Skip to content

Prevent backtraces when kthread full name is smeared#1592

Merged
ikelos merged 1 commit intodevelopfrom
kthread_name_smear
Feb 1, 2025
Merged

Prevent backtraces when kthread full name is smeared#1592
ikelos merged 1 commit intodevelopfrom
kthread_name_smear

Conversation

@atcuno
Copy link
Contributor

@atcuno atcuno commented Jan 31, 2025

Fixes a bug that appeared in the second round of Linux mass testing (and potentially missed in the first given the amount):

Samples:
debian-12-x64-patched-broken-maps.zip.lime
debian-netfilter-twice.zip.lime

25-01-31 19:22:11 volatility3.cli DEBUG    Traceback (most recent call last):
  File "/home/ub/volatility3/volatility3/cli/__init__.py", line 512, in run
    renderer.render(grid)
  File "/home/ub/volatility3/volatility3/cli/text_renderer.py", line 232, in render
    grid.populate(visitor, outfd)
  File "/home/ub/volatility3/volatility3/framework/renderers/__init__.py", line 240, in populate
    for level, item in self._generator:
  File "/home/ub/volatility3/volatility3/framework/plugins/linux/kthreads.py", line 93, in _generator
    utility.pointer_to_string(kthread.full_name, count=255)
  File "/home/ub/volatility3/volatility3/framework/objects/utility.py", line 90, in pointer_to_string
    return address_to_string(
           ^^^^^^^^^^^^^^^^^^
  File "/home/ub/volatility3/volatility3/framework/objects/utility.py", line 132, in address_to_string
    temp_text = layer.read(address + len(text), current_block_size)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/ub/volatility3/volatility3/framework/layers/linear.py", line 45, in read
    for offset, _, mapped_offset, mapped_length, layer in self.mapping(
  File "/home/ub/volatility3/volatility3/framework/layers/intel.py", line 326, in mapping
    for offset, size, mapped_offset, mapped_size, map_layer in self._mapping(
  File "/home/ub/volatility3/volatility3/framework/layers/intel.py", line 382, in _mapping
    chunk_offset, page_size, layer_name = self._translate(offset)
                                          ^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/ub/volatility3/volatility3/framework/layers/intel.py", line 162, in _translate
    entry, position = self._translate_entry(offset)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/ub/volatility3/volatility3/framework/layers/intel.py", line 197, in _translate_entry
    return self._translate_page(page_address)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/ub/volatility3/volatility3/framework/layers/intel.py", line 237, in _translate_page
    raise exceptions.PagedInvalidAddressException(
volatility3.framework.exceptions.PagedInvalidAddressException: Page Fault at entry 0x0 in table page directory pointer

@atcuno atcuno requested a review from ikelos January 31, 2025 21:18
@atcuno atcuno mentioned this pull request Jan 31, 2025
Closed
7 tasks
@ikelos ikelos merged commit 346a5d9 into develop Feb 1, 2025
24 checks passed
@ikelos ikelos deleted the kthread_name_smear branch February 1, 2025 00:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ikelos ikelos ikelos approved these changes

Assignees

No one assigned

Labels

parity-release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@atcuno @ikelos