Re: [Crash-utility] Crash-utility Digest, Vol 178, Issue 21
Hi Lianbo,
Am 11.08.20 um 04:08 schrieb lijiang:
在 2020年07月31日 00:00, crash-utility-request(a)redhat.com 写道:
> Message: 1
> Date: Thu, 30 Jul 2020 15:34:59 +0200
> From: Mathias Krause <minipli(a)grsecurity.net>
> To: crash-utility(a)redhat.com
> Subject: [Crash-utility] [PATCH RESEND] Basic support for PaX's split
> module layout
> Message-ID: <20200730133459.7868-1-minipli(a)grsecurity.net>
> Content-Type: text/plain; charset=US-ASCII
>
> PaX and grsecurity kernels split module memory into dedicated r/x and
> r/w mappings using '*_rw' and '*_rx' named member variables in
'struct
> module'. To add basic support for such kernels detect the split layout
> by testing for the corresponding structure members and use these
> instead.
>
> So far we limit ourself to only track module code mappings for such
> kernels as adding support for separate data mappings violates lots of
> invariants in the rest of our code base, thereby would require a major
> rework. However, with that patch applied, module code references can be
> resolved in backtraces, memory and code dumps, which makes it already
> very useful for analyzing such kernels.
>
> Signed-off-by: Mathias Krause <minipli(a)grsecurity.net>
> ---
> Resend as the original posting got stuck in the mail queue.
>
> defs.h | 13 +++++++++++
> kernel.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++----
> symbols.c | 20 ++++++++--------
> 3 files changed, 86 insertions(+), 15 deletions(-)
>
> diff --git a/defs.h b/defs.h
> index d7adb23b86d5..160974ed554a 100644
> --- a/defs.h
> +++ b/defs.h
> @@ -654,12 +654,15 @@ struct new_utsname {
> #define TIMER_BASES (0x20ULL)
> #define IRQ_DESC_TREE_RADIX (0x40ULL)
> #define IRQ_DESC_TREE_XARRAY (0x80ULL)
> +#define KMOD_PAX (0x100ULL)
>
> #define XEN() (kt->flags & ARCH_XEN)
> #define OPENVZ() (kt->flags & ARCH_OPENVZ)
> #define PVOPS() (kt->flags & ARCH_PVOPS)
> #define PVOPS_XEN() (kt->flags & ARCH_PVOPS_XEN)
>
> +#define PAX_MODULE_SPLIT() (kt->flags2 & KMOD_PAX)
> +
> #define XEN_MACHINE_TO_MFN(m) ((ulonglong)(m) >> PAGESHIFT())
> #define XEN_PFN_TO_PSEUDO(p) ((ulonglong)(p) << PAGESHIFT())
>
> @@ -1346,7 +1349,11 @@ struct offset_table { /* stash of
commonly-used offsets */
> long module_gpl_syms;
> long module_num_gpl_syms;
> long module_module_core;
> + long module_module_core_rw;
> + long module_module_core_rx;
> long module_core_size;
> + long module_core_size_rw;
> + long module_core_size_rx;
> long module_core_text_size;
> long module_num_symtab;
> long module_symtab;
> @@ -1776,6 +1783,8 @@ struct offset_table { /* stash of
commonly-used offsets */
> long mm_struct_rss_stat;
> long mm_rss_stat_count;
> long module_module_init;
> + long module_module_init_rw;
> + long module_module_init_rx;
> long module_init_text_size;
> long cpu_context_save_fp;
> long cpu_context_save_sp;
> @@ -1793,6 +1802,8 @@ struct offset_table { /* stash of
commonly-used offsets */
> long unwind_idx_insn;
> long signal_struct_nr_threads;
> long module_init_size;
> + long module_init_size_rw;
> + long module_init_size_rx;
> long module_percpu;
> long radix_tree_node_slots;
> long s390_stack_frame_back_chain;
> @@ -2313,6 +2324,8 @@ struct array_table {
> * in the offset table, size table or array_table.
> */
> #define OFFSET(X) (OFFSET_verify(offset_table.X, (char *)__FUNCTION__, __FILE__,
__LINE__, #X))
> +#define MODULE_OFFSET(X,Y) (PAX_MODULE_SPLIT() ? OFFSET(Y) : OFFSET(X))
> +#define MODULE_OFFSET2(X,T) MODULE_OFFSET(X, X##_##T)
The above definition has a code style issue(space required after that ','), but
we could correct
it when this patch is applied.
I just wanted to stick with the coding style nearby, like with
MEMBER_OFFSET(), MEMBER_EXISTS(), MEMBER_SIZE(), etc. all have no space
between the arguments. But I've no strong opinion about it. Feel free to
adapt.
Otherwise, it looks good to me.
Acked-by: Lianbo Jiang <lijiang(a)redhat.com>
Thanks for the review!
Mathias
Thanks.
Lianbo
> [...]