libqb icon indicating copy to clipboard operation
libqb copied to clipboard

Published 20 hours ago verified publisher icon ClusterLabs

blackbox corruption protection insufficient

Open jnpkrn opened this issue 8 years ago • 5 comments

See https://travis-ci.org/jnpkrn/libqb/jobs/178981147#L1766

 ==== Corrupt blackbox test 31/32 ====
Dumping the contents of butchered_blackbox.fdata
[debug] shm size:8192; real_size:8192; rb->word_size:2048
[debug] read total of: 8212
Ringbuffer: 
 ->NORMAL
 ->write_pt [1392]
 ->read_pt [1530]
 ->size [2048 words]
 =>free [548 bytes]
 =>used [7636 bytes]
trace   Jun 23 00:44:20 func_onu���8X(36):2295333028: arrrg!
error   Nov 26 02:26:44 func_one9��8X(38):1644167343: oo+s� I�d-d it aga`n
ERROR: qb_rb_chunk_read failed: Connection timed out
[trace] ENTERING qb_rb_close()
[debug] Free'ing ringbuffer: /dev/shm/qb-create_from_file-header

jnpkrn avatar Nov 28 '16 10:11 jnpkrn

This part definitely needs more love:

https://copr-be.cloud.fedoraproject.org/results/%40ClusterLabs/devel/epel-7-x86_64/00482520-libqb/build.log.gz

 ==== Corrupt blackbox test 14/32 ====
[debug] shm size:8192; real_size:8192; rb->word_size:2048
[debug] read total of: 8212
./blackbox-segfault.sh: line 17: 23805 Segmentation fault      (core dumped) ../tools/qb-blackbox butchered_blackbox.fdata
FAIL blackbox-segfault.sh (exit status: 1)

jnpkrn avatar Nov 29 '16 18:11 jnpkrn

One of the ideas would be to add a cryptographic digest in addition to mere checksum + perhaps add --ignore-digest and --ignore-checksum switches that would allow to ignore the respective nonmatching value at one's risk -- it would also be handy to have something like --ascii-only that would substitute non-ascii characters in the deemed output with a selected byte (e.g. ~ being the default).

jnpkrn avatar Nov 30 '16 18:11 jnpkrn

@jnpkrn a digital signature would be expensive, as the idea of the blackbox is to record all information coming from the system in realtime - even if the data doesn't quite make it to disk. The solutions you mentioned for ascsi-ifying the text output would probably be helpful and some other guards in place around memory boundaries when printing log messages.

Cheers -steve

sdake avatar Oct 27 '17 06:10 sdake

For posterity, Python decides to stick with SipHash to hash the source file for comparison against bytecode mark.

jnpkrn avatar Feb 12 '18 22:02 jnpkrn

And one of stand-alone implementations thereof: https://github.com/c-util/c-siphash

jnpkrn avatar Dec 21 '18 23:12 jnpkrn