On Tue, Oct 15, 2013 at 11:36 AM, Dave Anderson <anderson@xxxxxxxxxx> wrote: > > > ----- Original Message ----- >> I'm trying to add crash support for kdumps from kASLR'd kernels. I've >> got it working with a few small changes and I wanted to solicit >> comments before sending a patch. > > Excellent! > >> 1) The --reloc flag appears to specify an offset to be subtracted from >> the loaded address, when the aslr offset is added. It's annoying to >> try to specify negative numbers on the command line, so I'd like to >> add another argument --aslr which is the same as --reloc but negates >> the value. > > Not a problem. In fact, since they really are different concepts, I'd > prefer it. But can you make it --kalsr? > > A couple questions -- how would the user know what the offset is? > The offset is output in the dmesg buffer. I don't really know how crashes are analyzed elsewhere, but this fits in well with our debugging workflow. Is this a problem for the usual workflow? > And I had thought that the upstream discussion was geared towards > making it work automatically -- at least with kdump dumpfiles -- such > that the kASLR offset would be made a VMCOREINFO item? I agree that's the correct solution, I was thinking of having a first patch to make something workable with the command line arg and identify any issues. Then writing another patch once the next kASLR version goes out with offset data included in the VMCOREINFO. I could also try something like the force_relocate function for x86 for auto-determining the offset. The x86 version only supports force_relocate for live debugging, but it doesn't look like it would be a difficult change. Would you like to see that in a patch? > >> 2) There are some symbols which should not be relocated. Specifically >> the per_cpu section symbols are zero based offsets which should not >> have the offset apply. Additionally there are VDSO symbols which are >> fixed even with kASLR enabled. To fix this I'd like to add code to >> iterate through the section and find the end of the last section and >> only apply the relocation value to values after the start of text but >> before the end of the last section. > > Right... > >> thanks, >> Andy > > Good to hear from you -- I figured that when I saw your subscription > request, with it being the first/only "google.com" address ever, that > something interesting was forthcoming... > > Thanks, > Dave Anderson > > -- > Crash-utility mailing list > Crash-utility@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/crash-utility -- Crash-utility mailing list Crash-utility@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/crash-utility
