[Crash-utility] Crash support for kASLR
Andrew Honig
ahonig at google.com
Wed Oct 16 20:12:55 UTC 2013
On Wed, Oct 16, 2013 at 12:37 PM, Kees Cook <keescook at google.com> wrote:
> On Wed, Oct 16, 2013 at 9:02 AM, Andrew Honig <ahonig at google.com> wrote:
>> I'm talking about working with a vmlinux/vmcore pair. To get crash
>> working with the current version of kASLR that doesn't have the offset
>> data specifically in the VMCOREINFO I could use another symbol in the
>> VMCOREINFO to calculate the offset. For example _stext is already in
>> the VMCOREINFO. I could get the offset of _stext from the VMCOREINFO,
>> then get the offset of _stext from the vmlinux and subtract them to
>> get the ASLR offset.
>
> Doing this math seems like a good approach. Are there any downsides to
> inferring the kASLR offset this way?
I would prefer to write it that way, because it works with existing
aslr enabled kernels and kdumps. I can think of a couple of
downsides, but neither is a deal breaker:
1) The patch is slightly more complicated and will require two passes
over the symbols. The first pass will find the _stext symbol in the
vmlinux file and try to determine the aslr offset. The second pass
will relocate and store the symbols.
2) It create a non-obvious dependency on _stext being in the vmcoreinfo.
More information about the Crash-utility
mailing list