[PATCH v1] kexec/arch/i386: Add support for KASLR memory randomization

Dave Young dyoung at redhat.com
Mon Sep 26 05:52:12 PDT 2016 

On 09/23/16 at 09:33am, Thomas Garnier wrote:
> On Thu, Sep 22, 2016 at 1:41 AM, Dave Young <dyoung at redhat.com> wrote:
> > Hi, Thomas
> >
> > On 08/17/16 at 09:47am, Thomas Garnier wrote:
> >> Multiple changes were made on KASLR (right now in linux-next). One of
> >> them is randomizing the virtual address of the physical mapping, vmalloc
> >> and vmemmap memory sections. It breaks kdump ability to read physical
> >> memory.
> >
> > What is the user visible behavior without this patch? Could you add more
> > in the patch log?
> >
> > During my testing seems with or without this patch kdump kernel boot
> > both fine.
> 
> Without this patch, you can't access memory on the generated crash dumps.

Ok, makedumpfile saving /proc/vmcore works fine without this patch, but
gdb will give error when accessing the old memory.

> 
> >
> > My kernel config options is like below, is it enough to test this patch?
> > CONFIG_RANDOMIZE_BASE=y
> > CONFIG_X86_NEED_RELOCS=y
> > CONFIG_PHYSICAL_ALIGN=0x1000000
> > CONFIG_RANDOMIZE_MEMORY=y
> > CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0x0
> >
> 
> Should be good enough.
> 
> >>
> >> This change identifies if KASLR memories randomization is used by
> >> checking if the page_offset_base variable exists. It search for the
> >> correct PAGE_OFFSET value by looking at the loaded memory section and
> >> find the lowest aligned on PUD (the randomization level).
> >>
> >> Related commits on linux-next:
> >>  - 0483e1fa6e09d4948272680f691dccb1edb9677f: Base for randomization
> >>  - 021182e52fe01c1f7b126f97fd6ba048dc4234fd: Enable for PAGE_OFFSET
> >>
> >> Signed-off-by: Thomas Garnier <thgarnie at google.com>
> >> ---
> >>  kexec/arch/i386/crashdump-x86.c | 29 ++++++++++++++++++++++-------
> >>  1 file changed, 22 insertions(+), 7 deletions(-)
> >>
> >> diff --git a/kexec/arch/i386/crashdump-x86.c b/kexec/arch/i386/crashdump-x86.c
> >> index bbc0f35..ab833d4 100644
> >> --- a/kexec/arch/i386/crashdump-x86.c
> >> +++ b/kexec/arch/i386/crashdump-x86.c
> >> @@ -102,11 +102,10 @@ static int get_kernel_paddr(struct kexec_info *UNUSED(info),
> >>       return -1;
> >>  }
> >>
> >> -/* Retrieve kernel _stext symbol virtual address from /proc/kallsyms */
> >> -static unsigned long long get_kernel_stext_sym(void)
> >> +/* Retrieve kernel symbol virtual address from /proc/kallsyms */
> >> +static unsigned long long get_kernel_sym(const char *symbol)
> >
> > It sounds better to split this to another patch.
> >
> 
> Why not, that's a very small change though.
> 
> >>  {
> >>       const char *kallsyms = "/proc/kallsyms";
> >> -     const char *stext = "_stext";
> >>       char sym[128];
> >>       char line[128];
> >>       FILE *fp;
> >> @@ -122,13 +121,13 @@ static unsigned long long get_kernel_stext_sym(void)
> >>       while(fgets(line, sizeof(line), fp) != NULL) {
> >>               if (sscanf(line, "%Lx %c %s", &vaddr, &type, sym) != 3)
> >>                       continue;
> >> -             if (strcmp(sym, stext) == 0) {
> >> -                     dbgprintf("kernel symbol %s vaddr = %16llx\n", stext, vaddr);
> >> +             if (strcmp(sym, symbol) == 0) {
> >> +                     dbgprintf("kernel symbol %s vaddr = %16llx\n", symbol, vaddr);
> >>                       return vaddr;
> >>               }
> >>       }
> >>
> >> -     fprintf(stderr, "Cannot get kernel %s symbol address\n", stext);
> >> +     fprintf(stderr, "Cannot get kernel %s symbol address\n", symbol);

For page_offset_base it should only print the error message when
the kernel supports it.


> >>       return 0;
> >>  }
> >>
> >> @@ -151,6 +150,8 @@ static int get_kernel_vaddr_and_size(struct kexec_info *UNUSED(info),
> >>       off_t size;
> >>       uint32_t elf_flags = 0;
> >>       uint64_t stext_sym;
> >> +     const unsigned long long pud_mask = ~((1 << 30) - 1);
> >> +     unsigned long long vaddr, lowest_vaddr = 0;
> >>
> >>       if (elf_info->machine != EM_X86_64)
> >>               return 0;
> >> @@ -180,9 +181,23 @@ static int get_kernel_vaddr_and_size(struct kexec_info *UNUSED(info),
> >>
> >>       end_phdr = &ehdr.e_phdr[ehdr.e_phnum];
> >>
> >> +     /* Search for the real PAGE_OFFSET when KASLR memory randomization
> >> +      * is enabled */
> >> +     if (get_kernel_sym("page_offset_base") != 0) {
> >> +             for(phdr = ehdr.e_phdr; phdr != end_phdr; phdr++) {
> >> +                     if (phdr->p_type == PT_LOAD) {
> >> +                             vaddr = phdr->p_vaddr & pud_mask;
> >> +                             if (lowest_vaddr == 0 || lowest_vaddr > vaddr)
> >> +                                     lowest_vaddr = vaddr;
> >> +                     }
> >> +             }
> >> +             if (lowest_vaddr != 0)
> >> +                     elf_info->page_offset = lowest_vaddr;
> >> +     }
> >> +
> >>       /* Traverse through the Elf headers and find the region where
> >>        * _stext symbol is located in. That's where kernel is mapped */
> >> -     stext_sym = get_kernel_stext_sym();
> >> +     stext_sym = get_kernel_sym("_stext");
> >>       for(phdr = ehdr.e_phdr; stext_sym && phdr != end_phdr; phdr++) {
> >>               if (phdr->p_type == PT_LOAD) {
> >>                       unsigned long long saddr = phdr->p_vaddr;
> >> --

Thanks
Dave

More information about the kexec mailing list