[Crash-utility] [PATCH] arm64: exclude mapping symbols in modules

Dave Anderson anderson at redhat.com
Thu Oct 6 13:15:52 UTC 2016 


----- Original Message -----
> Dave,
> 
> One question.
>
... 
>
> On arm64, when KASLR is enabled, a function call between a module and
> the kernel will be done via a veneer (PLT) if the displacement is more
> than +/-128MB. So disassembled code looks a bit useless:
> 
> ===8<===
> crash> mod -S
>      MODULE       NAME      SIZE  OBJECT FILE
> ffff04d78f4b8000  testmod  16384  /opt/buildroot/15.11_64/root/kexec/testmod.ko
> crash> bt
> PID: 1102   TASK: ffffb4da8e910000  CPU: 0   COMMAND: "insmod"
>  #0 [ffffb4da8e9afa30] __crash_kexec at ffff0e0045020a54
>  #1 [ffffb4da8e9afb90] panic at ffff0e004505523c
>  #2 [ffffb4da8e9afc50] testmod_init at ffff04d78f4b6014 [testmod]
>  #3 [ffffb4da8e9afb40] do_one_initcall at ffff0e0044f7333c
> --- <Exception in user> ---
>      PC: 0000000a  LR: 00000000  SP: ffff04d78f4b6000  PSTATE: 7669726420656c75
>     X12: ffffb4da8e9ac000 X11: ffff04d78f4b6018 X10: ffffb4da8e9afc50  X9: 20676e6973756143
>      X8: 00000000  X7: ffff0e0045e5ce00  X6: ffff0e0045e5c000  X5: 600001c5
>      X4: ffff0e0045020a58                X3: ffffb4da8e9afa30  X2: ffff0e004502098c  X1: ffffb4da8e9afa30
>      X0: 00000124
> crash> dis testmod_init
> 0xffff04d78f4b6000 <init_module>:       stp     x29, x30, [sp,#-16]!
> 0xffff04d78f4b6004 <testmod_init+4>:    mov     x29, sp
> 0xffff04d78f4b6008 <testmod_init+8>:    ldr     x0, 0xffff04d78f4b6018
> 0xffff04d78f4b600c <testmod_init+12>:   bl      0xffff04d78f4b6090
> 0xffff04d78f4b6010 <testmod_init+16>:   ldr     x0, 0xffff04d78f4b6020
> 0xffff04d78f4b6014 <testmod_init+20>:   bl      0xffff04d78f4b6080
> 
> 						=> branch to a veneer
> crash> dis 0xffff04d78f4b6080 4
> 
> 0xffff04d78f4b6080 <testmod_exit+88>:   mov     x16, #0xffffffffffff5120  // #-44768
> 0xffff04d78f4b6084 <testmod_exit+92>:   movk    x16, #0x4505, lsl #16
> 0xffff04d78f4b6088 <testmod_exit+96>:   movk    x16, #0xe00, lsl #32
> 0xffff04d78f4b608c <testmod_exit+100>:  br      x16
> 
> 						=> branch to 0xffff0e0045055120
> 							     (= panic())
> ===>8===
> 
> Is there any method to resolve such kind of indirect addressing
> to a symbolic name at dis command?
> (It may be difficult to discriminate PLT from normal branches, though).

Maybe something could be kludged up by the machdep->dis_filter() call?

In arm64_dis_filter(), whenever there is a "bl <address>" instruction,
the 12 bytes at the PLT target address could be read, parsed, and the
real target address reconstructed.  If the reconstructed address resolves
to a kernel text address, it could be appended to the line.

Dave


 

> Thanks,
> -Takahiro AKASHI
>

More information about the Crash-utility mailing list