Re: [Crash-utility] Crash support for kASLR
On Wed, Oct 16, 2013 at 12:37 PM, Kees Cook <keescook(a)google.com> wrote:
On Wed, Oct 16, 2013 at 9:02 AM, Andrew Honig
<ahonig(a)google.com> wrote:
> I'm talking about working with a vmlinux/vmcore pair. To get crash
> working with the current version of kASLR that doesn't have the offset
> data specifically in the VMCOREINFO I could use another symbol in the
> VMCOREINFO to calculate the offset. For example _stext is already in
> the VMCOREINFO. I could get the offset of _stext from the VMCOREINFO,
> then get the offset of _stext from the vmlinux and subtract them to
> get the ASLR offset.
Doing this math seems like a good approach. Are there any downsides to
inferring the kASLR offset this way?
I would prefer to write it that way, because it works with existing
aslr enabled kernels and kdumps. I can think of a couple of
downsides, but neither is a deal breaker:
1) The patch is slightly more complicated and will require two passes
over the symbols. The first pass will find the _stext symbol in the
vmlinux file and try to determine the aslr offset. The second pass
will relocate and store the symbols.
2) It create a non-obvious dependency on _stext being in the vmcoreinfo.