commit 1e488cfefa1d9ca4ca626bc2a308b39f7404f5db

Author: Dave Anderson <anderson@redhat.com>

Date:   Tue Jan 23 16:35:41 2018 -0500

    Fix for the "bt" command and the "ps -s" option for zombie tasks

    whose kernel stacks have been freed/detached.  Without the patch,

    the "bt" command indicates "bt: invalid kernel virtual address: 0

    type: stack contents" and "bt: read of stack at 0 failed"; it will

    be changed to display "(no stack)".  The "ps -s" option would fail

    prematurely upon reaching such a task, indicating "ps: invalid kernel

    virtual address: 0  type: stack contents" and "ps: read of stack at 0

    failed".

    (anderson@redhat.com)

diff --git a/kernel.c b/kernel.c

index 4638495..1bf6251 100644

--- a/kernel.c

+++ b/kernel.c

@@ -1,8 +1,8 @@

 /* kernel.c - core analysis suite

  *

  * Copyright (C) 1999, 2000, 2001, 2002 Mission Critical Linux, Inc.

- * Copyright (C) 2002-2017 David Anderson

- * Copyright (C) 2002-2017 Red Hat, Inc. All rights reserved.

+ * Copyright (C) 2002-2018 David Anderson

+ * Copyright (C) 2002-2018 Red Hat, Inc. All rights reserved.

  *

  * This program is free software; you can redistribute it and/or modify

  * it under the terms of the GNU General Public License as published by

@@ -2890,6 +2890,11 @@ back_trace(struct bt_info *bt)

 			return;

  	}

+	if (bt->stackbase == 0) {

+		fprintf(fp, "(no stack)\n");

+		return;

+	}

+

 	fill_stackbuf(bt);

 	if (CRASHDEBUG(4)) {

diff --git a/task.c b/task.c

index b303ef7..db05ab4 100644

--- a/task.c

+++ b/task.c

@@ -1,8 +1,8 @@

 /* task.c - core analysis suite

  *

  * Copyright (C) 1999, 2000, 2001, 2002 Mission Critical Linux, Inc.

- * Copyright (C) 2002-2017 David Anderson

- * Copyright (C) 2002-2017 Red Hat, Inc. All rights reserved.

+ * Copyright (C) 2002-2018 David Anderson

+ * Copyright (C) 2002-2018 Red Hat, Inc. All rights reserved.

  *

  * This program is free software; you can redistribute it and/or modify

  * it under the terms of the GNU General Public License as published by

@@ -4182,12 +4182,14 @@ task_pointer_string(struct task_context *tc, ulong do_kstackp, char *buf)

 				KVADDR, &bt->stkptr, sizeof(void *),

                 		"thread_struct ksp", FAULT_ON_ERROR);

 		} else {

-               		bt->task = tc->task;

-               		bt->tc = tc;

-               		bt->stackbase = GET_STACKBASE(tc->task);

-               		bt->stacktop = GET_STACKTOP(tc->task);

-			bt->flags |= BT_KSTACKP;

-			back_trace(bt);

+			if ((bt->stackbase = GET_STACKBASE(tc->task))) {

+				bt->stacktop = GET_STACKTOP(tc->task);

+				bt->task = tc->task;

+				bt->tc = tc;

+				bt->flags |= BT_KSTACKP;

+				back_trace(bt);

+			} else

+				bt->stkptr = 0;

 		}

 		if (bt->stkptr)

commit 693e0fa8ea8b2791329a4197fafd8700afa14c3b

Author: Dave Anderson <anderson@redhat.com>

Date:   Thu Jan 25 14:52:54 2018 -0500

    Fix for running on live systems on 4.15-rc2 and later kernels that

    are configured with CONFIG_RANDOMIZE_BASE and contain kernel commit

    668533dc0764b30c9dd2baf3ca800156f688326b, titled "kallsyms: take

    advantage of the new '%px' format".  Without the patch, a live crash

    session does not show the "WARNING: kernel relocated ..." message

    expected with KASLR, and then displays the message "crash: cannot set

    context for pid: <pid>" prior to generating a SIGSEGV.

    (anderson@redhat.com)

diff --git a/symbols.c b/symbols.c

index 2372887..9a3763c 100644

--- a/symbols.c

+++ b/symbols.c

@@ -1,8 +1,8 @@

 /* symbols.c - core analysis suite

  *

  * Copyright (C) 1999, 2000, 2001, 2002 Mission Critical Linux, Inc.

- * Copyright (C) 2002-2017 David Anderson

- * Copyright (C) 2002-2017 Red Hat, Inc. All rights reserved.

+ * Copyright (C) 2002-2018 David Anderson

+ * Copyright (C) 2002-2018 Red Hat, Inc. All rights reserved.

  *

  * This program is free software; you can redistribute it and/or modify

  * it under the terms of the GNU General Public License as published by

@@ -1004,10 +1004,9 @@ symbol_value_from_proc_kallsyms(char *symname)

 	found = FALSE;

 	while (!found && fgets(buf, BUFSIZE, kp) &&

-	    (parse_line(buf, kallsyms) == 3) && 

-	    hexadecimal(kallsyms[0], 0)) {

-

-		if (STREQ(kallsyms[2], symname)) {

+	    (parse_line(buf, kallsyms) == 3)) {

+		if (hexadecimal(kallsyms[0], 0) && 

+		    STREQ(kallsyms[2], symname)) {

 			kallsym = htol(kallsyms[0], RETURN_ON_ERROR, NULL);

 			found = TRUE;

 			break;

commit 1af7813e0552ac93b39a44abffffc04600d3ed4c

Author: Dave Anderson <anderson@redhat.com>

Date:   Thu Jan 25 15:17:26 2018 -0500

    Fix for 4.15-rc5 and later x86_64 kernels that contain kernel commit

    c482feefe1aeb150156248ba0fd3e029bc886605, titled "x86/entry/64: Make

    cpu_entry_area.tss read-only".  Without the patch, the addresses and

    sizes of the x86_64 exception stacks cannot be determined; therefore

    if a backtrace starts on one of the exception stacks, then the "bt"

    command will fail.

    (anderson@redhat.com)

diff --git a/x86_64.c b/x86_64.c

index e924ca9..467b5d7 100644

--- a/x86_64.c

+++ b/x86_64.c

@@ -1245,8 +1245,10 @@ x86_64_ist_init(void)

 	struct syment *boot_sp, *tss_sp, *ist_sp;

         ms = machdep->machspec;

-	if (!(tss_sp = per_cpu_symbol_search("per_cpu__init_tss")))

-		tss_sp = per_cpu_symbol_search("per_cpu__cpu_tss");

+	if (!(tss_sp = per_cpu_symbol_search("per_cpu__init_tss"))) {

+		if (!(tss_sp = per_cpu_symbol_search("per_cpu__cpu_tss")))

+			tss_sp = per_cpu_symbol_search("per_cpu__cpu_tss_rw");

+	}

 	ist_sp = per_cpu_symbol_search("per_cpu__orig_ist");

 	x86_64_exception_stacks_init();

commit 1160ba19884fed4420c334394cde7a40b113e09c

Author: Dave Anderson <anderson@redhat.com>

Date:   Fri Jan 26 11:06:48 2018 -0500

    Additional fix for support of KASLR enabled kernels captured by the

    SADUMP dumpfile facility, where this patch fixes a problem when Page

    Table Isolation(PTI) is enabled.  When PTI is enabled, bit 12 of CR3

    register is used to split user space and kernel space.  Also bit 11:0

    is used for Process Context IDentifiers(PCID).  To open an SADUMP

    dumpfile, the value of CR3 is used to calculate KASLR offset and

    phys_base; this patch masks the CR3 register value correctly for

    a PTI enabled kernel.

    (indou.takao@jp.fujitsu.com)

diff --git a/defs.h b/defs.h

index 4d2fb2f..92341d2 100644

--- a/defs.h

+++ b/defs.h

@@ -2605,6 +2605,8 @@ struct symbol_table_data {

 	ulong divide_error_vmlinux;

 	ulong idt_table_vmlinux;

 	ulong saved_command_line_vmlinux;

+	ulong pti_init_vmlinux;

+	ulong kaiser_init_vmlinux;

 };

 /* flags for st */

diff --git a/sadump.c b/sadump.c

index 6b912d4..25cefe9 100644

--- a/sadump.c

+++ b/sadump.c

@@ -1749,7 +1749,7 @@ static ulong memparse(char *ptr, char **retptr)

  * of elfcorehdr.

  */

 static ulong

-get_elfcorehdr(ulong cr3, ulong kaslr_offset)

+get_elfcorehdr(ulong kaslr_offset)

 {

 	char cmdline[BUFSIZE], *ptr;

 	ulong cmdline_vaddr;

@@ -1906,7 +1906,7 @@ get_vmcoreinfo(ulong elfcorehdr, ulong *addr, int *len)

  *    using "elfcorehdr=" and retrieve kaslr_offset/phys_base from vmcoreinfo.

  */

 static int

-get_kaslr_offset_from_vmcoreinfo(ulong cr3, ulong orig_kaslr_offset,

+get_kaslr_offset_from_vmcoreinfo(ulong orig_kaslr_offset,

 		                 ulong *kaslr_offset, ulong *phys_base)

 {

 	ulong elfcorehdr_addr = 0;

@@ -1916,7 +1916,7 @@ get_kaslr_offset_from_vmcoreinfo(ulong cr3, ulong orig_kaslr_offset,

 	int ret = FALSE;

 	/* Find "elfcorehdr=" in the kernel boot parameter */

-	elfcorehdr_addr = get_elfcorehdr(cr3, orig_kaslr_offset);

+	elfcorehdr_addr = get_elfcorehdr(orig_kaslr_offset);

 	if (!elfcorehdr_addr)

 		return FALSE;

@@ -1973,8 +1973,8 @@ quit:

  * 1) Get IDTR and CR3 value from the dump header.

  * 2) Get a virtual address of IDT from IDTR value

  *    --- (A)

- * 3) Translate (A) to physical address using CR3, which points a top of

- *    page table.

+ * 3) Translate (A) to physical address using CR3, the upper 52 bits

+ *    of which points a top of page table.

  *    --- (B)

  * 4) Get an address of vector0 (Devide Error) interrupt handler from

  *    IDT, which are pointed by (B).

@@ -2023,12 +2023,15 @@ quit:

  *    kernel. Retrieve vmcoreinfo from address of "elfcorehdr=" and

  *    get kaslr_offset and phys_base from vmcoreinfo.

  */

+#define PTI_USER_PGTABLE_BIT	PAGE_SHIFT

+#define PTI_USER_PGTABLE_MASK	(1 << PTI_USER_PGTABLE_BIT)

+#define CR3_PCID_MASK		0xFFFull

 int

 sadump_calc_kaslr_offset(ulong *kaslr_offset)

 {

 	ulong phys_base = 0;

 	struct sadump_smram_cpu_state scs;

-	uint64_t idtr = 0, cr3 = 0, idtr_paddr;

+	uint64_t idtr = 0, pgd = 0, idtr_paddr;

 	ulong divide_error_vmcore;

 	ulong kaslr_offset_kdump, phys_base_kdump;

 	int ret = FALSE;

@@ -2039,7 +2042,10 @@ sadump_calc_kaslr_offset(ulong *kaslr_offset)

 	memset(&scs, 0, sizeof(scs));

 	get_sadump_smram_cpu_state_any(&scs);

-	cr3 = scs.Cr3;

+	if (st->pti_init_vmlinux || st->kaiser_init_vmlinux)

+		pgd = scs.Cr3 & ~(CR3_PCID_MASK|PTI_USER_PGTABLE_MASK);

+	else

+		pgd = scs.Cr3 & ~CR3_PCID_MASK;

 	idtr = ((uint64_t)scs.IdtUpper)<<32 | (uint64_t)scs.IdtLower;

 	/*

@@ -2050,12 +2056,12 @@ sadump_calc_kaslr_offset(ulong *kaslr_offset)

 	 *

 	 * TODO: XEN and 5-level is not supported

 	 */

-	vt->kernel_pgd[0] = cr3;

+	vt->kernel_pgd[0] = pgd;

 	machdep->machspec->last_pml4_read = vt->kernel_pgd[0];

 	machdep->machspec->physical_mask_shift = __PHYSICAL_MASK_SHIFT_2_6;

 	machdep->machspec->pgdir_shift = PGDIR_SHIFT;

-	if (!readmem(cr3, PHYSADDR, machdep->machspec->pml4, PAGESIZE(),

-			"cr3", RETURN_ON_ERROR))

+	if (!readmem(pgd, PHYSADDR, machdep->machspec->pml4, PAGESIZE(),

+			"pgd", RETURN_ON_ERROR))

 		goto quit;

 	/* Convert virtual address of IDT table to physical address */

@@ -2070,7 +2076,7 @@ sadump_calc_kaslr_offset(ulong *kaslr_offset)

 	if (CRASHDEBUG(1)) {

 		fprintf(fp, "calc_kaslr_offset: idtr=%lx\n", idtr);

-		fprintf(fp, "calc_kaslr_offset: cr3=%lx\n", cr3);

+		fprintf(fp, "calc_kaslr_offset: pgd=%lx\n", pgd);

 		fprintf(fp, "calc_kaslr_offset: idtr(phys)=%lx\n", idtr_paddr);

 		fprintf(fp, "calc_kaslr_offset: divide_error(vmlinux): %lx\n",

 			st->divide_error_vmlinux);

@@ -2084,9 +2090,12 @@ sadump_calc_kaslr_offset(ulong *kaslr_offset)

 	 * from vmcoreinfo

 	 */

 	if (get_kaslr_offset_from_vmcoreinfo(

-		cr3, *kaslr_offset, &kaslr_offset_kdump, &phys_base_kdump)) {

+		*kaslr_offset, &kaslr_offset_kdump, &phys_base_kdump)) {

 		*kaslr_offset =  kaslr_offset_kdump;

 		phys_base =  phys_base_kdump;

+	} else if (CRASHDEBUG(1)) {

+		fprintf(fp, "sadump: failed to determine which kernel was running at crash,\n");

+		fprintf(fp, "sadump: asssuming the kdump 1st kernel.\n");

 	}

 	if (CRASHDEBUG(1)) {

diff --git a/symbols.c b/symbols.c

index 9a3763c..4db9af7 100644

--- a/symbols.c

+++ b/symbols.c

@@ -3071,10 +3071,14 @@ dump_symbol_table(void)

 		fprintf(fp, "divide_error_vmlinux: %lx\n", st->divide_error_vmlinux);

 		fprintf(fp, "   idt_table_vmlinux: %lx\n", st->idt_table_vmlinux);

 		fprintf(fp, "saved_command_line_vmlinux: %lx\n", st->saved_command_line_vmlinux);

+		fprintf(fp, "    pti_init_vmlinux: %lx\n", st->pti_init_vmlinux);

+		fprintf(fp, " kaiser_init_vmlinux: %lx\n", st->kaiser_init_vmlinux);

 	} else {

 		fprintf(fp, "divide_error_vmlinux: (unused)\n");

 		fprintf(fp, "   idt_table_vmlinux: (unused)\n");

 		fprintf(fp, "saved_command_line_vmlinux: (unused)\n");

+		fprintf(fp, "    pti_init_vmlinux: (unused)\n");

+		fprintf(fp, " kaiser_init_vmlinux: (unused)\n");

 	}

         fprintf(fp, "    symval_hash[%d]: %lx\n", SYMVAL_HASH,

@@ -12305,6 +12309,11 @@ numeric_forward(const void *P_x, const void *P_y)

 			st->saved_command_line_vmlinux = valueof(x);

 		else if (STREQ(y->name, "saved_command_line"))

 			st->saved_command_line_vmlinux = valueof(y);

+

+		if (STREQ(x->name, "pti_init"))

+			st->pti_init_vmlinux = valueof(x);

+		else if (STREQ(y->name, "kaiser_init"))

+			st->kaiser_init_vmlinux = valueof(y);

 	}

   	xs = bfd_get_section(x);