Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1686680 - python-volatility crashing when used on system with kernel 4.9+
Summary: python-volatility crashing when used on system with kernel 4.9+
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: python-volatility
Version: 28
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Michal Ambroz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-03-08 01:51 UTC by Michal Ambroz
Modified: 2019-03-29 19:11 UTC (History)
2 users (show)

Fixed In Version: python-volatility-2.6.1-1.fc29 python-volatility-2.6.1-1.el7 python-volatility-2.6.1-1.fc30
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-03-25 06:04:49 UTC


Attachments (Terms of Use)

Description Michal Ambroz 2019-03-08 01:51:12 UTC
Description of problem:
python-volatility crashing when used on system with kernel 4.9+
Some kernel memory structures have changed and it breaks the interface between Volatility framework and the libdwarf

Version-Release number of selected component (if applicable):
2.6.0

How reproducible:
100%

Steps to Reproduce:
1. vol -f example.dmp imageinfo


Actual results:
$ vol -f ch2.dmp imageinfo
Volatility Foundation Volatility Framework 2.6
INFO    : volatility.debug    : Determining profile based on KDBG search...
Traceback (most recent call last):
  File "/usr/bin/vol", line 192, in <module>
    main()
  File "/usr/bin/vol", line 183, in main
    command.execute()
  File "/usr/lib/python2.7/site-packages/volatility/commands.py", line 147, in execute
    func(outfd, data)
  File "/usr/lib/python2.7/site-packages/volatility/plugins/imageinfo.py", line 45, in render_text
    for k, t, v in data:
  File "/usr/lib/python2.7/site-packages/volatility/plugins/imageinfo.py", line 55, in calculate
    suglist = [ s for s, _ in kdbgscan.KDBGScan.calculate(self)]
  File "/usr/lib/python2.7/site-packages/volatility/plugins/kdbgscan.py", line 116, in calculate
    buf = addrspace.BufferAddressSpace(self._config)
  File "/usr/lib/python2.7/site-packages/volatility/addrspace.py", line 378, in __init__
    BaseAddressSpace.__init__(self, None, config, **kwargs)
  File "/usr/lib/python2.7/site-packages/volatility/addrspace.py", line 73, in __init__
    self.profile = self._set_profile(config.PROFILE)
  File "/usr/lib/python2.7/site-packages/volatility/addrspace.py", line 98, in _set_profile
    ret = profs[profile_name]()
  File "/usr/lib/python2.7/site-packages/volatility/plugins/overlays/linux/linux.py", line 216, in __init__
    obj.Profile.__init__(self, *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/volatility/obj.py", line 862, in __init__
    self.reset()
  File "/usr/lib/python2.7/site-packages/volatility/plugins/overlays/linux/linux.py", line 227, in reset
    self.load_vtypes()
  File "/usr/lib/python2.7/site-packages/volatility/plugins/overlays/linux/linux.py", line 264, in load_vtypes
    vtypesvar = dwarf.DWARFParser(dwarfdata).finalize()
  File "/usr/lib/python2.7/site-packages/volatility/dwarf.py", line 71, in __init__
    self.feed_line(line)
  File "/usr/lib/python2.7/site-packages/volatility/dwarf.py", line 162, in feed_line
    self.process_statement(**parsed) #pylint: disable-msg=W0142
  File "/usr/lib/python2.7/site-packages/volatility/dwarf.py", line 204, in process_statement
    self.vtypes[name] = [ int(data['DW_AT_byte_size'], self.base), {} ]
KeyError: 'DW_AT_byte_size'


Expected results:
$ vol -f ch2.dmp  imageinfo 
Volatility Foundation Volatility Framework 2.6.1
INFO    : volatility.debug    : Determining profile based on KDBG search...
          Suggested Profile(s) : Win7SP1x86_23418, Win7SP0x86, Win7SP1x86_24000, Win7SP1x86
                     AS Layer1 : IA32PagedMemoryPae (Kernel AS)
                     AS Layer2 : FileAddressSpace (/mnt/extra/tmp/rootme/ch2.dmp)
                      PAE type : PAE
                           DTB : 0x185000L
                          KDBG : 0x82929be8L
          Number of Processors : 1
     Image Type (Service Pack) : 0
                KPCR for CPU 0 : 0x8292ac00L
             KUSER_SHARED_DATA : 0xffdf0000L
           Image date and time : 2013-01-12 16:59:18 UTC+0000
     Image local date and time : 2013-01-12 17:59:18 +0100

Comment 1 Fedora Update System 2019-03-08 02:12:10 UTC
python-volatility-2.6.1-1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-ceaa9857b6

Comment 2 Fedora Update System 2019-03-08 02:12:17 UTC
python-volatility-2.6.1-1.fc30 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-2046a66439

Comment 3 Fedora Update System 2019-03-08 02:12:27 UTC
python-volatility-2.6.1-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-df37454881

Comment 4 Fedora Update System 2019-03-08 19:45:23 UTC
python-volatility-2.6.1-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-2046a66439

Comment 5 Fedora Update System 2019-03-08 22:39:03 UTC
python-volatility-2.6.1-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-df37454881

Comment 6 Fedora Update System 2019-03-08 22:40:46 UTC
python-volatility-2.6.1-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-ceaa9857b6

Comment 7 Fedora Update System 2019-03-25 06:04:49 UTC
python-volatility-2.6.1-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2019-03-25 06:52:38 UTC
python-volatility-2.6.1-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2019-03-29 19:11:04 UTC
python-volatility-2.6.1-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.