From: Kazuhito Hagio <k-hagio@ab.jp.nec.com>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
"kexec@lists.infradead.org" <kexec@lists.infradead.org>,
Masaki Tachibana <mas-tachibana@vf.jp.nec.com>,
Kazuhito Hagio <k-hagio@ab.jp.nec.com>
Subject: RE: [PATCH] uts: Don't randomize "struct uts_namespace".
Date: Wed, 11 Jul 2018 16:31:15 +0000 [thread overview]
Message-ID: <4AE2DC15AC0B8543882A74EA0D43DBEC035582C1@BPXM09GP.gisp.nec.co.jp> (raw)
In-Reply-To: <271dcdcd-d622-552c-338a-5eeca5e2b4a0@i-love.sakura.ne.jp>
Hi Tetsuo,
Thanks for your report.
On Friday, July 6, 2018 7:10 PM, Tetsuo Handa wrote:
> Hello Ken'ichi,
>
> I noticed that makedumpfile ( https://sourceforge.net/p/makedumpfile/code/ )
> can no longer detect kernel version correctly because "struct uts_namespace"
> (which is exposed to userspace via vmcoreinfo) is subjected to randomization
> by GCC_PLUGIN_RANDSTRUCT kernel config option since 4.13.
>
> The code was introduced by below commit.
>
> commit bfc8fe181c822ad0d8495ceda3c7109a407192f0
> Author: ken1_ohmichi <ken1_ohmichi>
> Date: Fri Dec 22 07:41:14 2006 +0000
>
> linux-2.6.19 support.
> On linux-2.6.18 or former, the release information could be gotten from
> the symbol "system_utsname". But on linux-2.6.19, it can be done from the
> symbol "init_uts_ns". A new makedumpfile can get the release information
> from the existing symbol.
>
> Can you detect kernel version without using "struct uts_namespace" ?
makedumpfile needs a whole "struct new_utsname" data in "struct uts_namespace"
because it has to write the data out to dump file header, so we need to add
the offset of uts_namespace.name to vmcoreinfo or get it from vmlinux.
But I'm not sure whether it is all to get makedumpfile working well with the
randomization, e.g. some additional offset exposures might be needed.
And I saw a report to the crash utility mailing list that crash also couldn't
work with the randomization due to a vmlinux issue, so if it is still not fixed,
even if makedumpfile (and kernel) is fixed, we cannot use crash.
* [Crash-utility] Using crash with structure layout randomized kernel
https://www.redhat.com/archives/crash-utility/2018-January/thread.html#00035
Thanks,
Kazu
>
> On 2018/07/07 1:11, Linus Torvalds wrote:
> > On Fri, Jul 6, 2018 at 3:07 AM Tetsuo Handa
> > <penguin-kernel@i-love.sakura.ne.jp> wrote:
> >>
> >> I noticed that makedumpfile utility is failing to check kernel version, for
> >> it depends on offset of "struct uts_namespace"->name being sizeof(int).
> >
> > For something like this, we fix makedumpfile instead. This is not a
> > "user program" using system calls etc, this is something that delves
> > into the kernel dump and tries to make sense of it.
> >
> > Where is the makedumpfile source code? What is it trying to do, and why?
> >
> > One option is to just say "hey, you can't make much sense of a
> > randomized kernel dump anyway, so don't even try".
> >
> > Linus
> >
>
WARNING: multiple messages have this Message-ID (diff)
From: Kazuhito Hagio <k-hagio@ab.jp.nec.com>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: Masaki Tachibana <mas-tachibana@vf.jp.nec.com>,
Kazuhito Hagio <k-hagio@ab.jp.nec.com>,
Kees Cook <keescook@chromium.org>,
"kexec@lists.infradead.org" <kexec@lists.infradead.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: RE: [PATCH] uts: Don't randomize "struct uts_namespace".
Date: Wed, 11 Jul 2018 16:31:15 +0000 [thread overview]
Message-ID: <4AE2DC15AC0B8543882A74EA0D43DBEC035582C1@BPXM09GP.gisp.nec.co.jp> (raw)
In-Reply-To: <271dcdcd-d622-552c-338a-5eeca5e2b4a0@i-love.sakura.ne.jp>
Hi Tetsuo,
Thanks for your report.
On Friday, July 6, 2018 7:10 PM, Tetsuo Handa wrote:
> Hello Ken'ichi,
>
> I noticed that makedumpfile ( https://sourceforge.net/p/makedumpfile/code/ )
> can no longer detect kernel version correctly because "struct uts_namespace"
> (which is exposed to userspace via vmcoreinfo) is subjected to randomization
> by GCC_PLUGIN_RANDSTRUCT kernel config option since 4.13.
>
> The code was introduced by below commit.
>
> commit bfc8fe181c822ad0d8495ceda3c7109a407192f0
> Author: ken1_ohmichi <ken1_ohmichi>
> Date: Fri Dec 22 07:41:14 2006 +0000
>
> linux-2.6.19 support.
> On linux-2.6.18 or former, the release information could be gotten from
> the symbol "system_utsname". But on linux-2.6.19, it can be done from the
> symbol "init_uts_ns". A new makedumpfile can get the release information
> from the existing symbol.
>
> Can you detect kernel version without using "struct uts_namespace" ?
makedumpfile needs a whole "struct new_utsname" data in "struct uts_namespace"
because it has to write the data out to dump file header, so we need to add
the offset of uts_namespace.name to vmcoreinfo or get it from vmlinux.
But I'm not sure whether it is all to get makedumpfile working well with the
randomization, e.g. some additional offset exposures might be needed.
And I saw a report to the crash utility mailing list that crash also couldn't
work with the randomization due to a vmlinux issue, so if it is still not fixed,
even if makedumpfile (and kernel) is fixed, we cannot use crash.
* [Crash-utility] Using crash with structure layout randomized kernel
https://www.redhat.com/archives/crash-utility/2018-January/thread.html#00035
Thanks,
Kazu
>
> On 2018/07/07 1:11, Linus Torvalds wrote:
> > On Fri, Jul 6, 2018 at 3:07 AM Tetsuo Handa
> > <penguin-kernel@i-love.sakura.ne.jp> wrote:
> >>
> >> I noticed that makedumpfile utility is failing to check kernel version, for
> >> it depends on offset of "struct uts_namespace"->name being sizeof(int).
> >
> > For something like this, we fix makedumpfile instead. This is not a
> > "user program" using system calls etc, this is something that delves
> > into the kernel dump and tries to make sense of it.
> >
> > Where is the makedumpfile source code? What is it trying to do, and why?
> >
> > One option is to just say "hey, you can't make much sense of a
> > randomized kernel dump anyway, so don't even try".
> >
> > Linus
> >
>
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2018-07-11 16:32 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-06 10:07 [PATCH] uts: Don't randomize "struct uts_namespace" Tetsuo Handa
2018-07-06 16:11 ` Linus Torvalds
2018-07-06 23:10 ` Tetsuo Handa
2018-07-11 14:07 ` Fwd: " Tetsuo Handa
2018-07-11 16:31 ` Kazuhito Hagio [this message]
2018-07-11 16:31 ` Kazuhito Hagio
2018-07-06 23:19 ` Kees Cook
2018-07-06 23:35 ` Tetsuo Handa
2018-07-07 0:55 ` Eric W. Biederman
2018-07-07 0:55 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AE2DC15AC0B8543882A74EA0D43DBEC035582C1@BPXM09GP.gisp.nec.co.jp \
--to=k-hagio@ab.jp.nec.com \
--cc=keescook@chromium.org \
--cc=kexec@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mas-tachibana@vf.jp.nec.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.