[Crash-utility] Using crash with structure layout randomized kernel
Cao jin
caoj.fnst at cn.fujitsu.com
Wed Jan 24 06:24:36 UTC 2018
On 01/23/2018 11:19 PM, Dave Anderson wrote:
>
>
> ----- Original Message -----
>> Hi Dave,
>>
>> Recently I was trying crash tool with kdump dumpfile & structure
>> layout randomized kernel[*](), and it fails without any surprise. After
>> looking into the different errors crash reports, I can confirm it is a
>> result from randomized structure layout.
>>
>> So my questions is, do you ever consider supporting this feature[*] in
>> crash?
>> If yes, do you have any plan & technique evaluation about it?
>> If no, what's the reason?
>>
>> [*]https://lwn.net/Articles/722293/
>> --
>> Sincerely,
>> Cao jin
>
> I was under the impression that the structure layout was done at
> compile-time, and that the vmlinux file's debuginfo data would
> represent the randomized layout. And that being the case, the
> inconvenience would be that the crash session would show the
> randomized layout, while the associated source code would show
> the original layout.
>
BTW, I don't have any compiler knowledge before, just from these two
days learning, I feel you are right at "vmlinux file's debuginfo data
would represent the randomized layout".
But when I debug, it seem not like what it should be. I have two file
pairs, randomized and non-randomized one. I print some member offset of
structure tagged with __randomize_layout after MEMBER_OFFSET_INIT, like
this one:
(gdb) p offset_table->task_struct_state
$1 = 8
(gdb) p offset_table->task_struct_exit_state
$2 = 2164
(gdb) p offset_table->task_struct_pid
$3 = 2264
(gdb) p offset_table->task_struct_comm
$4 = 2744
(gdb) p offset_table->task_struct_next_task
$5 = -1
(gdb) p offset_table->task_struct_processor
$6 = -1
(gdb) p offset_table->task_struct_p_pptr
$7 = -1
(gdb) p offset_table->task_struct_parent
$8 = 2288
Under both file pairs, these offset value are the same, so, I think that
is why I have the impression that debuginfo has the original structure
layout. I guess this is one kind of "MEMBER_OFFSET() no longer work"?
--
Sincerely,
Cao jin
> You didn't give any examples of how/what fails. Is it a major problem
> where fundamental facilities like MEMBER_OFFSET() no longer work?
> Or are there places where assumptions are made w/regard to structure
> layout without checking the debuginfo data?
>
> Anyway, the answer to your question is no, currently I have no plans.
>
> Dave
>
>
>
More information about the Crash-utility
mailing list