[Crash-utility] Crash support for kASLR

Andrew Honig ahonig at google.com
Tue Oct 15 22:57:31 UTC 2013 

On Tue, Oct 15, 2013 at 11:36 AM, Dave Anderson <anderson at redhat.com> wrote:
>
>
> ----- Original Message -----
>> I'm trying to add crash support for kdumps from kASLR'd kernels.  I've
>> got it working with a few small changes and I wanted to solicit
>> comments before sending a patch.
>
> Excellent!
>
>> 1) The --reloc flag appears to specify an offset to be subtracted from
>> the loaded address, when the aslr offset is added.  It's annoying to
>> try to specify negative numbers on the command line, so I'd like to
>> add another argument --aslr which is the same as --reloc but negates
>> the value.
>
> Not a problem.  In fact, since they really are different concepts, I'd
> prefer it.  But can you make it --kalsr?
>
> A couple questions -- how would the user know what the offset is?
>

The offset is output in the dmesg buffer.  I don't really know how
crashes are analyzed elsewhere, but this fits in well with our
debugging workflow.  Is this a problem for the usual workflow?

> And I had thought that the upstream discussion was geared towards
> making it work automatically -- at least with kdump dumpfiles -- such
> that the kASLR offset would be made a VMCOREINFO item?

I agree that's the correct solution, I was thinking of having a first
patch to make something workable with the command line arg and
identify any issues.  Then writing another patch once the next kASLR
version goes out with offset data included in the VMCOREINFO.   I
could also try something like the force_relocate function for x86 for
auto-determining the offset.  The x86 version only supports
force_relocate for live debugging, but it doesn't look like it would
be a difficult change.  Would you like to see that in a patch?

>
>> 2) There are some symbols which should not be relocated.  Specifically
>> the per_cpu section symbols are zero based offsets which should not
>> have the offset apply.  Additionally there are VDSO symbols which are
>> fixed even with kASLR enabled.  To fix this I'd like to add code to
>> iterate through the section and find the end of the last section and
>> only apply the relocation value to values after the start of text but
>> before the end of the last section.
>
> Right...
>
>> thanks,
>> Andy
>
> Good to hear from you -- I figured that when I saw your subscription
> request, with it being the first/only "google.com" address ever, that
> something interesting was forthcoming...
>
> Thanks,
>   Dave Anderson
>
> --
> Crash-utility mailing list
> Crash-utility at redhat.com
> https://www.redhat.com/mailman/listinfo/crash-utility

More information about the Crash-utility mailing list