Re: Getting package NEVR list from core dump ?
On Fri, Oct 13, 2023 at 03:10:45PM +0200, František Šumšal wrote: > Hey > > On 10/13/23 09:41, Daniel P. Berrangé wrote: > > Not too long ago Fedora added a new ELF note with the NEVR information for > > a package, to all shared libraries > > > >https://fedoraproject.org/wiki/Changes/Package_information_on_ELF_objects > > > > For cores dumped by processes on my local system, coredumpctl extracts the > > package info which is great. > > Along with the ELF notes, systemd-analyze gained a new verb - inspect-elf - > that can be used to retrieve them: Excellent, that is perfect, thank you With regards, Daniel -- |: https://berrange.com -o-https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o-https://fstop138.berrange.com :| |: https://entangle-photo.org-o-https://www.instagram.com/dberrange :| ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Getting package NEVR list from core dump ?
Hey
On 10/13/23 09:41, Daniel P. Berrangé wrote:
Not too long ago Fedora added a new ELF note with the NEVR information for
a package, to all shared libraries
https://fedoraproject.org/wiki/Changes/Package_information_on_ELF_objects
For cores dumped by processes on my local system, coredumpctl extracts the
package info which is great.
Along with the ELF notes, systemd-analyze gained a new verb - inspect-elf -
that can be used to retrieve them:
$ systemd-analyze inspect-elf
core.varlinkctl.1000.89df21ab140948a591f91ecc084568f8.2677628.169711649200
path:
/home/mrc0mmand/tmp/core.varlinkctl.1000.89df21ab140948a591f91ecc084568f8.2677628.169711649200
elfType: coredump
elfArchitecture: AMD x86-64
module name: libnl-3.so.200
type: rpm
name: libnl3
version: 3.7.0-3.fc38
architecture: x86_64
osCpe: cpe:/o:fedoraproject:fedora:38
buildId: c9b97577bfc2cc4651143f597ded2b3e1bd2
...
Also in JSON:
$ systemd-analyze inspect-elf --json=pretty
core.varlinkctl.1000.89df21ab140948a591f91ecc084568f8.2677628.169711649200
{
"elfType" : "coredump",
"elfArchitecture" : "AMD x86-64",
"libnl-3.so.200" : {
"type" : "rpm",
"name" : "libnl3",
"version" : "3.7.0-3.fc38",
"architecture" : "x86_64",
"osCpe" : "cpe:/o:fedoraproject:fedora:38",
"buildId" : "c9b97577bfc2cc4651143f597ded2b3e1bd2"
},
"libnl-route-3.so.200" : {
"type" : "rpm",
"name" : "libnl3",
"version" : "3.7.0-3.fc38",
"architecture" : "x86_64",
"osCpe" : "cpe:/o:fedoraproject:fedora:38",
"buildId" : "e71fe7f76f1c4bff5d935f0d19c5498c8505c61a"
},
...
Lets say, however, that I receive a coredump from an end user, and thus it
isn't known to coredumpctl.
What's the "right" way to extract the NEVR list from a standalone core
dump ?
Presumably there's a better way than just running 'strings' over the binary...
$ strings core | grep osCpe:
{"type":"rpm","name":"qemu","version":"7.2.6-1.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"}
{"type":"rpm","name":"librsvg2","version":"2.56.3-1.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"}
{"type":"rpm","name":"libogg","version":"1.3.5-5.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"}
..snip...
{"type":"rpm","name":"pixman","version":"0.42.2-1.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"}
{"type":"rpm","name":"libXau","version":"1.0.11-2.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"}
{"type":"rpm","name":"qemu","version":"7.2.6-1.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"}
With regards,
Daniel
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
Re: Getting package NEVR list from core dump ?
Daniel P. Berrangé wrote on Fri, Oct 13, 2023 at 08:41:17AM +0100:
> What's the "right" way to extract the NEVR list from a standalone core
> dump ?
I'd probably not call this the "right" way, and it took me way longer
than I'd like to admit, but I found notes readelf could read in various
loadXXXa sections in dumps I looked at:
$ objdump -h dump | grep load1a
27 load1a1000 55d6d3101000 0001b000 2**12
$ dd if=dump of=dump.t bs=4k count=1 iflag=skip_bytes skip=$((0x0001b000))
status=none
$ eu-readelf --notes dump.t
[...]
Note segment of 204 bytes at offset 0x3c0:
Owner Data size Type
GNU 20 GNU_BUILD_ID
Build ID: 1113de7347150ea48ff1c5bd555cdb09a5422f62
GNU 16 GNU_ABI_TAG
OS: Linux, ABI: 3.2.0
FDO 120 FDO_PACKAGING_METADATA
Packaging Metadata:
{"type":"rpm","name":"qemu","version":"8.1.1-1.fc39","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:39"}
---
Or looping all of them:
---
$ objdump -h dump \
| sed -ne 's/.*load[0-9]*a .* \([0-9a-f]*\).*/\1/p' \
| while read offset; do
dd if=dump bs=4k iflag=skip_bytes skip=$((0x$offset)) \
count=1 of=dump.t status=none \
&& eu-readelf --notes dump.t;
done
...
Note segment of 176 bytes at offset 0x320:
Owner Data size Type
GNU 20 GNU_BUILD_ID
Build ID: 0ee9ccb38a6afaecb63d5fd382c83ad9c1dce9be
FDO 124 FDO_PACKAGING_METADATA
Packaging Metadata:
{"type":"rpm","name":"pixman","version":"0.42.2-2.fc39","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:39"}
...
---
(grmbl something about readelf and eu-readelf both being unable to read
from stdin; I guess parsing elf files isn't trivial enough on a stream)
Long story short, I think strings | grep is probably the best you're
going to get here?
I'm sure gdb/lldb or others could be made to display this, but doesn't
seem to be the case at this point (at least glancing at gdb sources);
and tools like systemd-analyze inspect-elf can get package metadata of a
binary or individual notes sections extracted from the dump but don't
seem to be able to parse the elf either...
If someone can prove me wrong here, please share!
Oh, and you can also just feed it to systemd-coredump to have it do the
work for you, then get infos out of it:
sudo /usr/lib/systemd/systemd-coredump 1234 1000 1000 11 $(date +%s) $((2**31))
test < dump
(in order: pid, uid, gid, signal (11=SEGV on x86_64), timestamp of dump,
ulimit -c but I didn't take time to figure out unlimited, hostname)
I'll let you decide if that's better...
Happy hunting,
--
Dominique Martinet | Asmadeus
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
Getting package NEVR list from core dump ?
Not too long ago Fedora added a new ELF note with the NEVR information for
a package, to all shared libraries
https://fedoraproject.org/wiki/Changes/Package_information_on_ELF_objects
For cores dumped by processes on my local system, coredumpctl extracts the
package info which is great.
Lets say, however, that I receive a coredump from an end user, and thus it
isn't known to coredumpctl.
What's the "right" way to extract the NEVR list from a standalone core
dump ?
Presumably there's a better way than just running 'strings' over the binary...
$ strings core | grep osCpe:
{"type":"rpm","name":"qemu","version":"7.2.6-1.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"}
{"type":"rpm","name":"librsvg2","version":"2.56.3-1.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"}
{"type":"rpm","name":"libogg","version":"1.3.5-5.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"}
..snip...
{"type":"rpm","name":"pixman","version":"0.42.2-1.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"}
{"type":"rpm","name":"libXau","version":"1.0.11-2.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"}
{"type":"rpm","name":"qemu","version":"7.2.6-1.fc38","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:38"}
With regards,
Daniel
--
|: https://berrange.com -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
