This document discusses the crash reporting mechanism in Tizen. It describes the crash client, which handles crash signals and generates crash reports. It covers Samsung's crash-work-sdk and Intel's corewatcher crash clients. It also discusses the crash server that receives reports and the CrashDB web interface. Finally, it mentions crash reason location algorithms.
Kernel Recipes 2016 - Why you need a test strategy for your kernel developmentAnne Nicolas
Testing is important. That’s a well known fact that very few developers will dispute. Why is then so little kernel code covered by a clear testing strategy ? Through real stories about test plans (or the lack thereof), this talk will convince you that none of your excuses for not having a test strategy are valid. You will learn how various parts of the Linux kernel have approached testing and how you can benefit from their experience. The talk will use the V4L2 subsystem to demonstrate the use of test tools, but will be applicable to kernel development in general.
Laurent Pinchart
Depuis FreeBSD 8.0, le SSP est activé automatique pour la compilation de l'OS. Cette option de GCC développée au départ par IBM, permet d'ajouter des mécanismes de protection face aux buffer overflows. La présentation sera accompagnée de sources C et d'étude de la mémoire via GDB. La présentation commencera par le fonctionnement du SSP (via 3 aspects), suivi de l'implémentation sous FreeBSD et son Linux pour finir par l'exploitation dans certains cas de figure.
Kernel Recipes 2016 - Why you need a test strategy for your kernel developmentAnne Nicolas
Testing is important. That’s a well known fact that very few developers will dispute. Why is then so little kernel code covered by a clear testing strategy ? Through real stories about test plans (or the lack thereof), this talk will convince you that none of your excuses for not having a test strategy are valid. You will learn how various parts of the Linux kernel have approached testing and how you can benefit from their experience. The talk will use the V4L2 subsystem to demonstrate the use of test tools, but will be applicable to kernel development in general.
Laurent Pinchart
Depuis FreeBSD 8.0, le SSP est activé automatique pour la compilation de l'OS. Cette option de GCC développée au départ par IBM, permet d'ajouter des mécanismes de protection face aux buffer overflows. La présentation sera accompagnée de sources C et d'étude de la mémoire via GDB. La présentation commencera par le fonctionnement du SSP (via 3 aspects), suivi de l'implémentation sous FreeBSD et son Linux pour finir par l'exploitation dans certains cas de figure.
Cisco network equipment has always been an attractive attack target due to its prevalence and the key role that it plays in network structure and security.
This equipment is based on a wide variety of OS (firmware) architectures, types, and versions, so it is much harder to develop a universal shellcode. Publicly available Cisco IOS shellcodes are tailored to specific equipment, have narrow functionality, and are not exactly useful for penetration testing.
This talk is the presentation of a research initiated by our research center to create a shellcode which is as easily portable between different IOS firmwares as possible and which provides a lot of pentesting features because it can dynamically change the shellcode destination at the stage of post-exploitation.
We will also consider the possibility of creating a worm which could spread across the infrastructure, from firewall to router, from router to switch, etc.
HackLU 2018 Make ARM Shellcode Great AgainSaumil Shah
Compared to x86, ARM shellcode has made little progress. The x86 hardware is largely homogenous. ARM, however, has several versions and variants across devices today. There are several constraints and subtleties involved in writing production quality ARM shellcode which works on modern ARM hardware, not just on QEMU emulators.
In this talk, we shall explore issues such as overcoming cache coherency, reliable polymorphic shellcode, ARM egghunting and last but not the least, polyglot ARM shellcode. A bonus side effect of this talk will be creating headaches for those who like to defend agaisnt attacks using age old signature based techniques.
Slides from my presentation on ARM Shellcode at #44CON 2018, London.
In this talk, we explore ARM egghunting and "Quantum Leap" code - polyglot ARM shellcode. A bonus side effect of this talk will be creating headaches for those who like to defend agaisnt attacks using age old signature based techniques.
Since the emerging of the OpenStack cloud computing platform in the Ubuntu community, increasing number of public/private cloud service providers choose to deploy it all over the world. Recently, Spectre and Meltdown have caused a panic in the world and the Spectre V2 is the only one which can attack the host system from the guest VM. It's vital to know the detailed process of the attack. Gavin Guo will give a detail explanation and an example of how to attack the host system. Besides, v1/v3/v4 are also introduced in the slide.
PCD – Process Control Daemon is a light-weight system level process manager for Embedded-Linux based projects (consumer electronics, network devices, etc.).
PCD starts, stops and monitors all the user space processes in the system, in a synchronized manner, using a textual configuration file.
PCD recovers the system in case of errors and provides useful and detailed debug information.
Cisco network equipment has always been an attractive attack target due to its prevalence and the key role that it plays in network structure and security.
This equipment is based on a wide variety of OS (firmware) architectures, types, and versions, so it is much harder to develop a universal shellcode. Publicly available Cisco IOS shellcodes are tailored to specific equipment, have narrow functionality, and are not exactly useful for penetration testing.
This talk is the presentation of a research initiated by our research center to create a shellcode which is as easily portable between different IOS firmwares as possible and which provides a lot of pentesting features because it can dynamically change the shellcode destination at the stage of post-exploitation.
We will also consider the possibility of creating a worm which could spread across the infrastructure, from firewall to router, from router to switch, etc.
HackLU 2018 Make ARM Shellcode Great AgainSaumil Shah
Compared to x86, ARM shellcode has made little progress. The x86 hardware is largely homogenous. ARM, however, has several versions and variants across devices today. There are several constraints and subtleties involved in writing production quality ARM shellcode which works on modern ARM hardware, not just on QEMU emulators.
In this talk, we shall explore issues such as overcoming cache coherency, reliable polymorphic shellcode, ARM egghunting and last but not the least, polyglot ARM shellcode. A bonus side effect of this talk will be creating headaches for those who like to defend agaisnt attacks using age old signature based techniques.
Slides from my presentation on ARM Shellcode at #44CON 2018, London.
In this talk, we explore ARM egghunting and "Quantum Leap" code - polyglot ARM shellcode. A bonus side effect of this talk will be creating headaches for those who like to defend agaisnt attacks using age old signature based techniques.
Since the emerging of the OpenStack cloud computing platform in the Ubuntu community, increasing number of public/private cloud service providers choose to deploy it all over the world. Recently, Spectre and Meltdown have caused a panic in the world and the Spectre V2 is the only one which can attack the host system from the guest VM. It's vital to know the detailed process of the attack. Gavin Guo will give a detail explanation and an example of how to attack the host system. Besides, v1/v3/v4 are also introduced in the slide.
PCD – Process Control Daemon is a light-weight system level process manager for Embedded-Linux based projects (consumer electronics, network devices, etc.).
PCD starts, stops and monitors all the user space processes in the system, in a synchronized manner, using a textual configuration file.
PCD recovers the system in case of errors and provides useful and detailed debug information.
Slides of my talk on Devel::NYTProf and optimizing perl code at YAPC::NA in June 2014. It covers use of NYTProf and outlines a multi-phase approach to optimizing your perl code.
A video of the talk and questions is available at https://www.youtube.com/watch?v=T7EK6RZAnEA&list=UU7y4qaRSb5w2O8cCHOsKZDw
Controlling Memory Footprint at All Layers: Linux Kernel, Applications, Libra...peknap
Reducing memory usage is well covered in the history of this conference, yet new tricks still do exist. When optimizing memory footprint for an home gateway device, the author found some unexpected places where small changes can save valuable amount of DRAM or Flash space. This talk will visit different areas including - Kernel: fragmentation threshold, page frame reclamation task and atomic memory. Application level: Memory inefficient shared libraries due to ABI compliance and dynamic loading. Toolchain: Tuning malloc allocator parameters and compiler options. System level: General kernel might be more memory efficient than MMU-less uClinux, and preventing lock up when the system is on the brink of running out of memory.
Slides for my Perl Memory Use talk at YAPC::Asia in Tokyo, September 2012.
(This uploaded version includes quite a few slides from the OSCON version that I skipped at YAPC::Asia in order to have more time for a demo.)
Workshop - Linux Memory Analysis with VolatilityAndrew Case
Slides from my 3 hour workshop at Blackhat Vegas 2011. Covers using Volatility to perform Linux memory analysis investigations as well Linux kernel internals.
Slides for my talk at the London Perl Workshop in Nov 2013, featuring the Devel::SizeMe perl module.
See also the screencast at https://archive.org/details/Perl-Memory-Profiling-LPW2013
Linux memory consumption - Why memory utilities show a little amount of free RAM? How does Linux kernel utilizes free RAM? What is the real amount of free RAM in the system?
Slides from Android Builder's Summit 2014 in San Jose, CA
The 4.4 KitKat release includes the results of “Project Svelte”: a set of tweaks to the operating system to make it run more easily on devices with around 512 MiB RAM. This is likely to be especially important for people working with “Embedded Android”, that is, implementing Android on devices that are not smart phones or tablets.
Как Linux работает с памятью — Вячеслав БирюковYandex
Поговорим о том, как Linux считает память и какие есть виды памяти. Проведём обзор средств и утилит. Рассмотрим, зачем нужен page cache и как он помогает системе, а также способы ограничения памяти для приложений.
OSSNA 2017 Performance Analysis Superpowers with Linux BPFBrendan Gregg
Talk by Brendan Gregg for OSSNA 2017. "Advanced performance observability and debugging have arrived built into the Linux 4.x series, thanks to enhancements to Berkeley Packet Filter (BPF, or eBPF) and the repurposing of its sandboxed virtual machine to provide programmatic capabilities to system tracing. Netflix has been investigating its use for new observability tools, monitoring, security uses, and more. This talk will be a dive deep on these new tracing, observability, and debugging capabilities, which sooner or later will be available to everyone who uses Linux. Whether you’re doing analysis over an ssh session, or via a monitoring GUI, BPF can be used to provide an efficient, custom, and deep level of detail into system and application performance.
This talk will also demonstrate the new open source tools that have been developed, which make use of kernel- and user-level dynamic tracing (kprobes and uprobes), and kernel- and user-level static tracing (tracepoints). These tools provide new insights for file system and storage performance, CPU scheduler performance, TCP performance, and a whole lot more. This is a major turning point for Linux systems engineering, as custom advanced performance instrumentation can be used safely in production environments, powering a new generation of tools and visualizations."
PGCon 2014 - What Do You Mean my Database Server Core Dumped? - How to Inspec...Faisal Akber
Presented at PGCon 2014 in Ottawa.
Program crashes are a fact of life and occasionally unavoidable. If there are core dumps that get generated then understanding what happened becomes easier.
Linux 4.x Tracing: Performance Analysis with bcc/BPFBrendan Gregg
Talk about bcc/eBPF for SCALE15x (2017) by Brendan Gregg. "BPF (Berkeley Packet Filter) has been enhanced in the Linux 4.x series and now powers a large collection of performance analysis and observability tools ready for you to use, included in the bcc (BPF Complier Collection) open source project. BPF nowadays can do system tracing, software defined networks, and kernel fast path: much more than just filtering packets! This talk will focus on the bcc/BPF tools for performance analysis, which make use of other built in Linux capabilities: dynamic tracing (kprobes and uprobes) and static tracing (tracepoints and USDT). There are now bcc tools for measuring latency distributions for file system I/O and run queue latency, printing details of storage device I/O and TCP retransmits, investigating blocked stack traces and memory leaks, and a whole lot more. These lead to performance wins large and small, especially when instrumenting areas that previously had zero visibility. Tracing superpowers have finally arrived, built in to Linux."
HKG18-TR14 - Postmortem Debugging with CoresightLinaro
Session ID: HKG18-TR14
Session Name: HKG18-TR14 - Postmortem Debugging with Coresight
Speaker: Leo Yan
Track: Training
★ Session Summary ★
For most cases we can easily debug with kernel's oops dumping info, but sometimes we need to know more information for program execution flow before the issue happens. So we can rely on two tracing methods to reproduce the program execution flow, one method is using software tracing which is kernel's pstore method; another method is to rely on Coresight hardware tracing, this method also can avoid extra workload introduced by tracing itself. Coresight has provided two mechanisms for Postmortem debugging, one method is Coresight CPU debug module so we can extract CPU program counter info, this is quite straightforward to debug CPU lockup issue; Another is Coresight panic kdump, we connect kernel kdump mechanism to extract Coresight tracing data so we can reproduce the last execution flow before panic (even hang issue with some tweaking in kernel). This session wants to go through these topics and demonstrate the debugging tools on 96boards Hikey in 25 minutes session.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/hkg18/hkg18-tr14/
Presentation: http://connect.linaro.org.s3.amazonaws.com/hkg18/presentations/hkg18-tr14.pdf
Video: http://connect.linaro.org.s3.amazonaws.com/hkg18/videos/hkg18-tr14.mp4
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2018 (HKG18)
19-23 March 2018
Regal Airport Hotel Hong Kong
---------------------------------------------------
Keyword: Training
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoringNETWAYS
Nowadays system administrators have great choices when it comes down to Linux performance profiling and monitoring. The challenge is to pick the appropriate tools and interpret their results correctly.
This talk is a chance to take a tour through various performance profiling and benchmarking tools, focusing on their benefit for every sysadmin.
More than 25 different tools are presented. Ranging from well known tools like strace, iostat, tcpdump or vmstat to new features like Linux tracepoints or perf_events. You will also learn which tools can be monitored by Icinga and which monitoring plugins are already available for that.
At the end the goal is to gather reference points to look at, whenever you are faced with performance problems.
Take the chance to close your knowledge gaps and learn how to get the most out of your system.
Kernel Recipes 2017 - Performance analysis Superpowers with Linux BPF - Brend...Anne Nicolas
The in-kernel Berkeley Packet Filter (BPF) has been enhanced in recent kernels to do much more than just filtering packets. It can now run user-defined programs on events, such as on tracepoints, kprobes, uprobes, and perf_events, allowing advanced performance analysis tools to be created. These can be used in production as the BPF virtual machine is sandboxed and will reject unsafe code, and are already in use at Netflix.
Beginning with the bpf() syscall in 3.18, enhancements have been added in many kernel versions since, with major features for BPF analysis landing in Linux 4.1, 4.4, 4.7, and 4.9. Specific capabilities these provide include custom in-kernel summaries of metrics, custom latency measurements, and frequency counting kernel and user stack traces on events. One interesting case involves saving stack traces on wake up events, and associating them with the blocked stack trace: so that we can see the blocking stack trace and the waker together, merged in kernel by a BPF program (that particular example is in the kernel as samples/bpf/offwaketime).
This talk will discuss the new BPF capabilities for performance analysis and debugging, and demonstrate the new open source tools that have been developed to use it, many of which are in the Linux Foundation iovisor bcc (BPF Compiler Collection) project. These include tools to analyze the CPU scheduler, TCP performance, file system performance, block I/O, and more.
Brendan Gregg, Netflix
Kernel Recipes 2017: Performance Analysis with BPFBrendan Gregg
Talk by Brendan Gregg at Kernel Recipes 2017 (Paris): "The in-kernel Berkeley Packet Filter (BPF) has been enhanced in recent kernels to do much more than just filtering packets. It can now run user-defined programs on events, such as on tracepoints, kprobes, uprobes, and perf_events, allowing advanced performance analysis tools to be created. These can be used in production as the BPF virtual machine is sandboxed and will reject unsafe code, and are already in use at Netflix.
Beginning with the bpf() syscall in 3.18, enhancements have been added in many kernel versions since, with major features for BPF analysis landing in Linux 4.1, 4.4, 4.7, and 4.9. Specific capabilities these provide include custom in-kernel summaries of metrics, custom latency measurements, and frequency counting kernel and user stack traces on events. One interesting case involves saving stack traces on wake up events, and associating them with the blocked stack trace: so that we can see the blocking stack trace and the waker together, merged in kernel by a BPF program (that particular example is in the kernel as samples/bpf/offwaketime).
This talk will discuss the new BPF capabilities for performance analysis and debugging, and demonstrate the new open source tools that have been developed to use it, many of which are in the Linux Foundation iovisor bcc (BPF Compiler Collection) project. These include tools to analyze the CPU scheduler, TCP performance, file system performance, block I/O, and more."
USENIX ATC 2017 Performance Superpowers with Enhanced BPFBrendan Gregg
Talk for USENIX ATC 2017 by Brendan Gregg
"The Berkeley Packet Filter (BPF) in Linux has been enhanced in very recent versions to do much more than just filter packets, and has become a hot area of operating systems innovation, with much more yet to be discovered. BPF is a sandboxed virtual machine that runs user-level defined programs in kernel context, and is part of many kernels. The Linux enhancements allow it to run custom programs on other events, including kernel- and user-level dynamic tracing (kprobes and uprobes), static tracing (tracepoints), and hardware events. This is finding uses for the generation of new performance analysis tools, network acceleration technologies, and security intrusion detection systems.
This talk will explain the BPF enhancements, then discuss the new performance observability tools that are in use and being created, especially from the BPF compiler collection (bcc) open source project. These tools provide new insights for file system and storage performance, CPU scheduler performance, TCP performance, and much more. This is a major turning point for Linux systems engineering, as custom advanced performance instrumentation can be used safely in production environments, powering a new generation of tools and visualizations.
Because these BPF enhancements are only in very recent Linux (such as Linux 4.9), most companies are not yet running new enough kernels to be exploring BPF yet. This will change in the next year or two, as companies including Netflix upgrade their kernels. This talk will give you a head start on this growing technology, and also discuss areas of future work and unsolved problems."
6. 6
Crash Client - Samsung’s crash-work-sdk
• Crash process flow
Stage 1: in sys-assert.c (libsys-assert.so)
-> int sig_to_handle[] = { SIGILL, SIGABRT, SIGBUS, SIGFPE, SIGSEGV, };
-> sighandler notify system_server via /opt/share/crash/curbs.log pipeline.
Stage 2: in ss_bs.c (system-server)
-> ecore_file_monitor_add(CRASH_NOTI_PATH,(void *) __crash_file_cb, NULL);
-> __crash_file_cb:
-> launch_crash_worker()
......
launch /usr/bin/crash-worker to generate cs file
launch /usr/apps/org.tizen.crash-popup/bin/crash-popup to popup crash (only 1st)
7. 7
Crash Client - Samsung’s crash-work-sdk
• Crash process flow
Breakpoint 1, launch_app_with_nice (file=0xb46017b0 "/usr/bin/crash-worker", argv=0xbfe52624, pid=0x0, _nice=0)
at /usr/src/debug/system-server-0.1.65/ss_launch.c:140
140 {
(gdb) bt
#0 launch_app_with_nice (file=0xb46017b0 "/usr/bin/crash-worker",
argv=0xbfe52624, pid=0x0, _nice=0)
at /usr/src/debug/system-server-0.1.65/ss_launch.c:140
#1 0x0804d3c9 in launch_app_cmd_with_nice (
cmdline=0xb4601758 "/usr/bin/crash-worker S top 391655492 913 top",
_nice=0) at /usr/src/debug/system-server-0.1.65/ss_launch.c:196
#2 0x0804d744 in ss_launch_evenif_exist (
execpath=0x8060e71 "/usr/bin/crash-worker",
arg=0xbfe53d16 "S top 391655492 913 top")
at /usr/src/debug/system-server-0.1.65/ss_launch.c:289
#3 0x08058b73 in launch_crash_worker (
filename=0xbfe5823c "/opt/share/crash/curbs.log", popup_on=1)
at /usr/src/debug/system-server-0.1.65/ss_bs.c:327
#4 0x08058d47 in __crash_file_cb (data=0x0, em=0x8dabb10,
event=ECORE_FILE_EVENT_MODIFIED,
path=0xbfe5823c "/opt/share/crash/curbs.log")
at /usr/src/debug/system-server-0.1.65/ss_bs.c:374
#5 0xb782f345 in _ecore_file_monitor_inotify_handler ()
from /usr/lib/libecore_file.so.1
#6 0xb7840e5c in _ecore_main_loop_iterate_internal ()
from /usr/lib/libecore.so.1
#7 0xb784141f in ecore_main_loop_begin () from /usr/lib/libecore.so.1
#8 0x0804bd95 in system_main (argc=1, argv=0xbfe59404)
---Type <return> to continue, or q <return> to quit---
at /usr/src/debug/system-server-0.1.65/ss_main.c:102
#9 0x0804bdf1 in elm_main (argc=1, argv=0xbfe59404)
at /usr/src/debug/system-server-0.1.65/ss_main.c:112
#10 0x0804be4e in main (argc=1, argv=0xbfe59404)
at /usr/src/debug/system-server-0.1.65/ss_main.c:119
12. 12
Crash Client - Intel’s corewatcher
• Mechanism.
• How to upload crashes to server.
• Crash report file: /var/lib/corewatcher/processed/*.txt.
13. 13
Crash Client - Intel’s corewatcher
• Mechanism.
• Corewatcher as daemon
• Listen to /var/lib/corewatcher/
• When crash comes, invoke gdb to analysis
• Upload crashes to CrashDB server
• Environment about corewatcher
• /proc/sys/kernel/core_pattern=/var/lib/corewatcher/core_%e_%t
• core_uses_pid=1
bt full
info shared
14. 14
Crash Client - Intel’s corewatcher
• CrashDB server: https://tz.otcshare.org/crashdb/
• How to upload crash to server
• WWLAN(3G/2G)
• WiFi/SED
• crash_submit: http://otcqa.sh.intel.com/wiki/Crash_Submit
Even though tz.otcshare.org has security restriction(403 forbidden outside of
Intel), crash submit is allowed.
15. 15
Crash Client - Intel’s corewatcher
• Crash report path: /var/lib/corewatcher/processed/*.txt
• Crash report content(without debug info):
cmdline: /usr/bin/mate-calc
version: 2.1.0
backtrace: |
#0 0x00007fd494c2db41 in g_logv () from /usr/lib64/libglib-2.0.so.0
#0 0x00007fd494c2db41 in g_logv () from /usr/lib64/libglib-2.0.so.0
#1 0x00007fd494c2dcfd in g_log () from /usr/lib64/libglib-2.0.so.0
#2 0x00007fd4959a10ee in g_settings_set_property () from /usr/lib64/libgio-2.0.so.0
#3 0x00007fd4956ae098 in g_object_constructor () from /usr/lib64/libgobject-2.0.so.0
#4 0x00007fd4956af562 in g_object_newv () from /usr/lib64/libgobject-2.0.so.0
26. 26
Crash Server – Guilty Function Location
https://bugs.tizen.org/jira/browse/TIVI-649
'Security-server has closed unexpectedly' popped up when playing videos or launching clock
(gdb) bt
#0 0xb4e9c999 in vfprintf () from /lib/libc.so.6
#1 0xb4f3e7b4 in __vsnprintf_chk () from /lib/libc.so.6
#2 0xb5560c00 in __dlog_print () from /usr/lib/libdlog.so.0
#3 0x081019fd in process_cookie_request (sockfd=27) at /usr/src/debug/security-server-
0.0.61/src/security-srv/server/security-server-main.c:367
#4 0x08103b7e in security_server_thread (param=0xb451519c) at /usr/src/debug/security-server-
0.0.61/src/security-srv/server/security-server-main.c:923
#5 0xb554be19 in start_thread () from /lib/libpthread.so.0 #6 0xb4f2affe in clone () from
/lib/libc.so.6
27. 27
Crash Server – Guilty Function Location
https://bugs.tizen.org/jira/browse/TIVI-649
'Security-server has closed unexpectedly' popped up when playing videos or launching clock
(gdb) bt
#0 0xb4e9c999 in vfprintf () from /lib/libc.so.6
#1 0xb4f3e7b4 in __vsnprintf_chk () from /lib/libc.so.6
#2 0xb5560c00 in __dlog_print () from /usr/lib/libdlog.so.0
#3 0x081019fd in process_cookie_request (sockfd=27) at /usr/src/debug/security-server-
0.0.61/src/security-srv/server/security-server-main.c:367
#4 0x08103b7e in security_server_thread (param=0xb451519c) at /usr/src/debug/security-server-
0.0.61/src/security-srv/server/security-server-main.c:923
#5 0xb554be19 in start_thread () from /lib/libpthread.so.0 #6 0xb4f2affe in clone () from
/lib/libc.so.6
28. 28
Crash Server – Guilty Function Location
https://bugs.tizen.org/jira/browse/TIVI-649
'Security-server has closed unexpectedly' popped up when playing videos or launching clock
(gdb) bt
#0 0xb4e9c999 in vfprintf () from /lib/libc.so.6
#1 0xb4f3e7b4 in __vsnprintf_chk () from /lib/libc.so.6
#2 0xb5560c00 in __dlog_print () from /usr/lib/libdlog.so.0
#3 0x081019fd in process_cookie_request (sockfd=27) at /usr/src/debug/security-server-
0.0.61/src/security-srv/server/security-server-main.c:367
#4 0x08103b7e in security_server_thread (param=0xb451519c) at /usr/src/debug/security-server-
0.0.61/src/security-srv/server/security-server-main.c:923
#5 0xb554be19 in start_thread () from /lib/libpthread.so.0 #6 0xb4f2affe in clone () from
/lib/libc.so.6
Guilty Function
29. 29
Crash Server – Guilty Function Location
(gdb) f 3
#3 0x081019fd in process_cookie_request (sockfd=27) at /usr/src/debug/security-server-
0.0.61/src/security-srv/server/security-server-main.c:367
367 SEC_SVR_DBG("Server: Cookie created for client PID %d LABEL >%s<",
(gdb) p created_cookie->smack_label
$2 = 0x1777 <Address 0x1777 out of bounds> (gdb) p *created_cookie $4 = {cookie =
"270217{257354063221 e筗Y370230~021024004244", path_len = 49, permission_len = 90, pid =
1562, path = 0x85e0ba8 "/usr/apps/org.tizen.video-player/bin/video-player", permissions = 0x85b6168,
smack_label = 0x1777 <Address 0x1777 out of bounds>, prev = 0x8589190, next = 0x0}
30. 30
Crash Server – Guilty Function Location
https://bugs.tizen.org/jira/browse/TIVI-649
'Security-server has closed unexpectedly' popped up when playing videos or launching clock
(gdb) bt
#0 0xb4e9c999 in vfprintf () from /lib/libc.so.6
#1 0xb4f3e7b4 in __vsnprintf_chk () from /lib/libc.so.6
#2 0xb5560c00 in __dlog_print () from /usr/lib/libdlog.so.0
#3 0x081019fd in process_cookie_request (sockfd=27) at /usr/src/debug/security-server-
0.0.61/src/security-srv/server/security-server-main.c:367
#4 0x08103b7e in security_server_thread (param=0xb451519c) at /usr/src/debug/security-server-
0.0.61/src/security-srv/server/security-server-main.c:923
#5 0xb554be19 in start_thread () from /lib/libpthread.so.0 #6 0xb4f2affe in clone () from
/lib/libc.so.6
White list
• /lib/libc.so.6
• /usr/lib/libdlog.so.0
31. 31
Crash Server – Guilty Function Location
https://bugs.tizen.org/jira/browse/TIVI-649
'Security-server has closed unexpectedly' popped up when playing videos or launching clock
(gdb) bt
#0 0xb4e9c999 in vfprintf () from /lib/libc.so.6
#1 0xb4f3e7b4 in __vsnprintf_chk () from /lib/libc.so.6
#2 0xb5560c00 in __dlog_print () from /usr/lib/libdlog.so.0
#3 0x081019fd in process_cookie_request (sockfd=27) at /usr/src/debug/security-server-
0.0.61/src/security-srv/server/security-server-main.c:367
#4 0x08103b7e in security_server_thread (param=0xb451519c) at /usr/src/debug/security-server-
0.0.61/src/security-srv/server/security-server-main.c:923
#5 0xb554be19 in start_thread () from /lib/libpthread.so.0 #6 0xb4f2affe in clone () from
/lib/libc.so.6
White list
• /lib/libc.so.6
• /usr/lib/libdlog.so.0
Guilty Function