Re: [Crash-utility] Crash-utility Digest, Vol 178, Issue 21

Hi Lianbo, Am 11.08.20 um 04:08 schrieb lijiang: > 在 2020年07月31日 00:00, crash-utility-request(a)redhat.com 写道: >> Message: 1 >> Date: Thu, 30 Jul 2020 15:34:59 +0200 >> From: Mathias Krause <minipli(a)grsecurity.net&gt; >> To: crash-utility(a)redhat.com >> Subject: [Crash-utility] [PATCH RESEND] Basic support for PaX's split >> module layout >> Message-ID: <20200730133459.7868-1-minipli(a)grsecurity.net&gt; >> Content-Type: text/plain; charset=US-ASCII >> >> PaX and grsecurity kernels split module memory into dedicated r/x and >> r/w mappings using '*_rw' and '*_rx' named member variables in 'struct >> module'. To add basic support for such kernels detect the split layout >> by testing for the corresponding structure members and use these >> instead. >> >> So far we limit ourself to only track module code mappings for such >> kernels as adding support for separate data mappings violates lots of >> invariants in the rest of our code base, thereby would require a major >> rework. However, with that patch applied, module code references can be >> resolved in backtraces, memory and code dumps, which makes it already >> very useful for analyzing such kernels. >> >> Signed-off-by: Mathias Krause <minipli(a)grsecurity.net&gt; >> --- >> Resend as the original posting got stuck in the mail queue. >> >> defs.h | 13 +++++++++++ >> kernel.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++---- >> symbols.c | 20 ++++++++-------- >> 3 files changed, 86 insertions(+), 15 deletions(-) >> >> diff --git a/defs.h b/defs.h >> index d7adb23b86d5..160974ed554a 100644 >> --- a/defs.h >> +++ b/defs.h >> @@ -654,12 +654,15 @@ struct new_utsname { >> #define TIMER_BASES (0x20ULL) >> #define IRQ_DESC_TREE_RADIX (0x40ULL) >> #define IRQ_DESC_TREE_XARRAY (0x80ULL) >> +#define KMOD_PAX (0x100ULL) >> >> #define XEN() (kt->flags & ARCH_XEN) >> #define OPENVZ() (kt->flags & ARCH_OPENVZ) >> #define PVOPS() (kt->flags & ARCH_PVOPS) >> #define PVOPS_XEN() (kt->flags & ARCH_PVOPS_XEN) >> >> +#define PAX_MODULE_SPLIT() (kt->flags2 & KMOD_PAX) >> + >> #define XEN_MACHINE_TO_MFN(m) ((ulonglong)(m) >> PAGESHIFT()) >> #define XEN_PFN_TO_PSEUDO(p) ((ulonglong)(p) << PAGESHIFT()) >> >> @@ -1346,7 +1349,11 @@ struct offset_table { /* stash of commonly-used offsets */ >> long module_gpl_syms; >> long module_num_gpl_syms; >> long module_module_core; >> + long module_module_core_rw; >> + long module_module_core_rx; >> long module_core_size; >> + long module_core_size_rw; >> + long module_core_size_rx; >> long module_core_text_size; >> long module_num_symtab; >> long module_symtab; >> @@ -1776,6 +1783,8 @@ struct offset_table { /* stash of commonly-used offsets */ >> long mm_struct_rss_stat; >> long mm_rss_stat_count; >> long module_module_init; >> + long module_module_init_rw; >> + long module_module_init_rx; >> long module_init_text_size; >> long cpu_context_save_fp; >> long cpu_context_save_sp; >> @@ -1793,6 +1802,8 @@ struct offset_table { /* stash of commonly-used offsets */ >> long unwind_idx_insn; >> long signal_struct_nr_threads; >> long module_init_size; >> + long module_init_size_rw; >> + long module_init_size_rx; >> long module_percpu; >> long radix_tree_node_slots; >> long s390_stack_frame_back_chain; >> @@ -2313,6 +2324,8 @@ struct array_table { >> * in the offset table, size table or array_table. >> */ >> #define OFFSET(X) (OFFSET_verify(offset_table.X, (char *)__FUNCTION__, __FILE__, __LINE__, #X)) >> +#define MODULE_OFFSET(X,Y) (PAX_MODULE_SPLIT() ? OFFSET(Y) : OFFSET(X)) >> +#define MODULE_OFFSET2(X,T) MODULE_OFFSET(X, X##_##T) > The above definition has a code style issue(space required after that ','), but we could correct > it when this patch is applied. I just wanted to stick with the coding style nearby, like with MEMBER_OFFSET(), MEMBER_EXISTS(), MEMBER_SIZE(), etc. all have no space

between the arguments. But I've no strong opinion about it. Feel free to adapt.

> > Otherwise, it looks good to me. > Acked-by: Lianbo Jiang <lijiang(a)redhat.com&gt; Thanks for the review! Mathias > > Thanks. > Lianbo > >> [...]