Re: [PATCH] Automatically detect kernel aslr offset

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




----- Original Message -----
> Automatically detext kernel aslr offset
> 
> This patch improves support for kernel aslr, to automatically find the
> aslr offset based on the location of the _stext symbol in the vmcore
> info.
> 
> Signed-off-by: Andrew Honig <ahonig@xxxxxxxxxx>


This patch was created from some interim test version, or
something like that:
  
  $ patch -p1 < kaslr.patch
  patching file netdump.c
  Hunk #1 FAILED at 411.
  1 out of 1 hunk FAILED -- saving rejects to file netdump.c.rej
  patching file symbols.c
  Hunk #1 succeeded at 556 (offset 3 lines).
  Hunk #2 FAILED at 625.
  1 out of 2 hunks FAILED -- saving rejects to file symbols.c.rej
  $

In netdump.c, it's removing stuff that doesn't exist in crash-7.0.5: 

> ---
>  netdump.c | 19 ++++++++-----------
>  symbols.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++---
>  2 files changed, 54 insertions(+), 14 deletions(-)
> 
> diff --git a/netdump.c b/netdump.c
> index 8e7ec15..b327649 100644
> --- a/netdump.c
> +++ b/netdump.c
> @@ -411,18 +411,15 @@ is_netdump(char *file, ulong source_query)
>  		get_log_from_vmcoreinfo(file, vmcoreinfo_read_string);
>  	}
>  
> -	// This is the code where I should read the aslr offset.
> +	/*
> +	 *We may need the _stext_SYMBOL from the vmcore_info to adjust for
> +	 * kaslr and we may not have gotten it elsewhere.
> +	 */
>  	if (source_query == KDUMP_LOCAL) {
> -		long aslr_offset = 0;
> -		char *aslr_string = vmcoreinfo_read_string("KERNELOFFSET");
> -		if (aslr_string) {
> -			aslr_offset = strtoul(aslr_string, NULL, 16);
> -			free (aslr_string);
> -		}
> -		if (!(kt->flags & RELOC_SET) && aslr_offset > 0) {
> -			kt->flags |= RELOC_SET;
> -			kt->relocate=aslr_offset * -1;
> -		}
> +		char *tmpstring = vmcoreinfo_read_string("SYMBOL(_stext)");
> +		kt->vmcoreinfo._stext_SYMBOL =
> +			htol(tmpstring, RETURN_ON_ERROR, NULL);
> +		free(tmpstring);
>  	}

Same thing here in store_symbols():

> @@ -588,15 +625,21 @@ store_symbols(bfd *abfd, int dynamic, void *minisyms,
> long symcount,
>  	st->symcnt = 0;
>  	sp = st->symtable;
>  
> +	first = 0;
> +	from = (bfd_byte *) minisyms;
> +	fromend = from + symcount * size;
> +
>  	if (machine_type("X86") || machine_type("X86_64")) {
> +		/* If kernel aslr offset has not been set, try to guess it. */
> +		if (kt->relocate == 0)
> +			derive_kaslr_offset(abfd, dynamic, from,
> +					    fromend, size, store);
> +
>  		if (!(kt->flags & RELOC_SET))
>  			kt->flags |= RELOC_FORCE;
>  	} else
>  		kt->flags &= ~RELOC_SET;
>  
> -	first = 0;
> -  	from = (bfd_byte *) minisyms;
> -  	fromend = from + symcount * size;
>    	for (; from < fromend; from += size)
>      	{
>        		if ((sym = bfd_minisymbol_to_symbol(abfd, dynamic, from, store))
> --

Please redo it against crash-7.0.5.

Thanks,
  Dave

--
Crash-utility mailing list
Crash-utility@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/crash-utility




[Index of Archives]     [Fedora Development]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]

 

Powered by Linux