How to disable address randomization ?

How to disable address randomization ?

[admin LI]

[-- Attachment #1.1: Type: text/plain, Size: 1518 bytes --]

Hi,

I'm developing a kernel module for an ARM machine, while debugging I found
addresses
printed are all randomized and useless for debugging.

To prove I was not crazy I wrote this small program:

---------------------------------
#include <linux/init.h>
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/slab.h>

MODULE_LICENSE("GPL");
MODULE_AUTHOR("Somebody");
MODULE_DESCRIPTION("A simple example Linux module.");
MODULE_VERSION("0.01");

static int __init example_init(void) {
    uint32_t a;
    uint32_t b;
    uint32_t c;
    uint8_t d[10];
    uint8_t *e;

    printk(KERN_INFO "Hello, World!\n");
    printk(KERN_INFO "&a %p\n",&a);
    printk(KERN_INFO "&b %p\n",&b);
    printk(KERN_INFO "&c %p\n",&c);
    printk(KERN_INFO "&d %p\n",d);
    printk(KERN_INFO "&d[0] %p\n",&d[0]);
    printk(KERN_INFO "&d[1] %p\n",&d[1]);

    e = kmalloc(10, GFP_KERNEL);
    printk(KERN_INFO "&e[0] %p\n",&e[0]);
    printk(KERN_INFO "&e[1] %p\n",&e[1]);

    kfree(e);

 return 0;
}

static void __exit example_exit(void) {
 printk(KERN_INFO "Goodbye, World!\n");
}

module_init(example_init);
module_exit(example_exit);
---------------------------------
And it gave me this output:

Hello, World!
&a b3f9fa31
&b 27e1c68a
&c da50d287
&d 9f9aec2b
&d[0] 9f9aec2b
&d[1] cc627580
&e[0] 98b8c9eb
&e[1] 45f248f8

Then I tested on my debian host machine which gave me the same kind of
randomized addresses.

When I search randomization the only thing I found is KASLR which I don't
think is the same thing.

[-- Attachment #1.2: Type: text/html, Size: 2036 bytes --]

[-- Attachment #2: Type: text/plain, Size: 170 bytes --]

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: How to disable address randomization ?

[Valentin Vidić]

On Thu, Jan 13, 2022 at 10:01:30PM +0100, admin LI wrote:
> I'm developing a kernel module for an ARM machine, while debugging I
> found addresses printed are all randomized and useless for debugging.

This should help you:

  https://www.kernel.org/doc/html/latest/core-api/printk-formats.html

-- 
Valentin

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: How to disable address randomization ?

[Jeffrey Walton]

On Thu, Jan 13, 2022 at 4:04 PM admin LI <admin@hifiphile.com> wrote:
>
> I'm developing a kernel module for an ARM machine, while debugging I found addresses
> printed are all randomized and useless for debugging.
>
> To prove I was not crazy I wrote this small program:
>
> ---------------------------------
> #include <linux/init.h>
> #include <linux/module.h>
> #include <linux/kernel.h>
> #include <linux/slab.h>
>
> MODULE_LICENSE("GPL");
> MODULE_AUTHOR("Somebody");
> MODULE_DESCRIPTION("A simple example Linux module.");
> MODULE_VERSION("0.01");
>
> static int __init example_init(void) {
>     uint32_t a;
>     uint32_t b;
>     uint32_t c;
>     uint8_t d[10];
>     uint8_t *e;
>
>     printk(KERN_INFO "Hello, World!\n");
>     printk(KERN_INFO "&a %p\n",&a);
>     printk(KERN_INFO "&b %p\n",&b);
>     printk(KERN_INFO "&c %p\n",&c);
>     printk(KERN_INFO "&d %p\n",d);
>     printk(KERN_INFO "&d[0] %p\n",&d[0]);
>     printk(KERN_INFO "&d[1] %p\n",&d[1]);
>
>     e = kmalloc(10, GFP_KERNEL);
>     printk(KERN_INFO "&e[0] %p\n",&e[0]);
>     printk(KERN_INFO "&e[1] %p\n",&e[1]);
>
>     kfree(e);
>
>  return 0;
> }
>
> static void __exit example_exit(void) {
>  printk(KERN_INFO "Goodbye, World!\n");
> }
>
> module_init(example_init);
> module_exit(example_exit);
> ---------------------------------
> And it gave me this output:
>
> Hello, World!
> &a b3f9fa31
> &b 27e1c68a
> &c da50d287
> &d 9f9aec2b
> &d[0] 9f9aec2b
> &d[1] cc627580
> &e[0] 98b8c9eb
> &e[1] 45f248f8
>
> Then I tested on my debian host machine which gave me the same kind of randomized addresses.
>
> When I search randomization the only thing I found is KASLR which I don't think is the same thing.

I think something else may be going on, but I'll toss this out there
in case it helps.

In the past randomization was disabled by writing 0 to
/proc/sys/kernel/randomize_va_space. Something like:

    sysctl -w kernel.randomize_va_space=0

To make it permanent, change it in /etc/sysctl.conf.

Jeff

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: How to disable address randomization ?

[Aruna Hewapathirane]

[-- Attachment #1.1: Type: text/plain, Size: 390 bytes --]

<snip>

> > When I search randomization the only thing I found is KASLR which I
> don't think is the same thing.
>
<snip>

Think about this carefully. When you insmod that kernel module which
address space is it using ? Kernel or Userspace ? :-)

This will help:
https://askubuntu.com/questions/318315/how-can-i-temporarily-disable-aslr-address-space-layout-randomization

Good luck -Aruna

[-- Attachment #1.2: Type: text/html, Size: 974 bytes --]

[-- Attachment #2: Type: text/plain, Size: 170 bytes --]

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

RE: How to disable address randomization ?

[Chan Kim]

[-- Attachment #1.1: Type: text/plain, Size: 1935 bytes --]

Hi,

To print kernel virtual address, you should use %px instead of %p in the printk.

Probably that’s why you couldn’t see the pointer values correctly.

Chan

 

From: admin LI <admin@hifiphile.com> 
Sent: Friday, January 14, 2022 6:02 AM
To: kernelnewbies@kernelnewbies.org
Subject: How to disable address randomization ?

 

Hi,

I'm developing a kernel module for an ARM machine, while debugging I found addresses 
printed are all randomized and useless for debugging.

To prove I was not crazy I wrote this small program:

---------------------------------
#include <linux/init.h>
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/slab.h>

MODULE_LICENSE("GPL");
MODULE_AUTHOR("Somebody");
MODULE_DESCRIPTION("A simple example Linux module.");
MODULE_VERSION("0.01");

static int __init example_init(void) {
    uint32_t a;
    uint32_t b;
    uint32_t c;
    uint8_t d[10];
    uint8_t *e;

    printk(KERN_INFO "Hello, World!\n");
    printk(KERN_INFO "&a %p\n",&a);
    printk(KERN_INFO "&b %p\n",&b);
    printk(KERN_INFO "&c %p\n",&c);
    printk(KERN_INFO "&d %p\n",d);
    printk(KERN_INFO "&d[0] %p\n",&d[0]);
    printk(KERN_INFO "&d[1] %p\n",&d[1]);

    e = kmalloc(10, GFP_KERNEL);
    printk(KERN_INFO "&e[0] %p\n",&e[0]);
    printk(KERN_INFO "&e[1] %p\n",&e[1]);

    kfree(e);

 return 0;
}

static void __exit example_exit(void) {
 printk(KERN_INFO "Goodbye, World!\n");
}

module_init(example_init);
module_exit(example_exit);
---------------------------------
And it gave me this output:

Hello, World!
&a b3f9fa31
&b 27e1c68a
&c da50d287
&d 9f9aec2b
&d[0] 9f9aec2b
&d[1] cc627580
&e[0] 98b8c9eb
&e[1] 45f248f8

Then I tested on my debian host machine which gave me the same kind of randomized addresses.

When I search randomization the only thing I found is KASLR which I don't think is the same thing.


[-- Attachment #1.2: Type: text/html, Size: 5931 bytes --]

[-- Attachment #2: Type: text/plain, Size: 170 bytes --]

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: How to disable address randomization ?

[admin LI]

[-- Attachment #1.1: Type: text/plain, Size: 1019 bytes --]

Hi Aruna,

Thanks for your help.

Of cause it's in kernel space. I've tried
/proc/sys/kernel/randomize_va_space which does nothing.

Finally I found this in kernel document:

Pointer Types
=============

Pointers printed without a specifier extension (i.e unadorned %p) are
hashed to give a unique identifier without leaking kernel addresses to user
space. On 64 bit machines the first 32 bits are zeroed. If you _really_
want the address see %px below.

⁣Get BlueMail for Android ​

On Jan 14, 2022, 00:54, at 00:54, Aruna Hewapathirane <aruna.hewapathirane@gmail.com> wrote:
><snip>
>
>> > When I search randomization the only thing I found is KASLR which I
>> don't think is the same thing.
>>
><snip>
>
>Think about this carefully. When you insmod that kernel module which
>address space is it using ? Kernel or Userspace ? :-)
>
>This will help:
>https://askubuntu.com/questions/318315/how-can-i-temporarily-disable-aslr-address-space-layout-randomization
>
>Good luck -Aruna

[-- Attachment #1.2: Type: text/html, Size: 2628 bytes --]

[-- Attachment #2: Type: text/plain, Size: 170 bytes --]

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: How to disable address randomization ?

[admin LI]

[-- Attachment #1.1: Type: text/plain, Size: 2628 bytes --]

Hi Jeff,

Thanks for your help, finally I found this in kernel document.

Pointer Types
=============
Pointers printed without a specifier extension (i.e unadorned %p) are hashed to give a unique identifier without leaking kernel addresses to user space. On 64 bit machines the first 32 bits are zeroed. If you _really_ want the address see %px below.

⁣Get BlueMail for Android ​

On Jan 13, 2022, 23:44, at 23:44, Jeffrey Walton <noloader@gmail.com> wrote:
>On Thu, Jan 13, 2022 at 4:04 PM admin LI <admin@hifiphile.com> wrote:
>>
>> I'm developing a kernel module for an ARM machine, while debugging I
>found addresses
>> printed are all randomized and useless for debugging.
>>
>> To prove I was not crazy I wrote this small program:
>>
>> ---------------------------------
>> #include <linux/init.h>
>> #include <linux/module.h>
>> #include <linux/kernel.h>
>> #include <linux/slab.h>
>>
>> MODULE_LICENSE("GPL");
>> MODULE_AUTHOR("Somebody");
>> MODULE_DESCRIPTION("A simple example Linux module.");
>> MODULE_VERSION("0.01");
>>
>> static int __init example_init(void) {
>>     uint32_t a;
>>     uint32_t b;
>>     uint32_t c;
>>     uint8_t d[10];
>>     uint8_t *e;
>>
>>     printk(KERN_INFO "Hello, World!\n");
>>     printk(KERN_INFO "&a %p\n",&a);
>>     printk(KERN_INFO "&b %p\n",&b);
>>     printk(KERN_INFO "&c %p\n",&c);
>>     printk(KERN_INFO "&d %p\n",d);
>>     printk(KERN_INFO "&d[0] %p\n",&d[0]);
>>     printk(KERN_INFO "&d[1] %p\n",&d[1]);
>>
>>     e = kmalloc(10, GFP_KERNEL);
>>     printk(KERN_INFO "&e[0] %p\n",&e[0]);
>>     printk(KERN_INFO "&e[1] %p\n",&e[1]);
>>
>>     kfree(e);
>>
>>  return 0;
>> }
>>
>> static void __exit example_exit(void) {
>>  printk(KERN_INFO "Goodbye, World!\n");
>> }
>>
>> module_init(example_init);
>> module_exit(example_exit);
>> ---------------------------------
>> And it gave me this output:
>>
>> Hello, World!
>> &a b3f9fa31
>> &b 27e1c68a
>> &c da50d287
>> &d 9f9aec2b
>> &d[0] 9f9aec2b
>> &d[1] cc627580
>> &e[0] 98b8c9eb
>> &e[1] 45f248f8
>>
>> Then I tested on my debian host machine which gave me the same kind
>of randomized addresses.
>>
>> When I search randomization the only thing I found is KASLR which I
>don't think is the same thing.
>
>I think something else may be going on, but I'll toss this out there
>in case it helps.
>
>In the past randomization was disabled by writing 0 to
>/proc/sys/kernel/randomize_va_space. Something like:
>
>    sysctl -w kernel.randomize_va_space=0
>
>To make it permanent, change it in /etc/sysctl.conf.
>
>Jeff

[-- Attachment #1.2: Type: text/html, Size: 3456 bytes --]

[-- Attachment #2: Type: text/plain, Size: 170 bytes --]

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

RE: How to disable address randomization ?

[admin LI]

[-- Attachment #1.1: Type: text/plain, Size: 2470 bytes --]

Hi Chan,

Thank you for pointing me to the right direction.

Pointer Types
=============
Pointers printed without a specifier extension (i.e unadorned %p) are hashed to give a unique identifier without leaking kernel addresses to user space. On 64 bit machines the first 32 bits are zeroed. If you _really_ want the address see %px below.

⁣Get BlueMail for Android ​

On Jan 14, 2022, 01:36, at 01:36, Chan Kim <ckim@etri.re.kr> wrote:
>Hi,
>
>To print kernel virtual address, you should use %px instead of %p in
>the printk.
>
>Probably that’s why you couldn’t see the pointer values correctly.
>
>Chan
>
>
>
>From: admin LI <admin@hifiphile.com>
>Sent: Friday, January 14, 2022 6:02 AM
>To: kernelnewbies@kernelnewbies.org
>Subject: How to disable address randomization ?
>
>
>
>Hi,
>
>I'm developing a kernel module for an ARM machine, while debugging I
>found addresses
>printed are all randomized and useless for debugging.
>
>To prove I was not crazy I wrote this small program:
>
>---------------------------------
>#include <linux/init.h>
>#include <linux/module.h>
>#include <linux/kernel.h>
>#include <linux/slab.h>
>
>MODULE_LICENSE("GPL");
>MODULE_AUTHOR("Somebody");
>MODULE_DESCRIPTION("A simple example Linux module.");
>MODULE_VERSION("0.01");
>
>static int __init example_init(void) {
>    uint32_t a;
>    uint32_t b;
>    uint32_t c;
>    uint8_t d[10];
>    uint8_t *e;
>
>    printk(KERN_INFO "Hello, World!\n");
>    printk(KERN_INFO "&a %p\n",&a);
>    printk(KERN_INFO "&b %p\n",&b);
>    printk(KERN_INFO "&c %p\n",&c);
>    printk(KERN_INFO "&d %p\n",d);
>    printk(KERN_INFO "&d[0] %p\n",&d[0]);
>    printk(KERN_INFO "&d[1] %p\n",&d[1]);
>
>    e = kmalloc(10, GFP_KERNEL);
>    printk(KERN_INFO "&e[0] %p\n",&e[0]);
>    printk(KERN_INFO "&e[1] %p\n",&e[1]);
>
>    kfree(e);
>
> return 0;
>}
>
>static void __exit example_exit(void) {
> printk(KERN_INFO "Goodbye, World!\n");
>}
>
>module_init(example_init);
>module_exit(example_exit);
>---------------------------------
>And it gave me this output:
>
>Hello, World!
>&a b3f9fa31
>&b 27e1c68a
>&c da50d287
>&d 9f9aec2b
>&d[0] 9f9aec2b
>&d[1] cc627580
>&e[0] 98b8c9eb
>&e[1] 45f248f8
>
>Then I tested on my debian host machine which gave me the same kind of
>randomized addresses.
>
>When I search randomization the only thing I found is KASLR which I
>don't think is the same thing.

[-- Attachment #1.2: Type: text/html, Size: 4984 bytes --]

[-- Attachment #2: Type: text/plain, Size: 170 bytes --]

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies