freebsd-skq/lib/libutil
cem f96df638b8 Detect badly behaved coredump note helpers
Coredump notes depend on being able to invoke dump routines twice; once
in a dry-run mode to get the size of the note, and another to actually
emit the note to the corefile.

When a note helper emits a different length section the second time
around than the length it requested the first time, the kernel produces
a corrupt coredump.

NT_PROCSTAT_FILES output length, when packing kinfo structs, is tied to
the length of filenames corresponding to vnodes in the process' fd table
via vn_fullpath.  As vnodes may move around during dump, this is racy.

So:

 - Detect badly behaved notes in putnote() and pad underfilled notes.

 - Add a fail point, debug.fail_point.fill_kinfo_vnode__random_path to
   exercise the NT_PROCSTAT_FILES corruption.  It simply picks random
   lengths to expand or truncate paths to in fo_fill_kinfo_vnode().

 - Add a sysctl, kern.coredump_pack_fileinfo, to allow users to
   disable kinfo packing for PROCSTAT_FILES notes.  This should avoid
   both FILES note corruption and truncation, even if filenames change,
   at the cost of about 1 kiB in padding bloat per open fd.  Document
   the new sysctl in core.5.

 - Fix note_procstat_files to self-limit in the 2nd pass.  Since
   sometimes this will result in a short write, pad up to our advertised
   size.  This addresses note corruption, at the risk of sometimes
   truncating the last several fd info entries.

 - Fix NT_PROCSTAT_FILES consumers libutil and libprocstat to grok the
   zero padding.

With suggestions from:	bjk, jhb, kib, wblock
Approved by:	markj (mentor)
Relnotes:	yes
Sponsored by:	EMC / Isilon Storage Division
Differential Revision:	https://reviews.freebsd.org/D3548
2015-09-03 20:32:10 +00:00
..
tests On arm64 disable three tests that hang or panic 2015-08-17 23:19:36 +00:00
_secure_path.3
_secure_path.c
auth.c
expand_number.3
expand_number.c
flopen.3
flopen.c
fparseln.3
fparseln.c fparseln(3): Update from NetBSD sources. 2014-07-23 14:57:15 +00:00
gr_util.c When passwd or group information is changed (by pw, vipw, chpass, ...) 2015-07-02 17:30:59 +00:00
hexdump.3 Add support for reading MAM attributes to camcontrol(8) and libcam(3). 2015-06-09 21:39:38 +00:00
hexdump.c
humanize_number.3
humanize_number.c
kinfo_getallproc.3 Add <sys/user.h> to the SYNOPSIS of the kinfo_get*() functions since these 2015-05-27 17:51:06 +00:00
kinfo_getallproc.c
kinfo_getfile.3 Add <sys/user.h> to the SYNOPSIS of the kinfo_get*() functions since these 2015-05-27 17:51:06 +00:00
kinfo_getfile.c Detect badly behaved coredump note helpers 2015-09-03 20:32:10 +00:00
kinfo_getproc.3 Add <sys/user.h> to the SYNOPSIS of the kinfo_get*() functions since these 2015-05-27 17:51:06 +00:00
kinfo_getproc.c
kinfo_getvmmap.3 Add <sys/user.h> to the SYNOPSIS of the kinfo_get*() functions since these 2015-05-27 17:51:06 +00:00
kinfo_getvmmap.c
kinfo_getvmobject.3 Export a list of VM objects in the system via a sysctl. The list can be 2015-05-27 18:11:05 +00:00
kinfo_getvmobject.c Export a list of VM objects in the system via a sysctl. The list can be 2015-05-27 18:11:05 +00:00
kld.3
kld.c
libutil.h revert r283969,283970 not needed anymore after r283981 2015-06-04 08:00:11 +00:00
login_auth.3
login_auth.c
login_cap.3
login_cap.c
login_cap.h
login_class.3
login_class.c Fix a clang 3.5 warning about abs(3) being given an argument of type 2014-10-29 20:18:37 +00:00
login_crypt.c
login_ok.3
login_ok.c
login_times.3
login_times.c
login_tty.3
login_tty.c
login.conf.5
Makefile Revert r284417 it is not necessary anymore 2015-06-15 19:28:07 +00:00
Makefile.depend new depends 2015-06-16 23:37:19 +00:00
pidfile.3
pidfile.c
property.3
property.c
pty.3
pty.c
pw_util.3 Bump .Dd due to changes made in r285050 and r285053 2015-07-02 19:41:08 +00:00
pw_util.c When passwd or group information is changed (by pw, vipw, chpass, ...) 2015-07-02 17:30:59 +00:00
quotafile.3 mdoc: improvements to SEE ALSO. 2014-12-27 08:31:52 +00:00
quotafile.c
realhostname_sa.3
realhostname.3
realhostname.c
stub.c
trimdomain.3
trimdomain.c
uucplock.3
uucplock.c