[Crash-utility] Patching more pseudo section symbols from layouts
Toshikazu Nakayama
nakayama.ts at ncos.nec.co.jp
Mon Dec 12 08:13:21 UTC 2011
(2011/12/09 22:49), Dave Anderson wrote:
>
>
> ----- Original Message -----
>> Hello Dave,
>>
>> I add more pseudo section symbols which do not own any named symbol like
>> ffffffffa004ccf0 [.rodata.str1.1]: section start
>> ffffffffa004d14a [.rodata.str1.1]: section end
>> crash> rd ffffffffa004ccf0 -e ffffffffa004d14a
>> This can access section data without symbol.
>>
>> This patch set way is learned from kernel/module.c layout_sections()
>> and probably be possible to integrate existing calculate_load_order_v1/2()
>> or add_symbol_file_kallsyms().
>> However, I can not confirm many kernel versions or architecrures,
>> thus my choice is verifying and updating to installed sections.
>
> What is the problem you're trying to solve here? That module memory
> has been readable both before and after your last patch, and nobody
> has ever even brought it up as an issue, and I don't see it as a problem.
There are no problems in current implementation.
I just aimed to add SEC_FOUND to more sections beeing located in module memory
and display from "sym -m <mod>".
<diff the before/after results of "help -s" at linux-2.6.10: comment with *>
- mod_text_start: ffffffffa0000000 (0)
- mod_etext_guess: ffffffffa001bc69 (1bc69)
- mod_rodata_start: ffffffffa001bc80 (1bc80)
+ mod_text_start: ffffffffa0027b80 (27b80)
+ mod_etext_guess: ffffffffa0027ba0 (27ba0)
+ mod_rodata_start: ffffffffa0000000 (0)
* This degrade is because of bad STREQ() in my patch set...
mod_data_start: ffffffffa0026860 (26860)
mod_bss_start: ffffffffa0027b80 (27b80)
mod_init_size: 0
mod_init_module_ptr: 0
mod_percpu_size: (not used)
mod_percpu: (not used)
- mod_sections: 23
- mod_section_data: 19ebca0
+ mod_sections: 25
+ mod_section_data: 17e3b70
.text prio: 3e flags: 1011f offset: 0 size: 1bc48
.init.text prio: 3e flags: 0011f offset: 0 size: 54
.exit.text prio: 3e flags: 1011f offset: 1bc48 size: 21
.rodata prio: 3a flags: 1012f offset: 1bc80 size: e28
.modinfo prio: 3a flags: 0012b offset: 0 size: 3f8
__param prio: 3a flags: 1012f offset: 1caa8 size: f0
- .rodata.str1.1 prio: 3a flags: 180012b offset: 0 size: 270
- .rodata.str1.8 prio: 3a flags: 180012b offset: 0 size: b4f
- .eh_frame prio: 3a flags: 0012f offset: 0 size: 3260
+ .rodata.str1.1 prio: 3a flags: 181012b offset: 1cb98 size: 270
+ .rodata.str1.8 prio: 3a flags: 181012b offset: 1ce08 size: b4f
+ .eh_frame prio: 3a flags: 1012f offset: 1d958 size: 3260
* Added SEC_FOUND(0x1000) flag and updated offset by my patch set.
These sections are actually existing in module memory at "mod_base + offset".
.data prio: 32 flags: 10127 offset: 26860 size: bc8
.log prio: 32 flags: 10123 offset: 27440 size: 1c0
.gnu.linkonce.this_module prio: 32 flags: 30127 offset: 27600 size: 580
.debug_str prio: 2a flags: 1802108 offset: 0 size: 423a0
.debug_ranges prio: 2a flags: 0210c offset: 0 size: ba0
.note.GNU-stack prio: 2a flags: 00108 offset: 0 size: 0
+ .symtab prio: 3a flags: 10009 offset: 20bb8 size: 3540
+ .strtab prio: 3a flags: 10009 offset: 240f8 size: 275f
* Forced SEC_FOUND flag by my patch set because 2.6.10 keeps symtab and strtab
in module memory at "mod_base + offset".
Come to think of it, this is not important for analysis very much
as against making possible destructive impacts at the same time.
So I decide to cancel this patch set at here.
>> P.S.
>>
>> I want to make feature in http://grsecurity.net/ PaX linux in crash utility.
>> The PaX patch changes module location by separating non contiguous RX/RW areas
>> which makes virtual address hole in module, also translates virtual address.
>> I tried but crash can not work out yet under PaX linux.
>> I'm resolving them with brief/rough way and useful parts are merged into
>> crash code, and then posting here.
>>
>> If you can accept such a non mainline kernel feature in crash utility,
>> I would like to keep posting patch set until my whole work has done.
>
> I prefer not to, but it would depends upon how your proposed patch integrates
> with the current code. If it can be reasonably segregated to that it's not
> a maintenance burden, I'll consider it.
Thanks for your consideration.
I'll try to propose it without hurting maintainability as possible
but if unfortunately rejected by any difficult reasons,
I am going to maintain by myself.
Thanks,
Toshi
> Dave
>
>> Thanks,
>> Toshi
>>
>> --
>> Crash-utility mailing list
>> Crash-utility at redhat.com
>> https://www.redhat.com/mailman/listinfo/crash-utility
>>
>
> --
> Crash-utility mailing list
> Crash-utility at redhat.com
> https://www.redhat.com/mailman/listinfo/crash-utility
>
More information about the Crash-utility
mailing list