Re: [Crash-utility] [PATCH v2 0/2] Fix KASLR problem on sadump
Hi Takao,
A couple things. Can you post against the current github sources,
or at least use crash-7.2.0? I'm not sure what version you're
working with:
$ patch -p1 --dry-run < $dl/sadump_1.patch
checking file defs.h
Hunk #1 succeeded at 5629 (offset 7 lines).
checking file x86_64.c
Hunk #1 FAILED at 119.
Hunk #2 succeeded at 1998 (offset 34 lines).
Hunk #3 succeeded at 2016 (offset 34 lines).
Hunk #4 succeeded at 2030 (offset 34 lines).
Hunk #5 succeeded at 2086 (offset 34 lines).
1 out of 5 hunks FAILED
$ patch -p1 --dry-run < $dl/sadump_2.patch
checking file defs.h
Hunk #1 succeeded at 2590 (offset 5 lines).
Hunk #2 succeeded at 6312 (offset 47 lines).
checking file sadump.c
checking file sadump.h
checking file symbols.c
Hunk #3 succeeded at 12262 (offset 10 lines).
$
It was easy enough to address the FAILED segment above,
but there are a few issues with the sadump.c patch:
$ make warn
... [ cut ] ...
cc -c -g -DX86_64 -DLZO -DSNAPPY -DGDB_7_6 sadump.c -Wall -O2 -Wstrict-prototypes
-Wmissing-prototypes -fstack-protector -Wformat-security
sadump.c:1911:1: warning: no previous prototype for ‘get_kaslr_offset_from_vmcoreinfo’
[-Wmissing-prototypes]
get_kaslr_offset_from_vmcoreinfo(ulong cr3, ulong orig_kaslr_offset,
^
sadump.c: In function ‘sadump_calc_kaslr_offset’:
sadump.c:2088:38: warning: ‘scs.Cr3’ may be used uninitialized in this function
[-Wmaybe-uninitialized]
if (get_kaslr_offset_from_vmcoreinfo(
^
sadump.c:2044:40: warning: ‘scs.IdtLower’ may be used uninitialized in this function
[-Wmaybe-uninitialized]
idtr = ((uint64_t)scs.IdtUpper)<<32 | (uint64_t)scs.IdtLower;
^
sadump.c:2044:10: warning: ‘scs.IdtUpper’ may be used uninitialized in this function
[-Wmaybe-uninitialized]
idtr = ((uint64_t)scs.IdtUpper)<<32 | (uint64_t)scs.IdtLower;
...
But more importantly, the sadump.c patch won't compile against the
other architectures, because x86_64_kvtop_pagetable() only exists
when crash is built for x86_64.
Plus I don't particularly like the kvtop "pagetable" argument abstraction
and new functions that you put in place in x86_64.c just for these 3 rather
arcane calls from sadump.c.
I suggest adding a new machdep->flags bit (USE_PT?) which could
be temporarily set in sadump.c prior to each of the 3 calls that
could be made to the generic kvtop() function. Then in x86_64_kvtop(),
check for the new machdep->flag as opposed to the "use_pagetable" argument.
It may even be possible to use SADUMP() along with some other existing
flag instead of creating a new one. But please just avoid creating the
new functions in x86_64.c.
Thanks,
Dave
----- Original Message -----
Hi Dave, Hatayama-san,
Hatayama-san, thanks for your review, I updated may patch.
These patch series fix a problem that crash cannot open a dumpfile which is
captured by sadump on KASLR enabled kernel.
When KASLR feature is enabled, a kernel is placed on the memory randomly and
therefore crash cannot open a dumpfile because addresses of kernel symbols in
vmlinux are different from actual addresses. In the case of kdump,
information
to get actual address is included in the vmcoreinfo, but dumpfile of sadump
does
not have such a information.
These patches calculate kaslr offset and phys_base to solve this problem. The
basic idea is getting register (IDTR and CR3) from dump header, and calculate
kaslr_offset/phys_base using them.
changelog:
v2:
- Remove virsh-dump part
- Change get_vec0_addr style
- Some tiny fixes
v1:
https://www.redhat.com/archives/crash-utility/2017-October/msg00004.html
Takao Indoh (2):
Introduce x86_64_kvtop_pagetable
Fix a KASLR problem of sadump
defs.h | 5 +
sadump.c | 458
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
sadump.h | 1 +
symbols.c | 34 +++++
x86_64.c | 26 +++-
5 files changed, 522 insertions(+), 2 deletions(-)
--
2.9.5
--
Crash-utility mailing list
Crash-utility(a)redhat.com
https://www.redhat.com/mailman/listinfo/crash-utility