[Crash-utility] earlier patch introducing the --kaslr option

Dave Anderson anderson at redhat.com
Tue Feb 18 20:27:02 UTC 2014 


----- Original Message -----
> >
> > But if I try that value with your patch applied, it fails in the same manner
> > as if I don't use the --kaslr option at all:
> >
> >  $ crash --kaslr 0x19000000 vmlinux vmcore
> >
> >  crash 7.0.5rc12
> >  Copyright (C) 2002-2014  Red Hat, Inc.
> >  Copyright (C) 2004, 2005, 2006, 2010  IBM Corporation
> >  Copyright (C) 1999-2006  Hewlett-Packard Co
> >  Copyright (C) 2005, 2006, 2011, 2012  Fujitsu Limited
> >  Copyright (C) 2006, 2007  VA Linux Systems Japan K.K.
> >  Copyright (C) 2005, 2011  NEC Corporation
> >  Copyright (C) 1999, 2002, 2007  Silicon Graphics, Inc.
> >  Copyright (C) 1999, 2000, 2001, 2002  Mission Critical Linux, Inc.
> >  This program is free software, covered by the GNU General Public License,
> >  and you are welcome to change it and/or distribute copies of it under
> >  certain conditions.  Enter "help copying" to see the conditions.
> >  This program has absolutely no warranty.  Enter "help warranty" for
> >  details.
> >
> >  GNU gdb (GDB) 7.6
> >  Copyright (C) 2013 Free Software Foundation, Inc.
> >  License GPLv3+: GNU GPL version 3 or later
> >  <http://gnu.org/licenses/gpl.html>
> >  This is free software: you are free to change and redistribute it.
> >  There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> >  and "show warranty" for details.
> >  This GDB was configured as "x86_64-unknown-linux-gnu"...
> >
> >  WARNING: could not find MAGIC_START!
> >  WARNING: cannot read linux_banner string
> >  crash: vmlinux and vmcore do not match!
> >
> >  Usage:
> >
> >   crash [OPTION]... NAMELIST MEMORY-IMAGE  (dumpfile form)
> >   crash [OPTION]... [NAMELIST]             (live system form)
> >
> >  Enter "crash -h" for details.
> >  $
> >
> > Any ideas?  I can give you the vmlinux/vmcore/kallsyms triplet if you'd
> > like.
> 
> As far as why the offset wasn't present, sorry about that.  I guess
> our tool chain is a bit more different than upstream, I've had a bit
> of trouble generating kdump files for upstream.
> 
> Your manual calculations look correct to me though and it should work.
>  If you can send me the vmlinux/vmcore triplet (I don't think I need
> the kallsyms) then I will look at this today.  Can you post it
> somewhere I can download it?
> 
> Sorry for the delay I was on vacation.
> 
> thanks,
> Andy

Actually you do need the kallsyms...

As I mentioned to Kees in an earlier message, the display of
the offset in the kernel log will not be done in the case of
kdump-enabled kernels, because crash_kexec() is called before
the panic_notifier list is executed, and crash_kexec() does
not return.

I've put the triplet here:

  http://people.redhat.com/anderson/kaslr

Note that we can only create ELF vmcores with kASLR because the makedumpfile
facility also needs to be fixed to handle kASLR kernels.

Anyway, as it turns out, the offset is not 0x19000000 (&_text - __START_KERNEL),
but rather it is 0x18000000, which is the difference between the
kallsyms symbol values and those compiled into the vmlinux file.
With that --kaslr offset value, the crash session comes up OK.  

So it seems that the (incorrect) advertised offset may not be needed,
because you can take any of the symbol values exported in the vmcoreinfo data
and compare them to their symbol value from the vmlinux file.  For live systems,
the same sort of thing could be done by comparing the vmlinux symbols to the
/proc/kallsyms values.  But we still should have a command line option like
your original patch as a "back-up".

Thanks,
  Dave

More information about the Crash-utility mailing list