[PATCH v2] x86, kaslr: export offset in VMCOREINFO ELF notes

[PATCH v2] x86, kaslr: export offset in VMCOREINFO ELF notes

[Kees Cook]

From: Eugene Surovegin <surovegin@google.com>

Include kASLR offset in VMCOREINFO ELF notes to assist in debugging.

Signed-off-by: Eugene Surovegin <surovegin@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
v2:
 - make sure "From:" got sent correctly
---
 arch/x86/kernel/machine_kexec_64.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
index 4eabc160696f..679cef0791cd 100644
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -279,5 +279,7 @@ void arch_crash_save_vmcoreinfo(void)
 	VMCOREINFO_SYMBOL(node_data);
 	VMCOREINFO_LENGTH(node_data, MAX_NUMNODES);
 #endif
+	vmcoreinfo_append_str("KERNELOFFSET=%lx\n",
+			      (unsigned long)&_text - __START_KERNEL);
 }
 
-- 
1.7.9.5


-- 
Kees Cook
Chrome OS Security

Re: [PATCH v2] x86, kaslr: export offset in VMCOREINFO ELF notes

[Ingo Molnar]

* Kees Cook <keescook@chromium.org> wrote:

> From: Eugene Surovegin <surovegin@google.com>
> 
> Include kASLR offset in VMCOREINFO ELF notes to assist in debugging.
> 
> Signed-off-by: Eugene Surovegin <surovegin@google.com>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> v2:
>  - make sure "From:" got sent correctly
> ---
>  arch/x86/kernel/machine_kexec_64.c |    2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
> index 4eabc160696f..679cef0791cd 100644
> --- a/arch/x86/kernel/machine_kexec_64.c
> +++ b/arch/x86/kernel/machine_kexec_64.c
> @@ -279,5 +279,7 @@ void arch_crash_save_vmcoreinfo(void)
>  	VMCOREINFO_SYMBOL(node_data);
>  	VMCOREINFO_LENGTH(node_data, MAX_NUMNODES);
>  #endif
> +	vmcoreinfo_append_str("KERNELOFFSET=%lx\n",
> +			      (unsigned long)&_text - __START_KERNEL);
>  }

I've Cc:-ed Adrian Hunter, who has sent the following kaslr fixes for 
perf yesterday:

  http://lkml.org/lkml/2014/1/24/220

Adrian, is this patch the right solution from the perf tooling 
perspective?

Thanks,

	Ingo

Re: [PATCH v2] x86, kaslr: export offset in VMCOREINFO ELF notes

[Adrian Hunter]

On 25/01/14 09:47, Ingo Molnar wrote:
> 
> * Kees Cook <keescook@chromium.org> wrote:
> 
>> From: Eugene Surovegin <surovegin@google.com>
>>
>> Include kASLR offset in VMCOREINFO ELF notes to assist in debugging.
>>
>> Signed-off-by: Eugene Surovegin <surovegin@google.com>
>> Signed-off-by: Kees Cook <keescook@chromium.org>
>> ---
>> v2:
>>  - make sure "From:" got sent correctly
>> ---
>>  arch/x86/kernel/machine_kexec_64.c |    2 ++
>>  1 file changed, 2 insertions(+)
>>
>> diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
>> index 4eabc160696f..679cef0791cd 100644
>> --- a/arch/x86/kernel/machine_kexec_64.c
>> +++ b/arch/x86/kernel/machine_kexec_64.c
>> @@ -279,5 +279,7 @@ void arch_crash_save_vmcoreinfo(void)
>>  	VMCOREINFO_SYMBOL(node_data);
>>  	VMCOREINFO_LENGTH(node_data, MAX_NUMNODES);
>>  #endif
>> +	vmcoreinfo_append_str("KERNELOFFSET=%lx\n",
>> +			      (unsigned long)&_text - __START_KERNEL);
>>  }
> 
> I've Cc:-ed Adrian Hunter, who has sent the following kaslr fixes for 
> perf yesterday:
> 
>   http://lkml.org/lkml/2014/1/24/220
> 
> Adrian, is this patch the right solution from the perf tooling 
> perspective?

perf tools isn't a consumer of VMCOREINFO although I see VMCOREINFO already
has _stext which would be enough for many purposes.

> 
> Thanks,
> 
> 	Ingo
> 
> 

Re: [PATCH v2] x86, kaslr: export offset in VMCOREINFO ELF notes

[Ingo Molnar]

* Adrian Hunter <adrian.hunter@intel.com> wrote:

> On 25/01/14 09:47, Ingo Molnar wrote:
> > 
> > * Kees Cook <keescook@chromium.org> wrote:
> > 
> >> From: Eugene Surovegin <surovegin@google.com>
> >>
> >> Include kASLR offset in VMCOREINFO ELF notes to assist in debugging.
> >>
> >> Signed-off-by: Eugene Surovegin <surovegin@google.com>
> >> Signed-off-by: Kees Cook <keescook@chromium.org>
> >> ---
> >> v2:
> >>  - make sure "From:" got sent correctly
> >> ---
> >>  arch/x86/kernel/machine_kexec_64.c |    2 ++
> >>  1 file changed, 2 insertions(+)
> >>
> >> diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
> >> index 4eabc160696f..679cef0791cd 100644
> >> --- a/arch/x86/kernel/machine_kexec_64.c
> >> +++ b/arch/x86/kernel/machine_kexec_64.c
> >> @@ -279,5 +279,7 @@ void arch_crash_save_vmcoreinfo(void)
> >>  	VMCOREINFO_SYMBOL(node_data);
> >>  	VMCOREINFO_LENGTH(node_data, MAX_NUMNODES);
> >>  #endif
> >> +	vmcoreinfo_append_str("KERNELOFFSET=%lx\n",
> >> +			      (unsigned long)&_text - __START_KERNEL);
> >>  }
> > 
> > I've Cc:-ed Adrian Hunter, who has sent the following kaslr fixes for 
> > perf yesterday:
> > 
> >   http://lkml.org/lkml/2014/1/24/220
> > 
> > Adrian, is this patch the right solution from the perf tooling 
> > perspective?
> 
> perf tools isn't a consumer of VMCOREINFO although I see VMCOREINFO 
> already has _stext which would be enough for many purposes.

Yes - but let me explain where I'm coming from: I'd like the recent 
KASLR related perf /proc/kcore based annotation bug to be fixed 
properly.

Currently I'm not sure about the status of it. In your fixes 
submission:

  Date: Fri, 24 Jan 2014 17:10:10 +0200
  From: Adrian Hunter <adrian.hunter@intel.com>
  Subject: [PATCH 0/8] perf tools: kaslr fixes

you mentioned the following:

    "- mustn't use kcore if the kernel has moved"

Does this that /proc/kcore annotation will not work if KASLR is 
active?

If yes then given that I expect most distros to turn on KASLR this 
would essentially make /proc/kcore useless on a large set of Linux 
systems. That would be suboptimal.

Thanks,

	Ingo

Re: [PATCH v2] x86, kaslr: export offset in VMCOREINFO ELF notes

[Adrian Hunter]

On 27/01/14 17:25, Ingo Molnar wrote:
> 
> * Adrian Hunter <adrian.hunter@intel.com> wrote:
> 
>> On 25/01/14 09:47, Ingo Molnar wrote:
>>>
>>> * Kees Cook <keescook@chromium.org> wrote:
>>>
>>>> From: Eugene Surovegin <surovegin@google.com>
>>>>
>>>> Include kASLR offset in VMCOREINFO ELF notes to assist in debugging.
>>>>
>>>> Signed-off-by: Eugene Surovegin <surovegin@google.com>
>>>> Signed-off-by: Kees Cook <keescook@chromium.org>
>>>> ---
>>>> v2:
>>>>  - make sure "From:" got sent correctly
>>>> ---
>>>>  arch/x86/kernel/machine_kexec_64.c |    2 ++
>>>>  1 file changed, 2 insertions(+)
>>>>
>>>> diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
>>>> index 4eabc160696f..679cef0791cd 100644
>>>> --- a/arch/x86/kernel/machine_kexec_64.c
>>>> +++ b/arch/x86/kernel/machine_kexec_64.c
>>>> @@ -279,5 +279,7 @@ void arch_crash_save_vmcoreinfo(void)
>>>>  	VMCOREINFO_SYMBOL(node_data);
>>>>  	VMCOREINFO_LENGTH(node_data, MAX_NUMNODES);
>>>>  #endif
>>>> +	vmcoreinfo_append_str("KERNELOFFSET=%lx\n",
>>>> +			      (unsigned long)&_text - __START_KERNEL);
>>>>  }
>>>
>>> I've Cc:-ed Adrian Hunter, who has sent the following kaslr fixes for 
>>> perf yesterday:
>>>
>>>   http://lkml.org/lkml/2014/1/24/220
>>>
>>> Adrian, is this patch the right solution from the perf tooling 
>>> perspective?
>>
>> perf tools isn't a consumer of VMCOREINFO although I see VMCOREINFO 
>> already has _stext which would be enough for many purposes.
> 
> Yes - but let me explain where I'm coming from: I'd like the recent 
> KASLR related perf /proc/kcore based annotation bug to be fixed 
> properly.
> 
> Currently I'm not sure about the status of it. In your fixes 
> submission:
> 
>   Date: Fri, 24 Jan 2014 17:10:10 +0200
>   From: Adrian Hunter <adrian.hunter@intel.com>
>   Subject: [PATCH 0/8] perf tools: kaslr fixes
> 
> you mentioned the following:
> 
>     "- mustn't use kcore if the kernel has moved"
> 
> Does this that /proc/kcore annotation will not work if KASLR is 
> active?

No. In fact annotation works now with kcore.  Linus' problem was with vmlinux.

Kcore won't be used with kaslr in the case:
	1. record data with 'perf record'
	2. reboot
	3. use annotation on the previously recorded data

As I noted in the commit message, you can still use kcore if you made a copy
(with perf buildid-cache) at the time the data was recorded.

> 
> If yes then given that I expect most distros to turn on KASLR this 
> would essentially make /proc/kcore useless on a large set of Linux 
> systems. That would be suboptimal.
> 
> Thanks,
> 
> 	Ingo
> 
> 

Re: [PATCH v2] x86, kaslr: export offset in VMCOREINFO ELF notes

[Peter Zijlstra]

On Mon, Jan 27, 2014 at 05:56:38PM +0200, Adrian Hunter wrote:
> No. In fact annotation works now with kcore.  Linus' problem was with vmlinux.
> 
> Kcore won't be used with kaslr in the case:
> 	1. record data with 'perf record'
> 	2. reboot
> 	3. use annotation on the previously recorded data
> 
> As I noted in the commit message, you can still use kcore if you made a copy
> (with perf buildid-cache) at the time the data was recorded.

Not that I care much about this particular case; but you could also save
the offset at record time and do double offset correction assuming its
still the same kernel you booted into but at a different location.

Re: [PATCH v2] x86, kaslr: export offset in VMCOREINFO ELF notes

[Peter Zijlstra]

Do _NOT_ cross post to moderated lists!!

Re: [PATCH v2] x86, kaslr: export offset in VMCOREINFO ELF notes

[Andrew Honig]

The purpose of this patch to make it easier for processing offline
kdump files for crash analysis.  For context on the see this thread
for a patch in progress
(http://www.mail-archive.com/crash-utility@redhat.com/msg04640.html)

_stext doesn't quite work for this purpose because in my testing it
doesn't exactly match the kaslr offset, for some reason _stext is a
few hundred bytes after the kaslr offset.  The number doesn't appear
consistent and I would prefer not to take a dependency on that.

On Mon, Jan 27, 2014 at 8:22 AM, Peter Zijlstra <peterz@infradead.org> wrote:
>
>
> Do _NOT_ cross post to moderated lists!!

Re: [PATCH v2] x86, kaslr: export offset in VMCOREINFO ELF notes

[Peter Zijlstra]

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: [PATCH v2] x86, kaslr: export offset in VMCOREINFO ELF notes

[Kees Cook]

On Thu, Jan 23, 2014 at 9:31 AM, Kees Cook <keescook@chromium.org> wrote:
> From: Eugene Surovegin <surovegin@google.com>
>
> Include kASLR offset in VMCOREINFO ELF notes to assist in debugging.
>
> Signed-off-by: Eugene Surovegin <surovegin@google.com>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> v2:
>  - make sure "From:" got sent correctly
> ---
>  arch/x86/kernel/machine_kexec_64.c |    2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
> index 4eabc160696f..679cef0791cd 100644
> --- a/arch/x86/kernel/machine_kexec_64.c
> +++ b/arch/x86/kernel/machine_kexec_64.c
> @@ -279,5 +279,7 @@ void arch_crash_save_vmcoreinfo(void)
>         VMCOREINFO_SYMBOL(node_data);
>         VMCOREINFO_LENGTH(node_data, MAX_NUMNODES);
>  #endif
> +       vmcoreinfo_append_str("KERNELOFFSET=%lx\n",
> +                             (unsigned long)&_text - __START_KERNEL);
>  }
>
> --
> 1.7.9.5

Ping on this patch. The crash-utils folks would like to be using this feature.

-Kees

-- 
Kees Cook
Chrome OS Security

[tip:x86/urgent] x86, kaslr: export offset in VMCOREINFO ELF notes

[tip-bot for Eugene Surovegin]

Commit-ID:  b6085a865762236bb84934161273cdac6dd11c2d
Gitweb:     http://git.kernel.org/tip/b6085a865762236bb84934161273cdac6dd11c2d
Author:     Eugene Surovegin <surovegin@google.com>
AuthorDate: Thu, 23 Jan 2014 09:31:20 -0800
Committer:  H. Peter Anvin <hpa@linux.intel.com>
CommitDate: Tue, 25 Feb 2014 16:57:47 -0800

x86, kaslr: export offset in VMCOREINFO ELF notes

Include kASLR offset in VMCOREINFO ELF notes to assist in debugging.

[ hpa: pushing this for v3.14 to avoid having a kernel version with
  kASLR where we can't debug output. ]

Signed-off-by: Eugene Surovegin <surovegin@google.com>
Link: http://lkml.kernel.org/r/20140123173120.GA25474@www.outflux.net
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
---
 arch/x86/kernel/machine_kexec_64.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
index 4eabc16..679cef0 100644
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -279,5 +279,7 @@ void arch_crash_save_vmcoreinfo(void)
 	VMCOREINFO_SYMBOL(node_data);
 	VMCOREINFO_LENGTH(node_data, MAX_NUMNODES);
 #endif
+	vmcoreinfo_append_str("KERNELOFFSET=%lx\n",
+			      (unsigned long)&_text - __START_KERNEL);
 }