lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 8 Oct 2013 09:38:12 -0400 (EDT)
From:	Dave Anderson <anderson@...hat.com>
To:	HATAYAMA Daisuke <d.hatayama@...fujitsu.com>
Cc:	Kees Cook <keescook@...omium.org>,
	LKML <linux-kernel@...r.kernel.org>, x86@...nel.org,
	kernel-hardening@...ts.openwall.com,
	Aaron Durbin <adurbin@...gle.com>,
	Eric Northup <digitaleric@...gle.com>,
	Julien Tinnes <jln@...gle.com>, Will Drewry <wad@...gle.com>,
	Mathias Krause <minipli@...glemail.com>,
	Zhang Yanfei <zhangyanfei@...fujitsu.com>,
	"H. Peter Anvin" <hpa@...or.com>,
	"Discussion list for crash utility usage, maintenance and development" 
	<crash-utility@...hat.com>
Subject: Re: [PATCH 6/7] x86, kaslr: report kernel offset on panic



----- Original Message -----
> (2013/10/07 22:21), Dave Anderson wrote:
> 
> > ----- Original Message -----
> >> (2013/10/03 22:47), Dave Anderson wrote:
> 
> >>> ----- Original Message -----
> >>>> (2013/10/02 18:13), HATAYAMA Daisuke wrote:
> >>>>> (2013/10/02 16:48), Kees Cook wrote:
> 
> >>
> >> Thanks for detailed explanation. So, there's already a feature in crash
> >> utility
> >> to address relocation!, though it's better for me to try them to check if
> >> it's
> >> really applicable to this feature. My concern is whether --reloc works
> >> well
> >> on x86_64 too, because relocation has never done on x86_64 ever, right?
> >
> > Correct.
> >
> >> Another concern is that in case of relocation, users need to additional information
> >> regarding runtime symbol information to crash utility. I want to avoid additional
> >> process, automation is preferable if possible.
> >
> > Right.  As I mentioned in the case of 32-bit x86 dumpfiles, there is no automation
> > available when CONFIG_PHYSICAL_START is larger than CONFIG_PHYSICAL_ALIGN.  The user
> > either has to be aware of their values in order to calculate the --reloc argument,
> > or has to capture a copy of the /proc/kallsyms file on the crashed system.  Typically
> > users/distros using kdump changed their x86 configurations to avoid having to deal
> > with that.
> >
> 
> Sorry, I don't understand why relocation size cannot be calculated when
> CONFIG_PHYSICALSTART > CONFIG_PHYSICAL_ALIGN. Could you explain that?

I just meant that when CONFIG_PHYSICAL_START > CONFIG_PHYSICAL_ALIGN, the 32-bit x86 kernel
gets relocated (like the secondary kdump kernel), but that information is not readily available
from the vmlinux/vmcore pair.  

> 
> >> I guess it's enough if there's runtime symbol addresses because we can get relocated
> >> offset value by comparing it with the compile-time symbol address contained in
> >> a given debuginfo file. Candidates for such symbols are the ones contained in
> >> VMCOREINFO note containing some symbol values for makedumpfile to refer to mm-related
> >> objects in kernel, which is always contained in vmcore generated by current kdump and
> >> also vmcores converted by makedumpfile from it. How about this idea?
> >
> > But how would that differ from using an incorrect (non-matching) vmlinux file?
> >
> 
> It seems to me almost similar to what crash currently does even if we do relocation check.
> The current check crash currently does is trial-and-error since there's no information
> indicating given vmcore and vmlinuxcertainly match well.
> 
> For example, the process I imagine is:
> 
>    1) try to match vmcore and vmlinux with no relocation. If fails, go to 2).
>    2) try to match vmcore and vmlinux with relocation.
> 
> The two steps include symbol table initialization so it might actually be difficult to
> resume back from 2) to 1).
> 
> Also, if gap due to phys_base and gap due to relocation can happen at the same time,
> calculating two values automatically might be futher complicated. So, it would be better
> to add relocation value in VMCOREINFO. Then, what crash utility sholud do becomes very simple.

Yes please...

And while you're at it, the kernel's

  VMCOREINFO_SYMBOL(phys_base);

is pretty much useless, at least w/respect to ELF vmcores, since we need to know its
value in order to translate the address.  And I don't think that makedumpfile uses
it when it calculates the phys_base that it stores in compressed kdump headers.  Why
not put its value instead of its address?

> BTW, can it really happen that gaps due to phys_base and due to relocation happen at the
> same time? I feel relocation covers phys_base mechanism. If there's relocation, phys_base
> is not necessary.
> 
> --
> Thanks.
> HATAYAMA, Daisuke
> 
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ