[Crash-utility] [PATCH] Automatically detect kernel aslr offset
Andrew Honig
ahonig at google.com
Wed Feb 19 15:34:28 UTC 2014
Sorry about that. This was done on top of the other kaslr patch, I'll
rebase both and resend later today.
On Wed, Feb 19, 2014 at 7:15 AM, Dave Anderson <anderson at redhat.com> wrote:
>
>
> ----- Original Message -----
>> Automatically detext kernel aslr offset
>>
>> This patch improves support for kernel aslr, to automatically find the
>> aslr offset based on the location of the _stext symbol in the vmcore
>> info.
>>
>> Signed-off-by: Andrew Honig <ahonig at google.com>
>
>
> This patch was created from some interim test version, or
> something like that:
>
> $ patch -p1 < kaslr.patch
> patching file netdump.c
> Hunk #1 FAILED at 411.
> 1 out of 1 hunk FAILED -- saving rejects to file netdump.c.rej
> patching file symbols.c
> Hunk #1 succeeded at 556 (offset 3 lines).
> Hunk #2 FAILED at 625.
> 1 out of 2 hunks FAILED -- saving rejects to file symbols.c.rej
> $
>
> In netdump.c, it's removing stuff that doesn't exist in crash-7.0.5:
>
>> ---
>> netdump.c | 19 ++++++++-----------
>> symbols.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++---
>> 2 files changed, 54 insertions(+), 14 deletions(-)
>>
>> diff --git a/netdump.c b/netdump.c
>> index 8e7ec15..b327649 100644
>> --- a/netdump.c
>> +++ b/netdump.c
>> @@ -411,18 +411,15 @@ is_netdump(char *file, ulong source_query)
>> get_log_from_vmcoreinfo(file, vmcoreinfo_read_string);
>> }
>>
>> - // This is the code where I should read the aslr offset.
>> + /*
>> + *We may need the _stext_SYMBOL from the vmcore_info to adjust for
>> + * kaslr and we may not have gotten it elsewhere.
>> + */
>> if (source_query == KDUMP_LOCAL) {
>> - long aslr_offset = 0;
>> - char *aslr_string = vmcoreinfo_read_string("KERNELOFFSET");
>> - if (aslr_string) {
>> - aslr_offset = strtoul(aslr_string, NULL, 16);
>> - free (aslr_string);
>> - }
>> - if (!(kt->flags & RELOC_SET) && aslr_offset > 0) {
>> - kt->flags |= RELOC_SET;
>> - kt->relocate=aslr_offset * -1;
>> - }
>> + char *tmpstring = vmcoreinfo_read_string("SYMBOL(_stext)");
>> + kt->vmcoreinfo._stext_SYMBOL =
>> + htol(tmpstring, RETURN_ON_ERROR, NULL);
>> + free(tmpstring);
>> }
>
> Same thing here in store_symbols():
>
>> @@ -588,15 +625,21 @@ store_symbols(bfd *abfd, int dynamic, void *minisyms,
>> long symcount,
>> st->symcnt = 0;
>> sp = st->symtable;
>>
>> + first = 0;
>> + from = (bfd_byte *) minisyms;
>> + fromend = from + symcount * size;
>> +
>> if (machine_type("X86") || machine_type("X86_64")) {
>> + /* If kernel aslr offset has not been set, try to guess it. */
>> + if (kt->relocate == 0)
>> + derive_kaslr_offset(abfd, dynamic, from,
>> + fromend, size, store);
>> +
>> if (!(kt->flags & RELOC_SET))
>> kt->flags |= RELOC_FORCE;
>> } else
>> kt->flags &= ~RELOC_SET;
>>
>> - first = 0;
>> - from = (bfd_byte *) minisyms;
>> - fromend = from + symcount * size;
>> for (; from < fromend; from += size)
>> {
>> if ((sym = bfd_minisymbol_to_symbol(abfd, dynamic, from, store))
>> --
>
> Please redo it against crash-7.0.5.
>
> Thanks,
> Dave
>
> --
> Crash-utility mailing list
> Crash-utility at redhat.com
> https://www.redhat.com/mailman/listinfo/crash-utility
More information about the Crash-utility
mailing list