The random in abrmd was used incorrectly, resulting in a core dump. #838
Comments
15058718379
changed the title
15058718379
added a commit
to 15058718379/tpm2-abrmd
that referenced
this issue
Sep 5, 2023
init_thread_func creates a thread and then initializes the tcti. When /dev/tpm0 does not exist, the thread is created. If other processes communicate with abrmd, the connection may be established. However, /dev/tpm0 does not exist, and init_thread_func releases resources. After the resources are released randomly, the resources may still be used by id_pid_mix_from_incall to randomly obtain the kernel dump in uint64. The patch initializes the tcti in advance to avoid concurrency. tpm2-software#838
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
warning: .dynamic section for "/lib64/libmount.so.1" is not at the expected address (wrong library or version mismatch?)
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib64/libthread_db.so.1".
Core was generated by `/usr/sbin/tpm2-abrmd'.
Program terminated with signal SIGTRAP, Trace/breakpoint trap.
#0 __pthread_kill_implementation (threadid=281469749104672, signo=signo@entry=5, no_tid=no_tid@entry=0) at pthread_kill.c:69
69 return ret;
[Current thread is 1 (Thread 0xfffec8691020 (LWP 422824))]
(gdb) bt
#0 __pthread_kill_implementation (threadid=281469749104672, signo=signo@entry=5, no_tid=no_tid@entry=0) at pthread_kill.c:69
#1 0x0000fffec807bda4 in __pthread_kill_internal (signo=, threadid=) at pthread_kill.c:78
#2 0x0000fffec8037cbc in __GI_raise (sig=5) at ../sysdeps/posix/raise.c:26
#3 0x0000fffec82ec554 in g_log_default_handler
(log_domain=0x0, log_level=-932549832, message=0x7f7f7f7f7f7f7f7f <error: Cannot access memory at address 0x7f7f7f7f7f7f7f7f>, unused_data=) at ../glib/gmessages.c:3216
#4 0x0000fffec82ec7d0 in g_logv (log_domain=0x0, log_level=G_LOG_LEVEL_ERROR, format=, args=...)
at ../glib/gmessages.c:1378
#5 0x0000fffec82eca60 in g_log (log_domain=0x0, log_level=422824,
log_level@entry=G_LOG_LEVEL_ERROR, format=0x5 <error: Cannot access memory at address 0x5>,
format@entry=0xaaaab23a7a90 "NULL random pointer passed to random_get_uint64") at ../glib/gmessages.c:1447
#6 0x0000aaaab239bd80 in random_get_uint64 (random=) at src/random.c:148
#7 0x0000aaaab239b414 in generate_id_pid_mix_from_invocation
(id_pid_mix=, id=, invocation=0xfffeb000a840 [%s but there is no cache entry], self=0xfffec0003120) at src/ipc-frontend-dbus.c:281
#8 on_handle_create_connection
(skeleton=, invocation=0xfffeb000a840 [%s but there is no cache entry], user_data=)
at src/ipc-frontend-dbus.c:363
#9 0x0000fffec7eca5f0 in ffi_call_SYSV () at ../src/aarch64/sysv.S:120
#10 0x0000fffec7ec9be4 in ffi_call_int
(cif=cif@entry=0xffffdd282eb8, fn=fn@entry=0xfffec8408b30 <handler_lists_cmp>, orig_rvalue=, avalue=avalue@entry=0xffffdd282dc0, closure=closure@entry=0x0) at ../src/aarch64/ffi.c:762
#11 0x0000fffec7eca148 in ffi_call
(cif=cif@entry=0xffffdd282eb8, fn=fn@entry=0xfffec8408b30 <handler_lists_cmp>, rvalue=, avalue=avalue@entry=0xffffdd282dc0) at ../src/aarch64/ffi.c:771
#14 0x0000fffec840aef4 in <emit signal ??? on instance 0xfffebc0045d0 [TctiTabrmdSkeleton]>
(node=0xfffeb000a0a0, detail=0, instance=0xfffebc0045d0, emission_return=0xffffdd283100, instance_and_params=0xaaaab868f400)
at ../gobject/gsignal.c:3741
#12 0x0000fffec83f7980 in g_cclosure_marshal_generic
(closure=, return_gvalue=0xffffdd283070, n_param_values=, param_values=, invocation_hint=, marshal_data=) at ../gobject/gclosure.c:1510
#13 0x0000fffec83f6fa8 in g_closure_invoke
The text was updated successfully, but these errors were encountered: