----- Original Message -----
>> >
>> > Then, my questions are:
>> >
>> > (1) on a live system, how would a root user determine the offset from
userspace?
>>
>> AFAICT, it can be calculated from /proc/kallsyms.
>
> Will /proc/kallsyms contain the relocated addresses? Andy had mentioned that
> the offset would be in the dmesg buffer but that can be overwritten.
Yeah, kallsyms should show the current actual locations. It should
only show up in dmesg on a crash.
>> > (2) given a random vmlinux/vmcore pair, how would any user determine the
offset?
>>
>> It'd be nice for the vmcore to contain offset details.
>
> Right -- Andy mentioned that it would be put in a VMCOREINFO item:
>
>
https://www.redhat.com/archives/crash-utility/2013-October/msg00043.html
>
> But I'm presuming that wasn't part of your patchset.
It was not, no. What's needed to get that added?
Since kASLR is x86 only (right?), I believe it would simply require an
addition to "arch/x86/kernel/machine_kexec_64.c" here:
void arch_crash_save_vmcoreinfo(void)
{
VMCOREINFO_SYMBOL(phys_base);
VMCOREINFO_SYMBOL(init_level4_pgt);
#ifdef CONFIG_NUMA
VMCOREINFO_SYMBOL(node_data);
VMCOREINFO_LENGTH(node_data, MAX_NUMNODES);
#endif
}
Since it's the offset value that we're interested in, something
like this should suffice:
VMCOREINFO_NUMBER(<name_of_symbol_containing_offset_value>)
with an appropriate header inclusion that declares the symbol,
and enclosed by whatever "CONFIG_<kASLR>" you've got in place.
The macro looks like this:
#define VMCOREINFO_NUMBER(name) \
vmcoreinfo_append_str("NUMBER(%s)=%ld\n", #name, (long)name)
Of course that presumes you've got a symbol in place that holds the offset?
On a related note, the VMCOREINFO_SYMBOL(phys_base) above is completely
useless, and should also have been introduced as VMCOREINFO_NUMBER(phys_base).
The makedumpfile maintainers on this list can confirm it, but I
don't believe that they use it either, but just pass it on to the
crash utility to ignore. Both the crash utility and makedumpfile
jump through hoops to figure out the phys_base value when it could
simply be passed in the vmcoreinfo data.
Dave
> Anyway, looking back at that post, I'll defer adding this patch until
> Andy updates it, or at least confirms that it might be useful as-is
> for now.
Okay, cool. I'm happy to help however is needed. :)
Thanks!
-Kees