each task, and as a result, the command takes a minute or more per 1000 tasks. With the patch applied, it only takes about 0.5 seconds per 1000 tasks. * Added a new "tree -l" option for the rbtree display, which dumps the tree sorted in linear order, starting with the leftmost node and progressing to the right. Also, if a corrupted rb_node pointer is encountered, do not fail immediately, but rather display the rb_node address and the corrupt pointer and continue. * Display a fatal error message if the "tree -l" option is attempted with radix trees. Without the patch, the option would be silently ignored. * Introduction of a new "bpf" command that displays information about loaded eBFP (extended Berkeley Packet Filter) programs and maps. Because of its upstream fluidity, the capabilities of this command will be an ongoing task. In its initial form, the command displays the addresses, basic information, and key data structures of eBPF programs and maps. It also translates the bytecode, and disassembles the jited code, of loaded eBPF programs. * Fixes to address several gcc-8.0.1 compiler warnings that are generated when building with "make warn". The warnings are all false alarm messages of type [-Wformat-overflow=], [-Wformat-truncation=] and [-Wstringop-truncation]; the affected files are extensions.c, task.c, kernel.c, memory.c, remote.c, symbols.c, filesys.c and xen_hyper.c. * Fix for the "ps -a" option for a user task that has utilized "prctl(PR_SET_MM, ...)" to self-modify its memory map such that the stack locations of its command line arguments and environment variables such are not contiguous. Without the patch, the command may fail with a dump of the crash utility's internal buffer usage statistics followed by "ps: cannot allocate any more memory!". * Fix for a compilation error on ARM64. Without the patch, the compilation of the new bpf.c file fails with the error message "bpf.c:881:18: error: conflicting types for 'u64'" * Fix for an s390x session initialization-time warning that indicates "WARNING: cannot determine MAX_PHYSMEM_BITS" on Linux 4.15 and later kernels containing commit 83e3c48729d9ebb7af5a31a504f3fd6aff0348c4, which changed the data type of "mem_section" from an array to a pointer. Without the patch, the s390x manner of determining MAX_PHYSMEM_BITS fails because it presumes that "mem_section" is an array, and as a result, displays the warning message. * Fix for the determination of the ARM64 phys_offset value when running live against /proc/kcore. Without the patch, the message "WARNING: cannot access vmalloc'd module memory" may be displayed during session initialization, and vmalloc/module memory will be unaccessible. (It should be noted that at the time of this patch, the upstream version of /proc/kcore does not work correctly for ARM64, because PT_LOAD segments for unity-mapped blocks of physical are not generated.) * For live system analysis, if both "/dev/mem" and the "/dev/crash" memory driver do not exist, try to use "/proc/kcore". Without the patch, the session fails immediately with the error message "crash: /dev/mem: No such file or directory". * Fix, and an update, for the "ipcs" command. The fix addresses an error where IPCS entries are not displayed because of a faulty read of the "deleted" member of the embedded "kern_ipc_perm" data structure. The "deleted" member was being read as a 4-byte integer, but since it is declared as a "bool" type, only the lowest byte gets set to 1 or 0. Since the structure is not zeroed-out when allocated, stale data may be left in the upper 3 bytes, and the IPCS entry gets rejected. The update is required for Linux 4.11 and greater kernels, which reimplemented the IDR facility to use radix trees in kernel commit 0a835c4f090af2c76fc2932c539c3b32fd21fbbb, titled "Reimplement IDR and IDA using the radix tree". Without the patch, if any IPCS entry exists, the command would fail with the message "ipcs: invalid structure member offset: idr_top" * Second stage of the new "bpf" command. This patch adds additional per-program and per-map data for the "bpf -p ID" and "bpf -m ID" options, containing data items shown by the "bpftool prog list" and "bpftool map list" options; new "bpf -P" and "bpf -M" options have been added that dump the extra data for all loaded programs or tasks. * Fix for a compilation error of the new "bpf.c" file when building on older host systems where CLOCK_BOOTTIME does not exist. * Fix for infrequent failures of the x86 "bt" command to handle cases where a user space task with "resume_userspace" or "entry_INT80_32" at the top of the stack, or which was interrupted by the crash NMI while handling a timer interrupt. Without the patch, the backtrace would be proceeded with the error message "bt: cannot resolve stack trace", and then dump the text symbols found on the stack and all possible exception frames. * Trivial formatting fix to "bpf" help page. * Fix the "bpf" command display on Linux 4.17-rc1 and later kernels, which contain two new program types, BPF_PROG_TYPE_RAW_TRACEPOINT and BPF_PROG_TYPE_CGROUP_SOCK_ADDR. Without the patch, the dynamic header string created for bpf programs overran into the bpf map header, creating one long combined header string. * Updates for the presumption that system call names begin with "sys_". In Linux 4.17, x86_64 system calls may begin with "__x64_sys", where, for example, "sys_read" has been replaced by "__x64_sys_read". -- Troy Heber Mon, 21 May 2018 13:59:41 -0600 crash (7.2.1-2) unstable; urgency=medium * Do not git clone eppic extension. (Closes: #898707), from Thadeu Lima de Souza Cascardo * Remove generated files: CFLAGS.extra LDFLAGS.extra extensions/defs.h, from Thadeu Lima de Souza Cascardo -- Troy Heber Mon, 21 May 2018 08:18:43 -0600 crash (7.2.1-1) unstable; urgency=medium * New upstream (closes: #890394) * Fix for the "runq" command on Linux 4.14 and later kernels that contain commit cd9e61ed1eebbcd5dfad59475d41ec58d9b64b6a, titled "rbtree: cache leftmost node internally". Without the patch, the command fails with the error message "runq: invalid structure member offset: cfs_rq_rb_leftmost". * Fix to prevent a useless message during session inialization. Without the patch, if the highest possible node bit in the node_states[N_ONLINE] multi-word bitmask is set, then a message such as "crash: next_online_node: 256 is too large!" will be displayed. * Additional fixes for the ARM64 "bt" command for Linux 4.14 kernels. The patch corrects the contents of in-kernel exception frame register dumps, and properly transitions the backtrace from the IRQ stack to the process stack. * Implemented a new "search -T" option, which is identical to the "search -t" option, except that the search is restricted to the kernel stacks of active tasks. * Removal of the ARM64 "bt -o" option for Linux 4.14 and later kernels, along with several cleanups/readability improvements. * Fix for support of KASLR enabled kernels captured by the SADUMP dumpfile facility. SADUMP dumpfile headers do not contain phys_base or VMCOREINFO notes, so without this patch, the crash session fails during initialization with the message "crash: seek error: kernel virtual address:
type: "page_offset_base". This patch calculates the phys_base value and the KASLR offset using the IDTR and CR3 registers from the dumpfile header. * Implemented a new "ps -y policy" option to filter the task display by scheduling policy. Applicable to both standalone ps invocation as well as via foreach. * Fix for the "kmem -[sS]" options on Linux 4.14 and later kernels that contain commit 2482ddec670fb83717d129012bc558777cb159f7, titled "mm: add SLUB free list pointer obfuscation". Without the patch, there will numerous error messages of the type "kmem: slab:
invalid freepointer: " if the kernel is configured with CONFIG_SLAB_FREELIST_HARDENED. * Fix for the validation of the bits located in the least significant bits of mem_section.section_mem_map pointers. Without the patch, the validation functions always returned valid, due to a coding error found by clang. However, it was never really a problem because it is extremely unlikely that an existing mem_section would ever be invalid. * Fix for the x86_64 kernel virtual address to physical address translation mechanism. Without the patch, when verifying that the PAGE_PRESENT bit is set in the top-level page table, it would always test positively, and the translation would continue parsing the remainder of the page tables. This would virtually never be a problem in practice because if the top-level page table entry existed, its PAGE_PRESENT bit would be set. * Removed a check for a negative block_size value which is always a non-negative unsigned value in the SADUMP header parsing function. * Removed a check for an impossible negative value when calculating the beginning address when applying the context value specified by the "search -x " option. * Implemented a new "timer -C " option that restricts the timer or hrtimer output to the timer queue data associated with one or more cpus. For multiple cpus, the cpu-specifier uses the standard comma or dash separated list format. * Fix for a "ps -l" regression introduced by the new "ps -y" option introduced above. Without the patch, the -l option generates a segmentation violation if not accompanied by a -C cpu specifier option. * Fix for the "kmem -i" and "kmem -V" options in Linux 4.8 and later kernels containing commit 75ef7184053989118d3814c558a9af62e7376a58, titled "mm, vmstat: add infrastructure for per-node vmstats". Without the patch, the CACHED line of "kmem -i" shows 0, and the VM_STAT section of "kmem -V" is missing entirely. * Fix for Linux 4.11 and later kernels that contain kernel commit 4b3ef9daa4fc0bba742a79faecb17fdaaead083b, titled "mm/swap: split swap cache into 64MB trunks". Without the patch, the CACHED line of "kmem -i" may show nonsensical data. * Implemented a new "dev -D" option that is the same as "dev -d", but filters out the display of disks that have no I/O in progress. * If a line number request for a module text address initially fails, force the embedded gdb module to complete its two-stage strategy used for reading debuginfo symbol tables from module object files, and then retry the line number extraction. This automatically does what the "mod -r" or "crash --readnow" options accomplish. * Update for support of Linux 4.12 and later PPC64 kernels where the hash page table geometry accommodates a larger virtual address range. Without the patch, the virtual-to-physical translation of user space virtual addresses by "vm -p", "vtop", and "rd -u" may generate an invalid translation or otherwise fail. * Implemented a new "runq -T" option that displays the time lag of each CPU relative to the most recent runqueue timestamp. * Fix to support Linux 4.15 and later kernels that contain kernel commit e8cfbc245e24887e3c30235f71e9e9405e0cfc39, titled "pid: remove pidhash". The kernel's traditional usage of a pid_hash[] array to store PIDs has been replaced by an IDR radix tree, requiring a new crash plug-in function to gather the system's task set. Without the patch, the crash session fails during initialization with the error message "crash: cannot resolve init_task_union". * Fix for the "net" command when the network device listing has an unusually large number of IP addresses. In that case, without the patch, the command may generate a segmentation violation. * Fix for Linux 4.15 and later kernels that are configured with CONFIG_SPARSEMEM_EXTREME, and that contain kernel commit 83e3c48729d9ebb7af5a31a504f3fd6aff0348c4, titled "mm/sparsemem: Allocate mem_section at runtime for CONFIG_SPARSEMEM_EXTREME=y". Without the patch, kernels configured with SPARSEMEM_EXTREME have changed the data type of "mem_section" from an array to a pointer, leading to errors in commands such as "kmem -p", "kmem -n", "kmem -s", and any other command that translates a physical address to its page struct address. * With the latest PPC64 NMI IPI changes, crash_ipi_callback is found multiple times on the stack of active non-panic tasks. Ensure that the symbol reference relates to an actual backtrace stack frame. * Update the starting virtual address of vmalloc space for kernels configured with CONFIG_X86_5LEVEL. * Update the X86_64 VSYSCALL_END address to reflect that it only contains 1 page. * Prevent the X86_64 FILL_PML() macro from updating the internal machdep->machspec->last_pml4_read address every time a vmalloc'd kernel virtual address is translated. * Fix for the "bt" command in x86_64 kernels that contain, or have backports of, kernel commit 4950d6d48a0c43cc61d0bbb76fb10e0214b79c66, titled "x86/dumpstack: Remove 64-byte gap at end of irq stack". Without the patch, backtraces fail to transition from the IRQ stack back to the process stack, showing an error message such as "bt: cannot transition exception stack to IRQ stack to current process stack". * Initial pass for support of kernel page table isolation. The x86_64 "bt" command may indicate "bt: cannot transition from exception stack to current process stack" if the crash callback NMI occurred while an active task was running on the new entry trampoline stack. This has only been tested on the RHEL7 backport of the upstream patch because as of this commit, crash does not run on 4.15-rc kernels. Further changes may be required for upstream kernels, and distributions that implement the kernel changes differently than upstream. * Fix for the "bt" command and the "ps -s" option for zombie tasks whose kernel stacks have been freed/detached. Without the patch, the "bt" command indicates "bt: invalid kernel virtual address: 0 type: stack contents" and "bt: read of stack at 0 failed"; it will be changed to display "(no stack)". The "ps -s" option would fail prematurely upon reaching such a task, indicating "ps: invalid kernel virtual address: 0 type: stack contents" and "ps: read of stack at 0 failed". * Fix for running on live systems on 4.15-rc2 and later kernels that are configured with CONFIG_RANDOMIZE_BASE and contain kernel commit 668533dc0764b30c9dd2baf3ca800156f688326b, titled "kallsyms: take advantage of the new '%px' format". Without the patch, a live crash session does not show the "WARNING: kernel relocated ..." message expected with KASLR, and then displays the message "crash: cannot set context for pid: " prior to generating a SIGSEGV. * Fix for 4.15-rc5 and later x86_64 kernels that contain kernel commit c482feefe1aeb150156248ba0fd3e029bc886605, titled "x86/entry/64: Make cpu_entry_area.tss read-only". Without the patch, the addresses and sizes of the x86_64 exception stacks cannot be determined; therefore if a backtrace starts on one of the exception stacks, then the "bt" command will fail. * Additional fix for support of KASLR enabled kernels captured by the SADUMP dumpfile facility, where this patch fixes a problem when Page Table Isolation(PTI) is enabled. When PTI is enabled, bit 12 of CR3 register is used to split user space and kernel space. Also bit 11:0 is used for Process Context IDentifiers(PCID). To open an SADUMP dumpfile, the value of CR3 is used to calculate KASLR offset and phys_base; this patch masks the CR3 register value correctly for a PTI enabled kernel. * Second phase of future support for x86_64 5-level page tables. This patch is a cleanup/collaboration of the original logic used by the various vtop functions, where several new common functions have been added for extracting page table entries from PGD, P4D, PUD, PMD and PTE pages. The usage of the former PML4 and UPML pages have been replaced with the use of the common PGD page, and use the PUD page in 4-level page table translation. Support for 5-level page tables has been incorporated into the the existing x86_64_kvtop() and x86_64_uvtop_level4() functions. Backwards compatibility for older legacy kernels has been maintained. The third phase of support will automatically detect whether the kernel proper, and whether an individual user task, is utilizing 5-level page tables. This patch enables support for kernel-only 5-level page tables by entering the command line option "--machdep vm=5level". * Xen commit 615588563e99a23aaf37037c3fee0c413b051f4d (Xen 4.0.0.) extended the direct mapping to 5 TB. This area was previously reserved for future use, so it is OK to simply change the upper bound unconditionally. * Add a new "foreach gleader" qualifier option, restricting the output to user-space tasks that are thread group leaders. * Since Xen commit 666aca08175b ("sched: use the auto-generated list of schedulers") crash cannot open Xen vmcores because the "schedulers" symbol no longer exists. Xen 4.7 implemented schedulers as its own section in "xen/arch/x86/xen.lds.S", delimited by the two symbols "__start_schedulers_array" and "__end_schedulers_array". Without the patch, the crash session fails during initialization with the error message "crash: cannot resolve schedulers" * Fix the sample crash.ko memory driver to prevent an s390X kernel addressing exception. Legitimate pages of RAM that successfully pass the page_is_ram() and pfn_valid() verifier functions may not be provided by the s390x hypervisor, and the memcpy() from the non-existent memory to the bounce buffer panics the kernel. The patch replaces the the memcpy() call with probe_kernel_read(). * Fix for the ARM64 "bt" command running against Linux 4.14 and later kernels. Without the patch, the backtraces of the active tasks in a kdump-generated dumpfile are truncated. Without the patch, the panic task will just show the "crash_kexec" frame and the kernel-entry user-space exception frame; the non-panic tasks will show their backtraces starting from the stackframe addresses captured in the per-cpu NT_PRSTATUS notes, and will not display the exception frame generated by the NMI callback, nor any stackframes on the IRQ stack. * Fix for the ARM64 "bt" command in kernels that contain commit 30d88c0e3ace625a92eead9ca0ad94093a8f59fe, titled "arm64: entry: Apply BP hardening for suspicious interrupts from EL0". Without the patch, there may be invalid kernel kernel exception frames displayed on an active task's kernel stack, often below a stackframe of the "do_el0_ia_bp_hardening" function; the address translation of the PC and LR values in the the bogus exception frame will display "[unknown or invalid address]". -- Troy Heber Fri, 16 Feb 2018 10:47:33 -0700 crash (7.2.0-1) unstable; urgency=medium * New upstream (closes: #884464) * Fix for the "snap.so" extension module to pass the KASLR relocation offset value in the ELF header for x86_64 kernels that are compiled with CONFIG_RANDOMIZE_BASE. Without the patch, it is necessary to use the "--kaslr=" command line option, or the session fails with the message "WARNING: cannot read linux_banner string", followed by "crash: vmlinux and vmcore do not match!". * The native gdb "disassemble" command fails if the kernel has been compiled with CONFIG_RANDOMIZE_BASE because the embedded gdb module still operates under the assumption that the (non-relocated) text locations in the vmlinux file are correct. The error message that is issued is somewhat confusing, indicating "No function contains specified address". This patch simply clarifies the error message to indicate "crash: the gdb "disassemble" command is prohibited because the kernel text was relocated by KASLR; use the crash "dis" command instead." * Fix for the "mach -m" command in Linux 4.9 and later kernels that contain commit 475339684ef19e46f4702e2d185a869a5c454688, titled "x86/e820: Prepare e280 code for switch to dynamic storage", in which the "e820" symbol was changed from a static e820map structure to a pointer to an e820map structure. Without the patch, the command either displays just the header, or the header with several nonsensical entries. * Fix for Linux 4.10 and later kdump dumpfiles, or kernels that have backported commit 401721ecd1dcb0a428aa5d6832ee05ffbdbffbbe, titled "kexec: export the value of phys_base instead of symbol address". Without the patch, if the x86_64 "phys_base" value in the VMCOREINFO note is a negative decimal number, the crash session fails during session intialization with a "page excluded" or "seek error" when reading "page_offset_base". * Fix for the PPC64 "pte" command. Without the patch, if the target PTE references a present page, the physical address is incorrect. * Fix for a 32-bit MIPS compilation error if glibc-2.25 or later has been installed on the host build machine. Without the patch, the build fails with the error message "mips-linux-nat.c:157:1: error: conflicting types for 'ps_get_thread_area'". * Fix for the validity check of S390X virtual addresses for 5-level page tables where user space memory is mapped above 8 Petabytes. Without the patch, "rd -u" fails and indicates "invalid user virtual address", and "vtop -u" indicates that the address is "(not mapped)". * Crash 7.1.5 commit c3413456599161cabc4e910a0ae91dfe5eec3c21 (xen: Add support for dom0 with Linux kernel 3.19 and newer) from Daniel Kiper implemented support for Xen dom0 vmcores after Linux 3.19 kernel commit 054954eb051f35e74b75a566a96fe756015352c8 (xen: switch to linear virtual mapped sparse p2m list). This patch can be deemed subsequent to Daniel's patch, and implements support Xen PV domU dumpfiles for Linux 3.19 and later kernels. * Fix for the "dis" command to detect duplicate symbols in the case of a "symbol+offset" argument where the duplicates are not contiguous in the symbol list. Without the patch, the first of multiple symbol instances is used in the address evaluation. With the patch, the command will fail with the error message "dis: : duplicate text symbols found:", followed by a list of the duplicate symbols, and their file and line numbers if available. * Enhancement to the error reporting mechanism for the "kmem -[sS]" options. When a fatal error is encountered while gathering basic CONFIG_SLUB statistics, it is possible that the slab cache name is not displayed in the error message, and the line containing the slab cache name, address, etc., is not displayed at all. With this patch, an extra error message indicating "kmem: : cannot gather relevant slab data" will be displayed under the fatal error message; and under that, the CACHE address, cache NAME, OBJSIZE, and SSIZE columns will be displayed, but with "?" under the ALLOCATED, TOTAL, and SLABS columns. * Fix to prevent the "tree -t radix" option from failing when it encounters duplicate entries in a radix_tree_node[slots] array. Without the patch, if a duplicate slot entry is found, the command fails with the message "tree: duplicate tree entry: radix_tree_node: slots[]: n". (The error can be prevented if the command is preceded by "set hash off".) However, certain radix trees contain duplicate entries by design, such as the "pgmap_radix" radix tree, in which a radix_tree_node may contain multiple instances of the same page_map structure. With the patch, checks will only be made for duplicate radix_tree_node structures. * First phase of future support for x86_64 5-level page tables. New sets of virtual memory offsets have been #define'd and helper macros and placeholder functions for the p4d page tables have been added. The only functional changes with this patchset are dynamically-set PGDIR_SHIFT and PHYSICAL_MASK_SHIFT values that are based upon the kernel configuration. * Fix for a build failure. Without the patch, if the build is done by a user whose username cannot be determined from the user ID number, the build fails immediately with a segmentation fault. * Fix for Linux 4.13-rc0 commit 7fd8329ba502ef76dd91db561c7aed696b2c7720 "x86/boot/64: Rename init_level4_pgt and early_level4_pgt". Without the patch, the crash session fails during initialization with the error message "crash: cannot resolve "init_level4_pgt". * The internal "build_data" string contains the compile-time date, the user id of the builder, and the build machine hostname, and is viewable by the "crash --buildinfo" command line option or by the "help -B" option during runtime. This patch replaces that string data with "reproducible build" if the SOURCE_DATE_EPOCH environment variable contains a value string when the crash binary is compiled. * Fix for Linux 4.13-rc1 commit 2d070eab2e8270c8a84d480bb91e4f739315f03d "mm: consider zone which is not fully populated to have holes". Without the patch, SPARSEMEM page struct addresses are incorrectly calculated because a new section state, and an associated flag bit, has been added to the low bits of the mem_section.section_mem_map address; the extra bit is erroneously passed back as part of the section_mem_map and resultant page struct address, leading to errors in commands such as "kmem -p", "kmem -s", "kmem -n", and any other command that translates a physical address to its page struct address. * Enhancement to the S390X "vtop" command to display page table walk information, adding output showing the following page table contents: "Region-First-Table Entry" (RFTE) "Region-Second-Table Entry" (RSTE) "Region-Third-Table Entry" (RTTE) "Segment Table Entry" (STE) "Page Table Entry" (PTE) "Read address of page" (PAGE) Depending on the size of the address space, the page tables can start at different levels. For example: crash> vtop 3ff8000c000 VIRTUAL PHYSICAL 3ff8000c000 2e3832000 PAGE DIRECTORY: 0000000000aaa000 RTTE: 0000000000aadff8 => 00000002e3c00007 STE: 00000002e3c00000 => 00000002e3df7000 PTE: 00000002e3df7060 => 00000002e383203d PAGE: 00000002e3832000 PAGE PHYSICAL MAPPING INDEX CNT FLAGS 3d10b8e0c80 2e3832000 0 0 1 7fffc0000000000 * Fix the s390dbf time stamps for S390X kernel versions 4.11 and 4.14. With kernel commit ea417aa8a38bc7db ("s390/debug: make debug event time stamps relative to the boot TOD clock") for s390dbf time is stored relative to the kernel boot time. In order to still show absolute time since 1970 we have to detect those kernels and re-add the boot time before printing the records. We can use the tod_to_timeval() symbol to check for those kernels because the patch has removed the symbol. With kernel commit 6e2ef5e4f6cc5734 ("s390/time: add support for the TOD clock epoch extension") the symbol name for storing the boot time has changed from "sched_clock_base_cc" to "tod_clock_base". This commit is currently on the s390 features branch and will be integrated in Linux 4.14. * Further enhancement to the S390X "vtop" command to translate the binary values of the hardware flags for region, segment and page table entries. For example: crash> vtop -u 0x60000000000000 VIRTUAL PHYSICAL 60000000000000 5b50a000 PAGE DIRECTORY: 000000005cea0000 RFTE: 000000005cea0018 => 000000006612400f (flags = 00f) flags in binary : P=0; TF=00; I=0; TT=11; TL=11 RSTE: 0000000066124000 => 000000005d91800b (flags = 00b) flags in binary : P=0; TF=00; I=0; TT=10; TL=11 RTTE: 000000005d918000 => 000000006615c007 (flags = 007) flags in binary : FC=0; P=0; TF=00; I=0; CR=0; TT=01; TL=11 STE: 000000006615c000 => 000000005ce48800 (flags = 800) flags in binary : FC=0; P=0; I=0; CS=0; TT=00 PTE: 000000005ce48800 => 000000005b50a03f (flags = 03f) flags in binary : I=0; P=0 PAGE: 000000005b50a000 or for large pages: crash> vtop -k 0x3d100000000 VIRTUAL PHYSICAL 3d100000000 77c00000 PAGE DIRECTORY: 0000000001210000 RTTE: 0000000001213d10 => 0000000077dc4007 (flags = 007) flags in binary : FC=0; P=0; TF=00; I=0; CR=0; TT=01; TL=11 STE: 0000000077dc4000 => 0000000077c03403 (flags = 03403) flags in binary : AV=0, ACC=0011; F=0; FC=1; P=0; I=0; CS=0; TT=00 * PPC64 kernel commit 2f18d533757da3899f4bedab0b2c051b080079dc lowered the max real address to 53 bits. Without this patch, the warning message "WARNING: cannot access vmalloc'd module memory" appears during initialization, and any command that attempts to read a vmalloc'd kernel virtual address will fail and display "read error" messages. * Display the KASLR relocation value warning message whenever it is in use. Without the patch, the message may not get displayed if the --kaslr option is used, or if the dumpfile is a vmcore generated by the current snap.so extension module, which now exports the relocation value in the header. * Fix to prevent an initialization-time failure when running a live session on a host system that does not have a "/usr/src" directory. Without the patch, the session fails with the message "*** Error in 'crash': free(): invalid pointer:
***". (Lei Chen) * Fix for the ARM64 "bt" command's display of the user mode exception frame at the top of the stack in Linux 4.7 and later kernels. Without the patch, the contents of the user mode exception frame are invalid due to the miscalculation of the starting address of the pt_regs structure on the kernel stack. * Integrated support for usage of the Linux 4.14 ORC unwinder by the x86_64 "bt" command. Kernels configured with CONFIG_ORC_UNWINDER contain .orc_unwind and .orc_unwind_ip sections that can be queried to determine the stack frame size of any text address within a kernel function. For kernels not configured with CONFIG_FRAME_POINTER, the crash utility does frame size calculation by disassembling a function from its beginning to the specified text address, counting the push, pop, and add/sub rsp instructions, accounting for retq instructions that occur in the middle of a function. With this patch, access to the new ORC sections has been plugged into the existing frame size calculator, resulting in a more efficient and accurate manner of determining frame sizes, and as a result, more accurate backtraces. * Fix for the ARM64 "bt" command when run against Linux 4.14-rc1. Without the patch, a message indicating "crash: builtin stackframe.sp offset incorrect!" is issued during session initialization, and the "bt" command fails with the error message "bt: invalid structure member offset: task_struct_thread_context_sp". * For for the "task -R " option on Linux 4.13 and later kernels where the task_struct contains a "randomized_struct_fields_start" to "randomized_struct_fields_end" section. Without the patch, a member argument that is inside the randomized section is not found. * Fix for the "snap.so" extension module to pass the value of the ARM64 "kimage_voffset" value in the ELF header. Without the patch, it is necessary to use the "--machdep kvimage_offset=" command line option, or the session fails with the message "crash: vmlinux and vmcore do not match!". -- Troy Heber Sun, 17 Dec 2017 08:25:06 -0700 crash (7.1.9-1) unstable; urgency=medium * Patch from Balint Reczey : Build crash on all Linux architectures (Closes: #763856, #757450) * Patch from Balint Reczey : Continuous integration tests can fail due to missing packages for the running kernel and missing *-updates packages (Closes: #869367) * Fixes to address three gcc-7.0.1 compiler warnings that are generated when building with "make warn". The warning types are "[-Wnonnull]" in filesys.c, and "[-Wformat-overflow=]" in kernel.c and cmdline.c. * Fix for the PPC64 "mach -o" option to update the OPAL console buffer size from 256K to 1MB, based upon the latest skiboot firmware source. * Fix for the "mod -[sS]" option to prevent the erroneous reassignment of one or more symbol values of a kernel module. Without the patch, when loading a kernel module, a message may indicate "mod: : last symbol: is not _MODULE_END_?" may be displayed, and one or more symbols may be reassigned an incorrect symbol value. If none of the erroneous symbol value reassignments are beyond the end of the module's address space, then there will be no message. * Linux 4.10 commit 401721ecd1dcb0a428aa5d6832ee05ffbdbffbbe finally exports the x86_64 "phys_base" value in the VMCOREINFO note, so utilize it whenever it exists. * Implemented a new "log -a" option that dumps the audit logs remaining in kernel audit buffers that have not been copied out to the user-space audit daemon. * Fix for the "kmem
" option and the "search" command in x86_64 kernels that contain, or have backports of, kernel commit 7c1da8d0d046174a4188b5729d7579abf3d29427, titled "crypto: sha - SHA1 transform x86_64 AVX2", which introduced an "_end" text symbol. Without the patch, if a base kernel symbol address that is larger than the "_end" text symbol is passed to "kmem
", its symbol/filename information will not be displayed. Also, when the "search" command scans the __START_KERNEL_map region that contains kernel text and static data, the search will be truncated to stop at the "_end" text symbol address. * Enhancement for the determination of the ARM64 "kimage_voffset" value in Linux 4.6 and later kernels if an ELF format dumpfile does not contain its value in a VMCOREINFO note, or when running against live systems using /dev/mem, /proc/kcore, or an older version of /dev/crash. * Optimization of the "kmem -f
" and "kmem " options to significantly reduce the amount of time to complete the buddy allocator free-list scan for the target address. On very large memory systems, the patch may reduce the time spent by several orders of magnitude. * Fix for a compilation error if glibc-2.25 or later has been installed on the host build machine. Without the patch, the build fails with the error message "amd64-linux-nat.c:496:1: error: conflicting types for 'ps_get_thread_area'". * Fix for the "list -[hH]" options if a list_head.next pointer is encountered that contains an invalid NULL pointer. Without the patch, the "list -[hH]" options would complete/continue as if the NULL were a legitimate end-of-list indicator, and no error would be reported. * Provide basic Huge Page usage as part of "kmem -i" output, showing the total amount of memory allocated for huge pages, and the amount of the total that is free. * Fix for the determination of the x86_64 "phys_base" value when it is not passed in the VMCOREINFO data of ELF vmcores. Without the patch, it is possible that the base address of the vmalloc region is unknown and initialized to an incorrect default address during the very early stages of initialization, which causes the parsing of the PT_LOAD segments for the START_KERNEL_map region to fail. * Fix for the "dis" command to detect duplicate symbols in the case of a "symbol+offset" argument where the duplicates are contiguous in the symbol list. In addition, reject "symbol+offset" arguments if the resultant address goes beyond the end of the function. * Fix for the "set scope" option if the kernel was configured with CONFIG_RANDOMIZE_BASE. Without the patch, the command fails with the message "set: gdb cannot find text block for address: ". This also affects extension modules that call gdb_set_crash_scope() when running with KASLR kernels. * Fix for the extensions/trace.c extension module to account for Linux 4.7 kernel commit 9b94a8fba501f38368aef6ac1b30e7335252a220, which changed the ring_buffer_per_cpu.nr_pages member from an int to a long. Without the patch, the trace.so extension module fails to load on big-endian machines, indicating "extend: Num of pages is less than 0". * Fix for the extensions/trace.c extension module when running on the ppc64 architecture. Without the patch, the trace.so extension module fails to load, indicating "extend: invalid text address: ring_buffer_read". On the ppc64 architecture, the text symbol is ".ring_buffer_read". * Fix for the ARM64 "bt" command. Without the patch, the backtrace of a non-panicking active task generates a segmentation violation when analyzing Android 4.4-based dumpfiles. -- Troy Heber Wed, 26 Jul 2017 12:37:08 -0600 crash (7.1.8-2) unstable; urgency=medium * Enable lzo and snappy compression (Closes: #860319) -- Troy Heber Mon, 17 Apr 2017 19:25:16 -0600 # For older changelog entries, run 'apt-get changelog crash'