From: Borislav Petkov <bp@alien8.de>
To: Andrew Morton <akpm@linux-foundation.org>,
Marc Zyngier <marc.zyngier@arm.com>,
Will Deacon <will.deacon@arm.com>, Rabin Vincent <rabin@rab.in>
Cc: x86-ml <x86@kernel.org>, lkml <linux-kernel@vger.kernel.org>
Subject: [RFC] Add RIP to scripts/decodecode
Date: Tue, 29 Sep 2020 13:32:38 +0200 [thread overview]
Message-ID: <20200929113238.GC21110@zn.tnic> (raw)
Hi,
how about we add RIP to decodecode output? See below.
I've added the couple of people to Cc who seem to use this thing. The
patch is dirty and needs cleaning still but I think it would be cool to
have the actual addresses in that output so that when you compare with
objdump output in another window, you can find the code very quickly.
You'd need to supply the rIP from the splat, though, as an env var:
$ RIP=0xffffffff8329a927 ./scripts/decodecode < ~/tmp/syz/gfs2.splat
[ 477.379104][T23917] Code: 48 83 ec 28 48 89 3c 24 48 89 54 24 08 e8 c1 b4 4a fe 48 8d bb 00 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 97 05 00 00 48 8b 9b 00 01 00 00 48 85 db 0f 84
Cleaned: [48 83 ec 28 48 89 3c 24 48 89 54 24 08 e8 c1 b4 4a fe 48 8d bb 00 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 97 05 00 00 48 8b 9b 00 01 00 00 48 85 db 0f 84]
Marker: 127
rIP_sub: 42
adj_vma: 0xffffffff8329a8fd
All code
========
ffffffff8329a8fd: 48 83 ec 28 sub $0x28,%rsp
ffffffff8329a901: 48 89 3c 24 mov %rdi,(%rsp)
ffffffff8329a905: 48 89 54 24 08 mov %rdx,0x8(%rsp)
ffffffff8329a90a: e8 c1 b4 4a fe callq 0xffffffff81745dd0
ffffffff8329a90f: 48 8d bb 00 01 00 00 lea 0x100(%rbx),%rdi
ffffffff8329a916: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
ffffffff8329a91d: fc ff df
ffffffff8329a920: 48 89 fa mov %rdi,%rdx
ffffffff8329a923: 48 c1 ea 03 shr $0x3,%rdx
ffffffff8329a927:* 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
ffffffff8329a92b: 0f 85 97 05 00 00 jne 0xffffffff8329aec8
ffffffff8329a931: 48 8b 9b 00 01 00 00 mov 0x100(%rbx),%rbx
ffffffff8329a938: 48 85 db test %rbx,%rbx
ffffffff8329a93b: 0f .byte 0xf
ffffffff8329a93c: 84 .byte 0x84
Code starting with the faulting instruction
===========================================
ffffffff8329a8fd: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
ffffffff8329a901: 0f 85 97 05 00 00 jne 0xffffffff8329ae9e
ffffffff8329a907: 48 8b 9b 00 01 00 00 mov 0x100(%rbx),%rbx
ffffffff8329a90e: 48 85 db test %rbx,%rbx
ffffffff8329a911: 0f .byte 0xf
ffffffff8329a912: 84 .byte 0x84
---
diff --git a/scripts/decodecode b/scripts/decodecode
index fbdb325cdf4f..f6b799e3e51a 100755
--- a/scripts/decodecode
+++ b/scripts/decodecode
@@ -6,6 +6,7 @@
# options: set env. variable AFLAGS=options to pass options to "as";
# e.g., to decode an i386 oops on an x86_64 system, use:
# AFLAGS=--32 decodecode < 386.oops
+# RIP=hex - the rIP the splat points to
cleanup() {
rm -f $T $T.s $T.o $T.oo $T.aa $T.dis
@@ -52,6 +53,8 @@ fi
echo $code
code=`echo $code | sed -e 's/.*Code: //'`
+echo "Cleaned: [$code]"
+
width=`expr index "$code" ' '`
width=$((($width-1)/2))
case $width in
@@ -67,15 +70,19 @@ if [ -z "$ARCH" ]; then
esac
fi
+# Params: (tmp_file, rip_sub)
disas() {
- ${CROSS_COMPILE}as $AFLAGS -o $1.o $1.s > /dev/null 2>&1
+ t=$1
+ rip_sub=$2
+
+ ${CROSS_COMPILE}as $AFLAGS -o $t.o $t.s > /dev/null 2>&1
if [ "$ARCH" = "arm" ]; then
if [ $width -eq 2 ]; then
OBJDUMPFLAGS="-M force-thumb"
fi
- ${CROSS_COMPILE}strip $1.o
+ ${CROSS_COMPILE}strip $t.o
fi
if [ "$ARCH" = "arm64" ]; then
@@ -83,11 +90,19 @@ disas() {
type=inst
fi
- ${CROSS_COMPILE}strip $1.o
+ ${CROSS_COMPILE}strip $t.o
+ fi
+
+ if [ $rip_sub -ne 0 ]; then
+ if [ $RIP ]; then
+ adj_vma=$(( $RIP - $rip_sub ))
+ printf "adj_vma: 0x%lx\n" $adj_vma
+ OBJDUMPFLAGS="$OBJDUMPFLAGS --adjust-vma=$adj_vma"
+ fi
fi
- ${CROSS_COMPILE}objdump $OBJDUMPFLAGS -S $1.o | \
- grep -v "/tmp\|Disassembly\|\.text\|^$" > $1.dis 2>&1
+ ${CROSS_COMPILE}objdump $OBJDUMPFLAGS -S $t.o | \
+ grep -v "/tmp\|Disassembly\|\.text\|^$" > $t.dis 2>&1
}
marker=`expr index "$code" "\<"`
@@ -95,14 +110,19 @@ if [ $marker -eq 0 ]; then
marker=`expr index "$code" "\("`
fi
+
touch $T.oo
if [ $marker -ne 0 ]; then
+ echo "Marker: $marker"
+ # 2 opcode bytes and a single space
+ rip_sub=$(( $marker / 3 ))
+ echo "rIP_sub: $rip_sub"
echo All code >> $T.oo
echo ======== >> $T.oo
beforemark=`echo "$code"`
echo -n " .$type 0x" > $T.s
echo $beforemark | sed -e 's/ /,0x/g; s/[<>()]//g' >> $T.s
- disas $T
+ disas $T $rip_sub
cat $T.dis >> $T.oo
rm -f $T.o $T.s $T.dis
@@ -114,7 +134,7 @@ echo =========================================== >> $T.aa
code=`echo $code | sed -e 's/ [<(]/ /;s/[>)] / /;s/ /,0x/g; s/[>)]$//'`
echo -n " .$type 0x" > $T.s
echo $code >> $T.s
-disas $T
+disas $T 0
cat $T.dis >> $T.aa
# (lines of whole $T.oo) - (lines of $T.aa, i.e. "Code starting") + 3,
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
next reply other threads:[~2020-09-29 12:28 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-29 11:32 Borislav Petkov [this message]
2020-09-29 12:40 ` [RFC] Add RIP to scripts/decodecode Marc Zyngier
2020-09-29 13:22 ` Borislav Petkov
2020-09-30 11:14 ` [PATCH] scripts/decodecode: Add the capability to supply the program counter Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200929113238.GC21110@zn.tnic \
--to=bp@alien8.de \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marc.zyngier@arm.com \
--cc=rabin@rab.in \
--cc=will.deacon@arm.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).