Re: [Crash-utility] [PATCH] Automatically detect kernel aslr offset

----- Original Message ----- > Automatically detext kernel aslr offset > > This patch improves support for kernel aslr, to automatically find the > aslr offset based on the location of the _stext symbol in the vmcore > info. > > Signed-off-by: Andrew Honig <ahonig(a)google.com&gt; This patch was created from some interim test version, or something like that: $ patch -p1 < kaslr.patch patching file netdump.c Hunk #1 FAILED at 411. 1 out of 1 hunk FAILED -- saving rejects to file netdump.c.rej patching file symbols.c Hunk #1 succeeded at 556 (offset 3 lines). Hunk #2 FAILED at 625. 1 out of 2 hunks FAILED -- saving rejects to file symbols.c.rej $ In netdump.c, it's removing stuff that doesn't exist in crash-7.0.5: > --- > netdump.c | 19 ++++++++----------- > symbols.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++--- > 2 files changed, 54 insertions(+), 14 deletions(-) > > diff --git a/netdump.c b/netdump.c > index 8e7ec15..b327649 100644 > --- a/netdump.c > +++ b/netdump.c > @@ -411,18 +411,15 @@ is_netdump(char *file, ulong source_query) > get_log_from_vmcoreinfo(file, vmcoreinfo_read_string); > } > > - // This is the code where I should read the aslr offset. > + /* > + *We may need the _stext_SYMBOL from the vmcore_info to adjust for > + * kaslr and we may not have gotten it elsewhere. > + */ > if (source_query == KDUMP_LOCAL) { > - long aslr_offset = 0; > - char *aslr_string = vmcoreinfo_read_string("KERNELOFFSET"); > - if (aslr_string) { > - aslr_offset = strtoul(aslr_string, NULL, 16); > - free (aslr_string); > - } > - if (!(kt->flags & RELOC_SET) && aslr_offset > 0) { > - kt->flags |= RELOC_SET; > - kt->relocate=aslr_offset * -1; > - } > + char *tmpstring = vmcoreinfo_read_string("SYMBOL(_stext)"); > + kt->vmcoreinfo._stext_SYMBOL = > + htol(tmpstring, RETURN_ON_ERROR, NULL); > + free(tmpstring); > } Same thing here in store_symbols(): > @@ -588,15 +625,21 @@ store_symbols(bfd *abfd, int dynamic, void *minisyms, > long symcount, > st->symcnt = 0; > sp = st->symtable; > > + first = 0; > + from = (bfd_byte *) minisyms; > + fromend = from + symcount * size; > + > if (machine_type("X86") || machine_type("X86_64")) { > + /* If kernel aslr offset has not been set, try to guess it. */ > + if (kt->relocate == 0) > + derive_kaslr_offset(abfd, dynamic, from, > + fromend, size, store); > + > if (!(kt->flags & RELOC_SET)) > kt->flags |= RELOC_FORCE; > } else > kt->flags &= ~RELOC_SET; > > - first = 0; > - from = (bfd_byte *) minisyms; > - fromend = from + symcount * size; > for (; from < fromend; from += size) > { > if ((sym = bfd_minisymbol_to_symbol(abfd, dynamic, from, store)) > -- Please redo it against crash-7.0.5. Thanks, Dave -- Crash-utility mailing list Crash-utility(a)redhat.com https://www.redhat.com/mailman/listinfo/crash-utility