|
 |
cf4a81 |
From e1ac694b94ebfa7204c5b1fac1a87d204b48f5b4 Mon Sep 17 00:00:00 2001
|
|
|
cf4a81 |
From: Takao Indoh <indou.takao@jp.fujitsu.com>
|
|
|
cf4a81 |
Date: Thu, 26 Oct 2017 20:32:54 +0900
|
|
|
cf4a81 |
Subject: [PATCH 3/4] [PATCH v3 3/4] sadump: Fix a KASLR problem of sadump
|
|
|
cf4a81 |
|
|
|
cf4a81 |
This patch fix a problem that makedumpfile cannot handle a dumpfile
|
|
|
cf4a81 |
which is captured by sadump in KASLR enabled kernel.
|
|
|
cf4a81 |
|
|
|
cf4a81 |
When KASLR feature is enabled, a kernel is placed on the memory randomly
|
|
|
cf4a81 |
and therefore makedumpfile cannot handle a dumpfile captured by sadump
|
|
|
cf4a81 |
because addresses of kernel symbols in System.map or vmlinux are
|
|
|
cf4a81 |
different from actual addresses.
|
|
|
cf4a81 |
|
|
|
cf4a81 |
To solve this problem, we need to calculate kaslr offset(the difference
|
|
|
cf4a81 |
between original symbol address and actual address) and phys_base, and
|
|
|
cf4a81 |
adjust symbol table of makedumpfile. In the case of dumpfile of kdump,
|
|
|
cf4a81 |
these information is included in the header, but dumpfile of sadump does
|
|
|
cf4a81 |
not have such a information.
|
|
|
cf4a81 |
|
|
|
cf4a81 |
This patch calculate kaslr offset and phys_base to solve this problem.
|
|
|
cf4a81 |
Please see the comment in the calc_kaslr_offset() for the detail idea.
|
|
|
cf4a81 |
The basic idea is getting register (IDTR and CR3) from dump header, and
|
|
|
cf4a81 |
calculate kaslr_offset/phys_base using them.
|
|
|
cf4a81 |
|
|
|
cf4a81 |
Signed-off-by: Takao Indoh <indou.takao@jp.fujitsu.com>
|
|
|
cf4a81 |
---
|
|
|
cf4a81 |
makedumpfile.c | 10 ++++
|
|
|
cf4a81 |
makedumpfile.h | 5 +-
|
|
|
cf4a81 |
sadump_info.c | 143 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
|
|
|
cf4a81 |
3 files changed, 155 insertions(+), 3 deletions(-)
|
|
|
cf4a81 |
|
|
|
cf4a81 |
diff --git a/makedumpfile.c b/makedumpfile.c
|
|
|
cf4a81 |
index 5f2ca7d0fbc8..41438a344574 100644
|
|
|
cf4a81 |
--- a/makedumpfile-1.6.2/makedumpfile.c
|
|
|
cf4a81 |
+++ b/makedumpfile-1.6.2/makedumpfile.c
|
|
|
cf4a81 |
@@ -1554,6 +1554,9 @@ get_symbol_info(void)
|
|
|
cf4a81 |
SYMBOL_INIT(demote_segment_4k, "demote_segment_4k");
|
|
|
cf4a81 |
SYMBOL_INIT(cur_cpu_spec, "cur_cpu_spec");
|
|
|
cf4a81 |
|
|
|
cf4a81 |
+ SYMBOL_INIT(divide_error, "divide_error");
|
|
|
cf4a81 |
+ SYMBOL_INIT(idt_table, "idt_table");
|
|
|
cf4a81 |
+
|
|
|
cf4a81 |
return TRUE;
|
|
|
cf4a81 |
}
|
|
|
cf4a81 |
|
|
|
cf4a81 |
@@ -2249,6 +2252,13 @@ write_vmcoreinfo_data(void)
|
|
|
cf4a81 |
WRITE_NUMBER_UNSIGNED("kimage_voffset", kimage_voffset);
|
|
|
cf4a81 |
#endif
|
|
|
cf4a81 |
|
|
|
cf4a81 |
+ if (info->phys_base)
|
|
|
cf4a81 |
+ fprintf(info->file_vmcoreinfo, "%s%lu\n", STR_NUMBER("phys_base"),
|
|
|
cf4a81 |
+ info->phys_base);
|
|
|
cf4a81 |
+ if (info->kaslr_offset)
|
|
|
cf4a81 |
+ fprintf(info->file_vmcoreinfo, "%s%lx\n", STR_KERNELOFFSET,
|
|
|
cf4a81 |
+ info->kaslr_offset);
|
|
|
cf4a81 |
+
|
|
|
cf4a81 |
/*
|
|
|
cf4a81 |
* write the source file of 1st kernel
|
|
|
cf4a81 |
*/
|
|
|
cf4a81 |
diff --git a/makedumpfile.h b/makedumpfile.h
|
|
|
cf4a81 |
index f48dc0b82d4a..5f814e7bc3c1 100644
|
|
|
cf4a81 |
--- a/makedumpfile-1.6.2/makedumpfile.h
|
|
|
cf4a81 |
+++ b/makedumpfile-1.6.2/makedumpfile.h
|
|
|
cf4a81 |
@@ -45,6 +45,7 @@
|
|
|
cf4a81 |
#include "sadump_mod.h"
|
|
|
cf4a81 |
#include <pthread.h>
|
|
|
cf4a81 |
#include <semaphore.h>
|
|
|
cf4a81 |
+#include <inttypes.h>
|
|
|
cf4a81 |
|
|
|
cf4a81 |
#define VMEMMAPSTART 0xffffea0000000000UL
|
|
|
cf4a81 |
#define BITS_PER_WORD 64
|
|
|
cf4a81 |
@@ -1599,6 +1600,8 @@ struct symbol_table {
|
|
|
cf4a81 |
unsigned long long cpu_online_mask;
|
|
|
cf4a81 |
unsigned long long __cpu_online_mask;
|
|
|
cf4a81 |
unsigned long long kexec_crash_image;
|
|
|
cf4a81 |
+ unsigned long long divide_error;
|
|
|
cf4a81 |
+ unsigned long long idt_table;
|
|
|
cf4a81 |
|
|
|
cf4a81 |
/*
|
|
|
cf4a81 |
* symbols on ppc64 arch
|
|
|
cf4a81 |
@@ -1960,7 +1963,7 @@ int iomem_for_each_line(char *match, int (*callback)(void *data, int nr,
|
|
|
cf4a81 |
unsigned long length),
|
|
|
cf4a81 |
void *data);
|
|
|
cf4a81 |
int is_bigendian(void);
|
|
|
cf4a81 |
-
|
|
|
cf4a81 |
+int get_symbol_info(void);
|
|
|
cf4a81 |
|
|
|
cf4a81 |
/*
|
|
|
cf4a81 |
* for Xen extraction
|
|
|
cf4a81 |
diff --git a/sadump_info.c b/sadump_info.c
|
|
|
cf4a81 |
index 7dd22e704234..29ccef881370 100644
|
|
|
cf4a81 |
--- a/makedumpfile-1.6.2/sadump_info.c
|
|
|
cf4a81 |
+++ b/makedumpfile-1.6.2/sadump_info.c
|
|
|
cf4a81 |
@@ -1035,6 +1035,138 @@ sadump_get_max_mapnr(void)
|
|
|
cf4a81 |
|
|
|
cf4a81 |
#ifdef __x86_64__
|
|
|
cf4a81 |
|
|
|
cf4a81 |
+/*
|
|
|
cf4a81 |
+ * Get address of vector0 interrupt handler (Devide Error) form Interrupt
|
|
|
cf4a81 |
+ * Descriptor Table.
|
|
|
cf4a81 |
+ */
|
|
|
cf4a81 |
+static unsigned long
|
|
|
cf4a81 |
+get_vec0_addr(ulong idtr)
|
|
|
cf4a81 |
+{
|
|
|
cf4a81 |
+ struct gate_struct64 {
|
|
|
cf4a81 |
+ uint16_t offset_low;
|
|
|
cf4a81 |
+ uint16_t segment;
|
|
|
cf4a81 |
+ uint32_t ist : 3, zero0 : 5, type : 5, dpl : 2, p : 1;
|
|
|
cf4a81 |
+ uint16_t offset_middle;
|
|
|
cf4a81 |
+ uint32_t offset_high;
|
|
|
cf4a81 |
+ uint32_t zero1;
|
|
|
cf4a81 |
+ } __attribute__((packed)) gate;
|
|
|
cf4a81 |
+
|
|
|
cf4a81 |
+ readmem(PADDR, idtr, &gate, sizeof(gate));
|
|
|
cf4a81 |
+
|
|
|
cf4a81 |
+ return ((ulong)gate.offset_high << 32)
|
|
|
cf4a81 |
+ + ((ulong)gate.offset_middle << 16)
|
|
|
cf4a81 |
+ + gate.offset_low;
|
|
|
cf4a81 |
+}
|
|
|
cf4a81 |
+
|
|
|
cf4a81 |
+/*
|
|
|
cf4a81 |
+ * Calculate kaslr_offset and phys_base
|
|
|
cf4a81 |
+ *
|
|
|
cf4a81 |
+ * kaslr_offset:
|
|
|
cf4a81 |
+ * The difference between original address in vmlinux and actual address
|
|
|
cf4a81 |
+ * placed randomly by kaslr feature. To be more accurate,
|
|
|
cf4a81 |
+ * kaslr_offset = actual address - original address
|
|
|
cf4a81 |
+ *
|
|
|
cf4a81 |
+ * phys_base:
|
|
|
cf4a81 |
+ * Physical address where the kerenel is placed. In other words, it's a
|
|
|
cf4a81 |
+ * physical address of __START_KERNEL_map. This is also decided randomly by
|
|
|
cf4a81 |
+ * kaslr.
|
|
|
cf4a81 |
+ *
|
|
|
cf4a81 |
+ * kaslr offset and phys_base are calculated as follows:
|
|
|
cf4a81 |
+ *
|
|
|
cf4a81 |
+ * kaslr_offset:
|
|
|
cf4a81 |
+ * 1) Get IDTR and CR3 value from the dump header.
|
|
|
cf4a81 |
+ * 2) Get a virtual address of IDT from IDTR value
|
|
|
cf4a81 |
+ * --- (A)
|
|
|
cf4a81 |
+ * 3) Translate (A) to physical address using CR3, which points a top of
|
|
|
cf4a81 |
+ * page table.
|
|
|
cf4a81 |
+ * --- (B)
|
|
|
cf4a81 |
+ * 4) Get an address of vector0 (Devide Error) interrupt handler from
|
|
|
cf4a81 |
+ * IDT, which are pointed by (B).
|
|
|
cf4a81 |
+ * --- (C)
|
|
|
cf4a81 |
+ * 5) Get an address of symbol "divide_error" form vmlinux
|
|
|
cf4a81 |
+ * --- (D)
|
|
|
cf4a81 |
+ *
|
|
|
cf4a81 |
+ * Now we have two addresses:
|
|
|
cf4a81 |
+ * (C)-> Actual address of "divide_error"
|
|
|
cf4a81 |
+ * (D)-> Original address of "divide_error" in the vmlinux
|
|
|
cf4a81 |
+ *
|
|
|
cf4a81 |
+ * kaslr_offset can be calculated by the difference between these two
|
|
|
cf4a81 |
+ * value.
|
|
|
cf4a81 |
+ *
|
|
|
cf4a81 |
+ * phys_base;
|
|
|
cf4a81 |
+ * 1) Get IDT virtual address from vmlinux
|
|
|
cf4a81 |
+ * --- (E)
|
|
|
cf4a81 |
+ *
|
|
|
cf4a81 |
+ * So phys_base can be calculated using relationship of directly mapped
|
|
|
cf4a81 |
+ * address.
|
|
|
cf4a81 |
+ *
|
|
|
cf4a81 |
+ * phys_base =
|
|
|
cf4a81 |
+ * Physical address(B) -
|
|
|
cf4a81 |
+ * (Virtual address(E) + kaslr_offset - __START_KERNEL_map)
|
|
|
cf4a81 |
+ *
|
|
|
cf4a81 |
+ * Note that the address (A) cannot be used instead of (E) because (A) is
|
|
|
cf4a81 |
+ * not direct map address, it's a fixed map address.
|
|
|
cf4a81 |
+ */
|
|
|
cf4a81 |
+int
|
|
|
cf4a81 |
+calc_kaslr_offset(void)
|
|
|
cf4a81 |
+{
|
|
|
cf4a81 |
+ struct sadump_header *sh = si->sh_memory;
|
|
|
cf4a81 |
+ uint64_t idtr = 0, cr3 = 0, idtr_paddr;
|
|
|
cf4a81 |
+ struct sadump_smram_cpu_state smram, zero;
|
|
|
cf4a81 |
+ int apicid;
|
|
|
cf4a81 |
+ unsigned long divide_error_vmcore, divide_error_vmlinux;
|
|
|
cf4a81 |
+ unsigned long kaslr_offset, phys_base;
|
|
|
cf4a81 |
+
|
|
|
cf4a81 |
+ memset(&zero, 0, sizeof(zero));
|
|
|
cf4a81 |
+ for (apicid = 0; apicid < sh->nr_cpus; ++apicid) {
|
|
|
cf4a81 |
+ if (!get_smram_cpu_state(apicid, &smram)) {
|
|
|
cf4a81 |
+ ERRMSG("get_smram_cpu_state error\n");
|
|
|
cf4a81 |
+ return FALSE;
|
|
|
cf4a81 |
+ }
|
|
|
cf4a81 |
+
|
|
|
cf4a81 |
+ if (memcmp(&smram, &zero, sizeof(smram)) != 0)
|
|
|
cf4a81 |
+ break;
|
|
|
cf4a81 |
+ }
|
|
|
cf4a81 |
+ if (apicid >= sh->nr_cpus) {
|
|
|
cf4a81 |
+ ERRMSG("Can't get smram state\n");
|
|
|
cf4a81 |
+ return FALSE;
|
|
|
cf4a81 |
+ }
|
|
|
cf4a81 |
+
|
|
|
cf4a81 |
+ idtr = ((uint64_t)smram.IdtUpper)<<32 | (uint64_t)smram.IdtLower;
|
|
|
cf4a81 |
+ cr3 = smram.Cr3;
|
|
|
cf4a81 |
+
|
|
|
cf4a81 |
+ /* Convert virtual address of IDT table to physical address */
|
|
|
cf4a81 |
+ if ((idtr_paddr = vtop4_x86_64_pagetable(idtr, cr3)) == NOT_PADDR)
|
|
|
cf4a81 |
+ return FALSE;
|
|
|
cf4a81 |
+
|
|
|
cf4a81 |
+ /* Now we can calculate kaslr_offset and phys_base */
|
|
|
cf4a81 |
+ divide_error_vmlinux = SYMBOL(divide_error);
|
|
|
cf4a81 |
+ divide_error_vmcore = get_vec0_addr(idtr_paddr);
|
|
|
cf4a81 |
+ kaslr_offset = divide_error_vmcore - divide_error_vmlinux;
|
|
|
cf4a81 |
+ phys_base = idtr_paddr -
|
|
|
cf4a81 |
+ (SYMBOL(idt_table) + kaslr_offset - __START_KERNEL_map);
|
|
|
cf4a81 |
+
|
|
|
cf4a81 |
+ info->kaslr_offset = kaslr_offset;
|
|
|
cf4a81 |
+ info->phys_base = phys_base;
|
|
|
cf4a81 |
+
|
|
|
cf4a81 |
+ DEBUG_MSG("sadump: idtr=%" PRIx64 "\n", idtr);
|
|
|
cf4a81 |
+ DEBUG_MSG("sadump: cr3=%" PRIx64 "\n", cr3);
|
|
|
cf4a81 |
+ DEBUG_MSG("sadump: idtr(phys)=%" PRIx64 "\n", idtr_paddr);
|
|
|
cf4a81 |
+ DEBUG_MSG("sadump: devide_error(vmlinux)=%lx\n",
|
|
|
cf4a81 |
+ divide_error_vmlinux);
|
|
|
cf4a81 |
+ DEBUG_MSG("sadump: devide_error(vmcore)=%lx\n",
|
|
|
cf4a81 |
+ divide_error_vmcore);
|
|
|
cf4a81 |
+
|
|
|
cf4a81 |
+ /* Reload symbol */
|
|
|
cf4a81 |
+ if (!get_symbol_info())
|
|
|
cf4a81 |
+ return FALSE;
|
|
|
cf4a81 |
+
|
|
|
cf4a81 |
+ DEBUG_MSG("sadump: kaslr_offset=%lx\n", info->kaslr_offset);
|
|
|
cf4a81 |
+ DEBUG_MSG("sadump: phys_base=%lx\n", info->phys_base);
|
|
|
cf4a81 |
+
|
|
|
cf4a81 |
+ return TRUE;
|
|
|
cf4a81 |
+}
|
|
|
cf4a81 |
+
|
|
|
cf4a81 |
int
|
|
|
cf4a81 |
sadump_virt_phys_base(void)
|
|
|
cf4a81 |
{
|
|
|
cf4a81 |
@@ -1065,6 +1197,9 @@ sadump_virt_phys_base(void)
|
|
|
cf4a81 |
}
|
|
|
cf4a81 |
|
|
|
cf4a81 |
failed:
|
|
|
cf4a81 |
+ if (calc_kaslr_offset())
|
|
|
cf4a81 |
+ return TRUE;
|
|
|
cf4a81 |
+
|
|
|
cf4a81 |
info->phys_base = 0;
|
|
|
cf4a81 |
|
|
|
cf4a81 |
DEBUG_MSG("sadump: failed to calculate phys_base; default to 0\n");
|
|
|
cf4a81 |
@@ -1518,10 +1653,14 @@ cpu_to_apicid(int cpu, int *apicid)
|
|
|
cf4a81 |
if (!readmem(VADDR, SYMBOL(x86_bios_cpu_apicid_early_ptr),
|
|
|
cf4a81 |
&early_ptr, sizeof(early_ptr)))
|
|
|
cf4a81 |
return FALSE;
|
|
|
cf4a81 |
-
|
|
|
cf4a81 |
+ /*
|
|
|
cf4a81 |
+ * Note: SYMBOL(name) value is adjusted by info->kaslr_offset,
|
|
|
cf4a81 |
+ * but per_cpu symbol does not need to be adjusted becasue it
|
|
|
cf4a81 |
+ * is not affected by kaslr.
|
|
|
cf4a81 |
+ */
|
|
|
cf4a81 |
apicid_addr = early_ptr
|
|
|
cf4a81 |
? SYMBOL(x86_bios_cpu_apicid_early_map)+cpu*sizeof(uint16_t)
|
|
|
cf4a81 |
- : per_cpu_ptr(SYMBOL(x86_bios_cpu_apicid), cpu);
|
|
|
cf4a81 |
+ : per_cpu_ptr(SYMBOL(x86_bios_cpu_apicid) - info->kaslr_offset, cpu);
|
|
|
cf4a81 |
|
|
|
cf4a81 |
if (!readmem(VADDR, apicid_addr, &apicid_u16, sizeof(uint16_t)))
|
|
|
cf4a81 |
return FALSE;
|
|
|
cf4a81 |
--
|
|
|
cf4a81 |
2.5.5
|
|
|
cf4a81 |
|