Re: [Crash-utility] [PATCH] Automatically detect kernel aslr offset
----- Original Message -----
Automatically detext kernel aslr offset
This patch improves support for kernel aslr, to automatically find the
aslr offset based on the location of the _stext symbol in the vmcore
info.
Signed-off-by: Andrew Honig <ahonig(a)google.com>
This patch was created from some interim test version, or
something like that:
$ patch -p1 < kaslr.patch
patching file netdump.c
Hunk #1 FAILED at 411.
1 out of 1 hunk FAILED -- saving rejects to file netdump.c.rej
patching file symbols.c
Hunk #1 succeeded at 556 (offset 3 lines).
Hunk #2 FAILED at 625.
1 out of 2 hunks FAILED -- saving rejects to file symbols.c.rej
$
In netdump.c, it's removing stuff that doesn't exist in crash-7.0.5:
---
netdump.c | 19 ++++++++-----------
symbols.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++---
2 files changed, 54 insertions(+), 14 deletions(-)
diff --git a/netdump.c b/netdump.c
index 8e7ec15..b327649 100644
--- a/netdump.c
+++ b/netdump.c
@@ -411,18 +411,15 @@ is_netdump(char *file, ulong source_query)
get_log_from_vmcoreinfo(file, vmcoreinfo_read_string);
}
- // This is the code where I should read the aslr offset.
+ /*
+ *We may need the _stext_SYMBOL from the vmcore_info to adjust for
+ * kaslr and we may not have gotten it elsewhere.
+ */
if (source_query == KDUMP_LOCAL) {
- long aslr_offset = 0;
- char *aslr_string = vmcoreinfo_read_string("KERNELOFFSET");
- if (aslr_string) {
- aslr_offset = strtoul(aslr_string, NULL, 16);
- free (aslr_string);
- }
- if (!(kt->flags & RELOC_SET) && aslr_offset > 0) {
- kt->flags |= RELOC_SET;
- kt->relocate=aslr_offset * -1;
- }
+ char *tmpstring = vmcoreinfo_read_string("SYMBOL(_stext)");
+ kt->vmcoreinfo._stext_SYMBOL =
+ htol(tmpstring, RETURN_ON_ERROR, NULL);
+ free(tmpstring);
}
Same thing here in store_symbols():
@@ -588,15 +625,21 @@ store_symbols(bfd *abfd, int dynamic, void
*minisyms,
long symcount,
st->symcnt = 0;
sp = st->symtable;
+ first = 0;
+ from = (bfd_byte *) minisyms;
+ fromend = from + symcount * size;
+
if (machine_type("X86") || machine_type("X86_64")) {
+ /* If kernel aslr offset has not been set, try to guess it. */
+ if (kt->relocate == 0)
+ derive_kaslr_offset(abfd, dynamic, from,
+ fromend, size, store);
+
if (!(kt->flags & RELOC_SET))
kt->flags |= RELOC_FORCE;
} else
kt->flags &= ~RELOC_SET;
- first = 0;
- from = (bfd_byte *) minisyms;
- fromend = from + symcount * size;
for (; from < fromend; from += size)
{
if ((sym = bfd_minisymbol_to_symbol(abfd, dynamic, from, store))
--
Please redo it against crash-7.0.5.
Thanks,
Dave