| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Oct 2013 17:59:46 +0900
From: HATAYAMA Daisuke <d.hatayama@...fujitsu.com>
To: "kexec@...ts.infradead.org" <kexec@...ts.infradead.org>
CC: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Vivek Goyal <vgoyal@...hat.com>,
Simon Horman <horms@...ge.net.au>, ahonig@...gle.com,
keescook@...gle.com, Dave Anderson <anderson@...hat.com>,
"Eric W. Biederman" <ebiederm@...ssion.com>
Subject: kexec cannot find text map area if kaslr is enabled
Hello,
I tried to use x86/kaslr branch to check if how it works with kdump framework.
I found kexec doesn't work. According to the message, it looks like kexec failing
to find kernel text map area from kcore.
$ sudo /sbin/kexec -p --command-line="ro root=UUID=cdd5e357-d223-47ee-9d6e-d1fa78b3f8a4 rd_NO_LUKS nodmraid rd_NO_MD KEYBOARDTYPE=pc KEYTABLE=jp106 LANG=ja_JP.UTF-8 rd_NO_LVM rd_NO_DM consol\
e=ttyS0,19200n8r trace_event=block:*,irq:*,mce:*,sched:*,signal:*,workqueue:*,scsi:* trace_buf_size=25165824 irqpoll nr_cpus=2 reset_devices cgroup_disable=memory mce=off enable_lazy_purge " --initrd=/boot/initrd-3.12.0-rc4-k\
aslrkdump.img /boot/vmlinuz-3.12.0-rc4-kaslr
Can't find kernel text map area from kcore
Cannot load /boot/vmlinuz-3.12.0-rc4-kaslr
>From source code, it looks like kexec trying to find text map area by hard-coded
__START_KERNEL_map address. But this is being altered by kaslr.
static int get_kernel_vaddr_and_size(struct kexec_info *UNUSED(info),
struct crash_elf_info *elf_info)
<cut>
/* Traverse through the Elf headers and find the region where
* kernel is mapped. */
end_phdr = &ehdr.e_phdr[ehdr.e_phnum];
for(phdr = ehdr.e_phdr; phdr != end_phdr; phdr++) {
if (phdr->p_type == PT_LOAD) {
unsigned long long saddr = phdr->p_vaddr;
unsigned long long eaddr = phdr->p_vaddr + phdr->p_memsz;
unsigned long long size;
/* Look for kernel text mapping header. */
if ((saddr >= X86_64__START_KERNEL_map) &&
(eaddr <= X86_64__START_KERNEL_map + X86_64_KERNEL_TEXT_SIZE)) {
saddr = _ALIGN_DOWN(saddr, X86_64_KERN_VADDR_ALIGN);
elf_info->kern_vaddr_start = saddr;
size = eaddr - saddr;
/* Align size to page size boundary. */
size = _ALIGN(size, align);
elf_info->kern_size = size;
dbgprintf("kernel vaddr = 0x%llx size = 0x%llx\n",
saddr, size);
return 0;
}
}
}
fprintf(stderr, "Can't find kernel text map area from kcore\n");
return -1;
It seems to me that kexec needs to get runtime relocation information for example
from /proc/kallsyms.
I think there would be other part that doesn't work well due to this kind of hard coded address.
FYI, here are also part of /proc/iomem and /proc/kcore information on my environment:
$ readelf -l /proc/kcore
Elf file type is CORE (Core file)
Entry point 0x0
There are 11 program headers, starting at offset 64
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
NOTE 0x00000000000002a8 0x0000000000000000 0x0000000000000000
0x0000000000000c74 0x0000000000000000 0
LOAD 0x00007fffff601000 0xffffffffff600000 0x0000000000000000
0x0000000000800000 0x0000000000800000 RWE 1000
LOAD 0x00007fffa3001000 0xffffffffa3000000 0x0000000000000000
0x0000000000ed4000 0x0000000000ed4000 RWE 1000
LOAD 0x0000490000001000 0xffffc90000000000 0x0000000000000000
0x00001fffffffffff 0x00001fffffffffff RWE 1000
LOAD 0x00007fffc0001000 0xffffffffc0000000 0x0000000000000000
0x000000003f000000 0x000000003f000000 RWE 1000
LOAD 0x0000080000002000 0xffff880000001000 0x0000000000000000
0x000000000009a000 0x000000000009a000 RWE 1000
LOAD 0x00006a0000001000 0xffffea0000000000 0x0000000000000000
0x0000000000003000 0x0000000000003000 RWE 1000
LOAD 0x0000080000101000 0xffff880000100000 0x0000000000000000
0x000000007af0d000 0x000000007af0d000 RWE 1000
LOAD 0x00006a0000004000 0xffffea0000003000 0x0000000000000000
0x0000000001ae6000 0x0000000001ae6000 RWE 1000
LOAD 0x0000080100001000 0xffff880100000000 0x0000000000000000
0x0000000780000000 0x0000000780000000 RWE 1000
LOAD 0x00006a0003801000 0xffffea0003800000 0x0000000000000000
0x000000001a400000 0x000000001a400000 RWE 1000
00000000-00000fff : reserved
00001000-0009afff : System RAM
0009b000-0009ffff : reserved
000a0000-000bffff : PCI Bus 0000:00
000c0000-000c7fff : Video ROM
000c8000-000c8fff : Adapter ROM
000c9000-000cefff : Adapter ROM
000e0000-000fffff : reserved
000f0000-000fffff : System ROM
00100000-7b00cfff : System RAM
03000000-22ffffff : Crash kernel
23000000-2355118e : Kernel code
2355118f-23af95ff : Kernel data
23cb2000-23eadfff : Kernel bss
7b00d000-7b00ffff : reserved
7b010000-7b65efff : ACPI Non-volatile Storage
7b65f000-7b681fff : ACPI Tables
7b682000-7b7bffff : reserved
7b7c0000-7ba3ffff : ACPI Non-volatile Storage
7ba40000-7baaafff : reserved
7baab000-7bcfffff : ACPI Tables
7bd00000-7bd12fff : reserved
7bd13000-7bd15fff : ACPI Tables
7bd16000-7bd45fff : reserved
7bd46000-7bd5efff : ACPI Tables
7bd5f000-7bdfefff : reserved
7bdff000-7bdfffff : ACPI Tables
7be00000-7be4efff : reserved
7be1b018-7be1b067 : APEI ERST
7be1b070-7be1b077 : APEI ERST
7be1b078-7be1d017 : APEI ERST
7be4f000-7bf83fff : ACPI Tables
7bf84000-7bfcefff : ACPI Non-volatile Storage
7bfcf000-7bffefff : ACPI Tables
7bfff000-8fffffff : reserved
80000000-8fffffff : PCI MMCONFIG 0000 [bus 00-ff]
90000000-afffffff : PCI Bus 0000:00
<cut>
--
Thanks.
HATAYAMA, Daisuke
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists