[Crash-utility] Crash-utility Digest, Vol 178, Issue 21

Tue Aug 11 08:23:14 UTC 2020

Hi Lianbo,

Am 11.08.20 um 04:08 schrieb lijiang:
> 在 2020年07月31日 00:00, crash-utility-request at redhat.com 写道:
>> Message: 1
>> Date: Thu, 30 Jul 2020 15:34:59 +0200
>> From: Mathias Krause <minipli at grsecurity.net>
>> To: crash-utility at redhat.com
>> Subject: [Crash-utility] [PATCH RESEND] Basic support for PaX's split
>> 	module	layout
>> Message-ID: <20200730133459.7868-1-minipli at grsecurity.net>
>> Content-Type: text/plain; charset=US-ASCII
>>
>> PaX and grsecurity kernels split module memory into dedicated r/x and
>> r/w mappings using '*_rw' and '*_rx' named member variables in 'struct
>> module'. To add basic support for such kernels detect the split layout
>> by testing for the corresponding structure members and use these
>> instead.
>>
>> So far we limit ourself to only track module code mappings for such
>> kernels as adding support for separate data mappings violates lots of
>> invariants in the rest of our code base, thereby would require a major
>> rework. However, with that patch applied, module code references can be
>> resolved in backtraces, memory and code dumps, which makes it already
>> very useful for analyzing such kernels.
>>
>> Signed-off-by: Mathias Krause <minipli at grsecurity.net>
>> ---
>> Resend as the original posting got stuck in the mail queue.
>>
>>  defs.h    | 13 +++++++++++
>>  kernel.c  | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++----
>>  symbols.c | 20 ++++++++--------
>>  3 files changed, 86 insertions(+), 15 deletions(-)
>>
>> diff --git a/defs.h b/defs.h
>> index d7adb23b86d5..160974ed554a 100644
>> --- a/defs.h
>> +++ b/defs.h
>> @@ -654,12 +654,15 @@ struct new_utsname {
>>  #define TIMER_BASES                (0x20ULL)
>>  #define IRQ_DESC_TREE_RADIX        (0x40ULL)
>>  #define IRQ_DESC_TREE_XARRAY       (0x80ULL)
>> +#define KMOD_PAX                  (0x100ULL)
>>  
>>  #define XEN()       (kt->flags & ARCH_XEN)
>>  #define OPENVZ()    (kt->flags & ARCH_OPENVZ)
>>  #define PVOPS()     (kt->flags & ARCH_PVOPS)
>>  #define PVOPS_XEN() (kt->flags & ARCH_PVOPS_XEN)
>>  
>> +#define PAX_MODULE_SPLIT() (kt->flags2 & KMOD_PAX)
>> +
>>  #define XEN_MACHINE_TO_MFN(m)    ((ulonglong)(m) >> PAGESHIFT())
>>  #define XEN_PFN_TO_PSEUDO(p)     ((ulonglong)(p) << PAGESHIFT())
>>  
>> @@ -1346,7 +1349,11 @@ struct offset_table {                    /* stash of commonly-used offsets */
>>  	long module_gpl_syms;
>>  	long module_num_gpl_syms;
>>  	long module_module_core;
>> +	long module_module_core_rw;
>> +	long module_module_core_rx;
>>  	long module_core_size;
>> +	long module_core_size_rw;
>> +	long module_core_size_rx;
>>  	long module_core_text_size;
>>  	long module_num_symtab;
>>  	long module_symtab;
>> @@ -1776,6 +1783,8 @@ struct offset_table {                    /* stash of commonly-used offsets */
>>  	long mm_struct_rss_stat;
>>  	long mm_rss_stat_count;
>>  	long module_module_init;
>> +	long module_module_init_rw;
>> +	long module_module_init_rx;
>>  	long module_init_text_size;
>>  	long cpu_context_save_fp;
>>  	long cpu_context_save_sp;
>> @@ -1793,6 +1802,8 @@ struct offset_table {                    /* stash of commonly-used offsets */
>>  	long unwind_idx_insn;
>>  	long signal_struct_nr_threads;
>>  	long module_init_size;
>> +	long module_init_size_rw;
>> +	long module_init_size_rx;
>>  	long module_percpu;
>>  	long radix_tree_node_slots;
>>  	long s390_stack_frame_back_chain;
>> @@ -2313,6 +2324,8 @@ struct array_table {
>>   *  in the offset table, size table or array_table.
>>   */
>>  #define OFFSET(X)	   (OFFSET_verify(offset_table.X, (char *)__FUNCTION__, __FILE__, __LINE__, #X))
>> +#define MODULE_OFFSET(X,Y) (PAX_MODULE_SPLIT() ? OFFSET(Y) : OFFSET(X))
>> +#define MODULE_OFFSET2(X,T) MODULE_OFFSET(X, X##_##T)
> The above definition has a code style issue(space required after that ','), but we could correct
> it when this patch is applied.

I just wanted to stick with the coding style nearby, like with
MEMBER_OFFSET(), MEMBER_EXISTS(), MEMBER_SIZE(), etc. all have no space
between the arguments. But I've no strong opinion about it. Feel free to
adapt.

> 
> Otherwise, it looks good to me.
> Acked-by: Lianbo Jiang <lijiang at redhat.com>

Thanks for the review!

Mathias

> 
> Thanks.
> Lianbo
> 
>> [...]