Broken access, instance.pointer.member, to i_mapping causes backtrace #1525
Description
I started a run of pagecache.Files against all samples with the d_inode in try/except like in #1516 so that any deeper bugs would be exposed. This is the first of those.
The pagecache plugin does the instance.pointer.member pattern on i_mappings of inode and causes a backtrace on samples.
Note that my PR for the broken cached file hanlding (https://github.com/volatilityfoundation/volatility3/pull/1516/files#diff-dc8047d2b21ebae7092368b7efe49ec11221e192735929c2be49998e31335956R2517) fixes this in get_pages, but it looks like i_mapping should be sent through a new get_i_mapping() like we discussed for dentry, superblock, etc. since it will be a problem every time its accessed.
We don't need PR explosion for no reason, so if the fix for this (accessor + switching current calls to it) becomes part of #1516 then that is fine.
Sample: broken_rhel_load_as_2.zip
Sample 2: gmemday1.dmp
Sample 3: Tillary_email_server.raw
Plugin: linux.pagecache.Files
25-01-04 17:26:59 volatility3.cli DEBUG Traceback (most recent call last):
File "/home/ub/volatility3/volatility3/cli/__init__.py", line 501, in run
renderer.render(grid)
File "/home/ub/volatility3/volatility3/cli/text_renderer.py", line 232, in render
grid.populate(visitor, outfd)
File "/home/ub/volatility3/volatility3/framework/renderers/__init__.py", line 240, in populate
for level, item in self._generator:
File "/home/ub/volatility3/volatility3/framework/plugins/linux/pagecache.py", line 354, in format_fields_with_headers
for level, fields in generator:
File "/home/ub/volatility3/volatility3/framework/plugins/linux/pagecache.py", line 326, in _generator
inode_out = inode_in.to_user(vmlinux_layer)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/ub/volatility3/volatility3/framework/plugins/linux/pagecache.py", line 78, in to_user
cached_pages = int(self.inode.i_mapping.nrpages)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/ub/volatility3/volatility3/framework/objects/__init__.py", line 453, in __getattr__
return getattr(self.dereference(), attr)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/ub/volatility3/volatility3/framework/objects/__init__.py", line 961, in __getattr__
member = template(context=self._context, object_info=object_info)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/ub/volatility3/volatility3/framework/objects/templates.py", line 96, in __call__
return self.vol.object_class(
^^^^^^^^^^^^^^^^^^^^^^
File "/home/ub/volatility3/volatility3/framework/objects/__init__.py", line 168, in __new__
value = cls._unmarshall(context, data_format, object_info)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/ub/volatility3/volatility3/framework/objects/__init__.py", line 202, in _unmarshall
data = context.layers.read(
^^^^^^^^^^^^^^^^^^^^
File "/home/ub/volatility3/volatility3/framework/interfaces/layers.py", line 635, in read
return self[layer].read(offset, length, pad)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/ub/volatility3/volatility3/framework/layers/linear.py", line 45, in read
for offset, _, mapped_offset, mapped_length, layer in self.mapping(
File "/home/ub/volatility3/volatility3/framework/layers/intel.py", line 302, in mapping
for offset, size, mapped_offset, mapped_size, map_layer in self._mapping(
File "/home/ub/volatility3/volatility3/framework/layers/intel.py", line 358, in _mapping
chunk_offset, page_size, layer_name = self._translate(offset)
^^^^^^^^^^^^^^^^^^^^^^^
File "/home/ub/volatility3/volatility3/framework/layers/intel.py", line 162, in _translate
entry, position = self._translate_entry(offset)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/ub/volatility3/volatility3/framework/layers/intel.py", line 210, in _translate_entry
raise exceptions.PagedInvalidAddressException(
volatility3.framework.exceptions.PagedInvalidAddressException: Page Fault at entry 0x0 in table page directory pointer