[PATCH Makedumpfile 0/4] x86_64: Fix page_offset for randomized base enabled

Dave Anderson anderson at redhat.com
Thu Oct 27 08:25:20 PDT 2016

----- Original Message -----

> That being said, my recent 4.8 and 4.9 KASLR testing has been on live
> systems and compressed kdumps, so the old tried-and-true manner of
> calculating the phys_base from the ELF PT_LOAD segments apparently
> no longer works with KASLR.
> It would be so much more helpful if the VMCOREINFO data in the ELF
> header stored the actual phys_base value instead of its symbol value:
>   crash> help -D
>   ...
>   SYMBOL(phys_base)=ffffffffa740b010
>   ...
> which is completely useless unless the phys_base value is known.
> Anyway, can you send me the makedumpfile code that calculates the
> phys_base value?
> Dave

As it turns out, the problem with the crash utility is that it has to
calculate phys_base well before it even knows the kernel has been relocated 
by KASLR.  So when it sees the __START_KERNEL_map PT_LOAD segment, it mistakes
it for the kernel modules' virtual address region and skips it.

The kernel has this:

  #define KERNEL_IMAGE_SIZE       (1024 * 1024 * 1024)
  #define KERNEL_IMAGE_SIZE       (512 * 1024 * 1024)

and then this:


So with KASLR, MODULES_VADDR gets pushed up from the traditional ffffffffa0000000
up to ffffffffc0000000.

So I'm curious as to what you use in makedumpfile to determine whether 
CONFIG_RANDOMIZE_BASE has been configured?


More information about the kexec mailing list