[Crash-utility] Crash support for kASLR
Dave Anderson
anderson at redhat.com
Wed Oct 16 15:16:51 UTC 2013
----- Original Message -----
> On Tue, Oct 15, 2013 at 11:36 AM, Dave Anderson <anderson at redhat.com> wrote:
> >
> >
> > ----- Original Message -----
> >> I'm trying to add crash support for kdumps from kASLR'd kernels. I've
> >> got it working with a few small changes and I wanted to solicit
> >> comments before sending a patch.
> >
> > Excellent!
> >
> >> 1) The --reloc flag appears to specify an offset to be subtracted from
> >> the loaded address, when the aslr offset is added. It's annoying to
> >> try to specify negative numbers on the command line, so I'd like to
> >> add another argument --aslr which is the same as --reloc but negates
> >> the value.
> >
> > Not a problem. In fact, since they really are different concepts, I'd
> > prefer it. But can you make it --kalsr?
> >
> > A couple questions -- how would the user know what the offset is?
> >
>
> The offset is output in the dmesg buffer. I don't really know how
> crashes are analyzed elsewhere, but this fits in well with our
> debugging workflow. Is this a problem for the usual workflow?
OK, so for dumpfiles, it would be displayed somewhere in the panic message
stream at the end of the kernel log buffer. But to access that information,
the kalsr offset would be required to read the buffer contents from the dumpfile.
Given just a vmlinux and vmcore, how would a user know what the offset
would be?
If it's in the VMCOREINFO notes section, then it can be read by simply
parsing the ELF header contents in an uncompressed ELF vmcore (/proc/vmcore copy),
or parsing the VMCOREINFO data that makedumpfile copies from /proc/vmcore to the
compressed kdump's header.
Also -- for running crash on the live system, does /proc/kallsyms reflect the
relocated symbol values?
Dave
More information about the Crash-utility
mailing list