[PATCH Makedumpfile 0/4] x86_64: Fix page_offset for randomized base enabled
Dave Anderson
anderson at redhat.com
Thu Oct 27 08:25:20 PDT 2016
----- Original Message -----
>
> That being said, my recent 4.8 and 4.9 KASLR testing has been on live
> systems and compressed kdumps, so the old tried-and-true manner of
> calculating the phys_base from the ELF PT_LOAD segments apparently
> no longer works with KASLR.
>
> It would be so much more helpful if the VMCOREINFO data in the ELF
> header stored the actual phys_base value instead of its symbol value:
>
> crash> help -D
> ...
> SYMBOL(phys_base)=ffffffffa740b010
> ...
>
> which is completely useless unless the phys_base value is known.
>
> Anyway, can you send me the makedumpfile code that calculates the
> phys_base value?
>
> Dave
As it turns out, the problem with the crash utility is that it has to
calculate phys_base well before it even knows the kernel has been relocated
by KASLR. So when it sees the __START_KERNEL_map PT_LOAD segment, it mistakes
it for the kernel modules' virtual address region and skips it.
The kernel has this:
#if defined(CONFIG_RANDOMIZE_BASE)
#define KERNEL_IMAGE_SIZE (1024 * 1024 * 1024)
#else
#define KERNEL_IMAGE_SIZE (512 * 1024 * 1024)
#endif
and then this:
#define MODULES_VADDR (__START_KERNEL_map + KERNEL_IMAGE_SIZE)
So with KASLR, MODULES_VADDR gets pushed up from the traditional ffffffffa0000000
up to ffffffffc0000000.
So I'm curious as to what you use in makedumpfile to determine whether
CONFIG_RANDOMIZE_BASE has been configured?
Thanks,
Dave
More information about the kexec
mailing list