[Crash-utility] Crash support for kASLR
Andrew Honig
ahonig at google.com
Wed Oct 16 16:02:59 UTC 2013
I'm talking about working with a vmlinux/vmcore pair. To get crash
working with the current version of kASLR that doesn't have the offset
data specifically in the VMCOREINFO I could use another symbol in the
VMCOREINFO to calculate the offset. For example _stext is already in
the VMCOREINFO. I could get the offset of _stext from the VMCOREINFO,
then get the offset of _stext from the vmlinux and subtract them to
get the ASLR offset.
If the VMCOREINFO and vmlinux files don't match then this won't work,
but we can check to make sure the calculated offset is page aligned,
that way we at least detect when it doesn't work. Alternatively I
could just wait until the next version of kASLR which will output the
aslr offset in the VMCOREINFO. This would have the downside for us
that it wouldn't work for existing kernels we've built with kASLR.
On Wed, Oct 16, 2013 at 8:21 AM, Dave Anderson <anderson at redhat.com> wrote:
>
>
> ----- Original Message -----
>
>> I agree that's the correct solution, I was thinking of having a first
>> patch to make something workable with the command line arg and
>> identify any issues. Then writing another patch once the next kASLR
>> version goes out with offset data included in the VMCOREINFO. I
>> could also try something like the force_relocate function for x86 for
>> auto-determining the offset. The x86 version only supports
>> force_relocate for live debugging, but it doesn't look like it would
>> be a difficult change. Would you like to see that in a patch?
>
> Are you talking about working with a vmlinux/vmcore pair with no
> other information? Or are you referring to live system analysis
> automatically working?
>
> Dave
>
>
> --
> Crash-utility mailing list
> Crash-utility at redhat.com
> https://www.redhat.com/mailman/listinfo/crash-utility
More information about the Crash-utility
mailing list