Dave Anderson | 15 Apr 17:28 2014
Picon

[ANNOUNCE] crash 7.0.6 is available


Download from: http://people.redhat.com/anderson
                 or
               https://github.com/crash-utility/crash/releases

Note that the github "crash-crash-..." tar/zip file naming issue has been
fixed with this release.

The master branch serves as a development branch that will contain all 
patches that are queued for the next release:

  $ git clone git://github.com/crash-utility/crash.git

It should also be noted that although the initial ARM64 support was put 
in place back in the crash-7.0.1 timeframe, this is the first release 
that has been developed/tested on actual ARM64 hardware.  As a result,
almost half of the following crash-7.0.6 patches are ARM64-related.

Changelog:

 - Fix for custom X86_64 kernels that change the declaration of the 
   context_switch() function so that it is not an inline function.  
   Without the patch, the message "crash: cannot determine thread return
   address" is displayed during invocation, and backtraces of blocked 
   tasks may have missing or invalid frames.
   (ahonig <at> google.com)

 - Fix to prevent a possible invocation-time error on Linux 3.7 and
   later kernels configured with CONFIG_SLAB, running against vmcore
   files filtered with the makedumpfile(8) facility.  Without the
(Continue reading)

Petr Tesarik | 20 Mar 17:39 2014
Picon

[PATCH] Fix documentation of --machdep phys_base

The parameter is spelled "phys_base", not "physbase". Having the wrong
spelling in all documentation is not very helpful.

Signed-off-by: Petr Tesarik <ptesarik <at> suse.cz>
---
 crash.8 | 4 ++--
 help.c  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/crash.8 b/crash.8
index ab040b7..a7c199b 100644
--- a/crash.8
+++ b/crash.8
 <at>  <at>  -239,7 +239,7  <at>  <at>  required in very rare circumstances:
 .P
 .nf
 X86_64:
-  physbase=<physical-address>
+  phys_base=<physical-address>
   irq_eframe_link=<value>
   max_physmem_bits=<value>
   vm=orig       (pre-2.6.11 virtual memory address ranges)
 <at>  <at>  -254,7 +254,7  <at>  <at>  IA64:
   init_stack_size=<size>
   vm=4l         (4-level page tables)
 ARM:  
-  physbase=<physical-address>
+  phys_base=<physical-address>
 .fi
 .RE
(Continue reading)

Jack Jing | 18 Mar 10:35 2014

crash tool fail to analyze the image

Hi

 

I just use the crash tool get from crash-utility.git for arm64 kernel panic analyze, we found that the crash tool fails to analyze, so what is the status of crash support for arm64? And could you please help to check the log in attachment? I have deleted more than 100,000 lines of “WARNING: arm64_verify_symbol: function not implemented” in attachment. Thanks

I used command “./crash vmlinux emmd003 <at> Mar-18-2014” to analyze.

Due to crash and vmlinux is too big in the mail loop, so I didn’t attach them. if you need them, you can give me a space, I can share it to you, thanks.

 

FYI

jgjing <at> APSE-OSE-AP-SERVER:~/emmd_test$ readelf -h emmd003 <at> Mar-18-2014

ELF Header:

  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00

  Class:                             ELF64

  Data:                              2's complement, little endian

  Version:                           1 (current)

  OS/ABI:                            UNIX - System V

  ABI Version:                       0

  Type:                              CORE (Core file)

  Machine:                           <unknown>: 0xb7

  Version:                           0x1

  Entry point address:               0x0

  Start of program headers:          64 (bytes into file)

  Start of section headers:          0 (bytes into file)

  Flags:                             0x0

  Size of this header:               64 (bytes)

  Size of program headers:           56 (bytes)

  Number of program headers:         3

  Size of section headers:           0 (bytes)

  Number of section headers:         0

  Section header string table index: 0

 

 

 

ng <at> APSE-OSE-AP-SERVER:~/emmd_test$ hd emmd003 <at> Mar-18-2014

00000000  7f 45 4c 46 02 01 01 00  00 00 00 00 00 00 00 00  |.ELF............|

00000010  04 00 b7 00 01 00 00 00  00 00 00 00 00 00 00 00  |................|

00000020  40 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  | <at> ...............|

00000030  00 00 00 00 40 00 38 00  03 00 00 00 00 00 00 00  |.... <at> .8.........|

00000040  04 00 00 00 00 00 00 00  e8 00 00 00 00 00 00 00  |................|

00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

00000070  00 00 00 00 00 00 00 00  01 00 00 00 07 00 00 00  |................|

00000080  e8 00 00 00 00 00 00 00  00 00 00 c0 00 00 00 00  |................|

00000090  00 00 00 00 00 00 00 00  00 00 00 09 00 00 00 00  |................|

000000a0  00 00 00 09 00 00 00 00  00 00 00 00 00 00 00 00  |................|

000000b0  01 00 00 00 07 00 00 00  e8 00 00 09 00 00 00 00  |................|

000000c0  00 00 00 d2 00 00 00 00  00 00 00 12 00 00 00 00  |................|

000000d0  00 00 00 6d 00 00 00 00  00 00 00 6d 00 00 00 00  |...m.......m....|

000000e0  00 00 00 00 00 00 00 00  40 42 38 d5 1f 30 00 f1  |........ <at> B8..0..|

000000f0  e1 0d 01 54 00 06 80 d2  00 00 40 b2 00 00 78 b2  |...T...... <at> ...x.|

00000100  00 00 76 b2 00 11 1e d5  5f 11 1e d5 20 f2 39 d5  |..v....._... .9.|

00000110  00 00 7a b2 20 f2 19 d5  c0 00 00 58 00 e0 1b d5  |..z. ......X....|

00000120  72 00 00 94 1f 10 1c d5  3e 08 00 14 00 00 00 00  |r.......>.......|

00000130  50 97 31 00 00 00 00 00  00 00 00 00 00 00 00 00  |P.1.............|

00000140  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

 

Attachment (arm64_crash_analyze_fail.log): application/octet-stream, 41 KiB
<div><div class="WordSection1">
<p class="MsoNormal" align="left"><span lang="EN-US">Hi<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US"><p>&nbsp;</p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">I just use the crash tool get from crash-utility.git for arm64 kernel panic analyze, we found that the crash tool fails to analyze, so what is the status of crash support for arm64? And could you please help to check the log in attachment? I have deleted more than 100,000 lines of &ldquo;WARNING: arm64_verify_symbol: function not implemented&rdquo; in attachment. Thanks<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">I used command &ldquo;./crash vmlinux emmd003 <at> Mar-18-2014&rdquo; to analyze.<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">Due to crash and vmlinux is too big in the mail loop, so I didn&rsquo;t attach them. if you need them, you can give me a space, I can share it to you, thanks.<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US"><p>&nbsp;</p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">FYI<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">jgjing <at> APSE-OSE-AP-SERVER:~/emmd_test$ readelf -h emmd003 <at> Mar-18-2014 <p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">ELF Header:<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">&nbsp; Magic:&nbsp;&nbsp; 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 <p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">&nbsp;&nbsp;Class:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ELF64<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">&nbsp; Data:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2's complement, little endian<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">&nbsp; Version:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 (current)<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">&nbsp; OS/ABI:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; UNIX - System V<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">&nbsp; ABI Version:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">&nbsp; Type:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; CORE (Core file)<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">&nbsp; Machine:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;unknown&gt;: 0xb7<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">&nbsp; Version:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0x1<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">&nbsp; Entry point address:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0x0<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">&nbsp; Start of program headers:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 64 (bytes into file)<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">&nbsp; Start of section headers:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 (bytes into file)<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">&nbsp; Flags:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0x0<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">&nbsp; Size of this header:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 64 (bytes)<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">&nbsp; Size of program headers:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 56 (bytes)<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">&nbsp; Number of program headers:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 3<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">&nbsp; Size of section headers:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 (bytes)<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">&nbsp; Number of section headers:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">&nbsp; Section header string table index: 0<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US"><p>&nbsp;</p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US"><p>&nbsp;</p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US"><p>&nbsp;</p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">ng <at> APSE-OSE-AP-SERVER:~/emmd_test$ hd emmd003 <at> Mar-18-2014 <p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">00000000&nbsp; 7f 45 4c 46 02 01 01 00&nbsp; 00 00 00 00 00 00 00 00&nbsp; |.ELF............|<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">00000010&nbsp; 04 00 b7 00 01 00 00 00&nbsp; 00 00 00 00 00 00 00 00&nbsp; |................|<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">00000020&nbsp; 40 00 00 00 00 00 00 00&nbsp; 00 00 00 00 00 00 00 00&nbsp; | <at> ...............|<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">00000030&nbsp; 00 00 00 00 40 00 38 00&nbsp; 03 00 00 00 00 00 00 00&nbsp; |.... <at> .8.........|<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">00000040&nbsp; 04 00 00 00 00 00 00 00&nbsp; e8 00 00 00 00 00 00 00&nbsp; |................|<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">00000050&nbsp; 00 00 00 00 00 00 00 00&nbsp; 00 00 00 00 00 00 00 00&nbsp; |................|<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">*<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">00000070&nbsp; 00 00 00 00 00 00 00 00&nbsp; 01 00 00 00 07 00 00 00&nbsp; |................|<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">00000080&nbsp; e8 00 00 00 00 00 00 00&nbsp; 00 00 00 c0 00 00 00 00&nbsp; |................|<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">00000090&nbsp; 00 00 00 00 00 00 00 00&nbsp; 00 00 00 09 00 00 00 00&nbsp; |................|<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">000000a0&nbsp; 00 00 00 09 00 00 00 00&nbsp; 00 00 00 00 00 00 00 00&nbsp; |................|<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">000000b0&nbsp; 01 00 00 00 07 00 00 00&nbsp; e8 00 00 09 00 00 00 00&nbsp; |................|<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">000000c0&nbsp; 00 00 00 d2 00 00 00 00&nbsp; 00 00 00 12 00 00 00 00&nbsp; |................|<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">000000d0&nbsp; 00 00 00 6d 00 00 00 00&nbsp; 00 00 00 6d 00 00 00 00&nbsp; |...m.......m....|<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">000000e0&nbsp; 00 00 00 00 00 00 00 00&nbsp; 40 42 38 d5 1f 30 00 f1&nbsp; |........ <at> B8..0..|<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">000000f0&nbsp; e1 0d 01 54 00 06 80 d2&nbsp; 00 00 40 b2 00 00 78 b2&nbsp; |...T...... <at> ...x.|<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">00000100&nbsp; 00 00 76 b2 00 11 1e d5&nbsp; 5f 11 1e d5 20 f2 39 d5&nbsp; |..v....._... .9.|<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">00000110&nbsp; 00 00 7a b2 20 f2 19 d5&nbsp; c0 00 00 58 00 e0 1b d5&nbsp; |..z. ......X....|<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">00000120&nbsp; 72 00 00 94 1f 10 1c d5&nbsp; 3e 08 00 14 00 00 00 00&nbsp; |r.......&gt;.......|<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">00000130&nbsp; 50 97 31 00 00 00 00 00&nbsp; 00 00 00 00 00 00 00 00&nbsp; |P.1.............|<p></p></span></p>
<p class="MsoNormal" align="left"><span lang="EN-US">00000140&nbsp; 00 00 00 00 00 00 00 00&nbsp; 00 00 00 00 00 00 00 00&nbsp; |................|<p></p></span></p>
<p class="MsoNormal"><span lang="EN-US"><p>&nbsp;</p></span></p>
</div></div>
vinayak menon | 3 Mar 14:09 2014
Picon

extension module: crash-extscript

Hi Dave,

I have uploaded an extension module named extscript to github
Link: https://github.com/vinayakmenon/crash-extscript

Will it be possible to advertise it on crash utility extension page ?

>From the readme of the project:

Extension module for crash utility, to talk to external scripts

What is extscript utility for ? At times we need to execute a series
of crash commands to arrive at a result. i.e. we execute a command,
get the output, pick an element from it, use it with the next command
and so on. There are cases when this may take several steps. This
utility is to automate these steps. Another use can be to execute a
series of predefined crash commands, parse it to get relevant info and
to generate a bug report.

A brief on the components in this package. (1) A crash utility
extension called 'extscript'. This provides a crash command of the
same name. (2) A script. perlfc.pl is an example script, which can
talk to extscript extension. This script can be used as an example to
write utilities that can talk to extscript extension. (3) A protocol
definition, for communication between 'extscript' and the external
script.

The external script is run as a server by crash utility, when you
invoke the extscript command. The external script serves the crash
utility by additonal commands. The script is not executed as is. We
invoke the script from crash command line. In other words, we talk to
the script from within the crash utility command line.

An example. (1) Copy the extscript.c to extensions folder (2) make
extensions (3) Copy perlfc.pl to crash directory.

crash> extend extensions/extscript.so
crash> extscript -f perl -a perl -a ./perlfc.pl
crash> extscript -b vmallocinfo
crash> extscript -b help

The first command loads the extscript module and adds the command
"extscript" to crash utility. The second command sets up the
environement. This is similar to how we pass arguments to execlp. The
last argument is the script path. This command has to be modified
depending on the kind of script that we are running. The third command
is the bypass command which actually executes the command we have
encoded in the script. In this case "vmallocinfo" is a command that is
defined in perlfc.pl. The extecript bypasses this command to the
script. The output in this case will be vmallocinfo similar
/proc/vmallocinfo, displayed on crash console. Thus in simple words we
are extending crash with additoinal commands encoded in a script. The
"help" command shows all the commands supported by the script and its
usage.

See project page in github for more info.

Thanks,
Vinayak

Andy Honig | 24 Feb 18:08 2014
Picon

[PATCH] Add --kaslr=auto option to automatically detect kaslr offset

[PATCH] Add --kaslr=auto option to automatically detect kaslr offset.

This patch adds the --kaslr=auto option.  When set crash will
attempt to find the aslr offset by comparing the _stext symbol
in the vmlinux file to the _stext symbol in the vmcoreinfo.
When the kernel is updated to include the kernel aslr offset
in the vmcoreinfo, that should be used instead of this indirect
method.

Signed-off-by: Andrew Honig <ahonig <at> google.com>
---
 crash.8    |  7 ++++---
 defs.h     |  1 +
 diskdump.c |  8 ++++++++
 main.c     | 21 +++++++++++++++------
 netdump.c  | 11 +++++++++++
 symbols.c  | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++-----
 6 files changed, 91 insertions(+), 14 deletions(-)

diff --git a/crash.8 b/crash.8
index 6f2c192..271bc59 100644
--- a/crash.8
+++ b/crash.8
 <at>  <at>  -448,11 +448,12  <at>  <at>  command, search for their object files in
 .I directory
 instead of in the standard location.
 .TP
-.BI --kaslr \ offset
-If an x86 or x86_64 kernel was configured with 
+.BI --kaslr \ [offset|auto]
+If an x86_64 kernel was configured with 
 .B CONFIG_RANDOMIZE_BASE,
 the offset value is equal to the difference between the symbol values 
-compiled into the vmlinux file and their relocated value.
+compiled into the vmlinux file and their relocated value.  If set to
+auto, crash will attempt to automatically calculate the kaslr offset.
 .TP
 .BI --reloc \ size
 When analyzing live x86 kernels that were configured with a
diff --git a/defs.h b/defs.h
index c9a4b73..5f1ec9d 100644
--- a/defs.h
+++ b/defs.h
 <at>  <at>  -600,6 +600,7  <at>  <at>  struct new_utsname {
 #define PRE_KERNEL_INIT     (0x20000000)
 #define ARCH_PVOPS_XEN      (0x40000000)
 #define IRQ_DESC_TREE       (0x80000000)
+#define RELOC_AUTO         (0x100000000ULL)

 #define GCC_VERSION_DEPRECATED (GCC_3_2|GCC_3_2_3|GCC_2_96|GCC_3_3_2|GCC_3_3_3)

diff --git a/diskdump.c b/diskdump.c
index 79fbba7..eb41744 100644
--- a/diskdump.c
+++ b/diskdump.c
 <at>  <at>  -845,6 +845,14  <at>  <at>  is_diskdump(char *file)
 		get_log_from_vmcoreinfo(file, vmcoreinfo_read_string);
 	}

+	/*
+	 * We may need the _stext_SYMBOL from the vmcore_info to adjust for
+	 * kaslr and we may not have gotten it elsewhere.
+	 */
+	char *tmpstring = vmcoreinfo_read_string("SYMBOL(_stext)");
+	kt->vmcoreinfo._stext_SYMBOL = htol(tmpstring, RETURN_ON_ERROR, NULL);
+	free(tmpstring);
+
 	return TRUE;
 }

diff --git a/main.c b/main.c
index 44594f0..9fa79d7 100644
--- a/main.c
+++ b/main.c
 <at>  <at>  -218,13 +218,22  <at>  <at>  main(int argc, char **argv)
 				kt->module_tree = optarg;

 			else if (STREQ(long_options[option_index].name, "kaslr")) {
-				if (!calculate(optarg, &kt->relocate, NULL, 0)) {
-					error(INFO, "invalid --kaslr argument: %s\n",
-						optarg);
-					program_usage(SHORT_FORM);
+				if (!machine_type("X86_64")) {
+					error(INFO, "option kaslr only valid "
+						"with X86_64 machine type.");
+				} else if (STREQ(optarg, "auto")) {
+					kt->flags |= RELOC_AUTO;
+				} else {
+					if (!calculate(optarg, &kt->relocate,
+							NULL, 0)) {
+						error(INFO,
+						    "invalid --kaslr argument: %s\n",
+						    optarg);
+						program_usage(SHORT_FORM);
+					}
+					kt->relocate *= -1;
+					kt->flags |= RELOC_SET;
 				}
-				kt->relocate *= -1;
-				kt->flags |= RELOC_SET;

 			} else if (STREQ(long_options[option_index].name, "reloc")) {
 				if (!calculate(optarg, &kt->relocate, NULL, 0)) {
diff --git a/netdump.c b/netdump.c
index 7dc2fca..884dd73 100644
--- a/netdump.c
+++ b/netdump.c
 <at>  <at>  -411,6 +411,17  <at>  <at>  is_netdump(char *file, ulong source_query)
 		get_log_from_vmcoreinfo(file, vmcoreinfo_read_string);
 	}

+	/*
+	 * We may need the _stext_SYMBOL from the vmcore_info to adjust for
+	 * kaslr and we may not have gotten it elsewhere.
+	 */
+	if (source_query == KDUMP_LOCAL) {
+		char *tmpstring = vmcoreinfo_read_string("SYMBOL(_stext)");
+		kt->vmcoreinfo._stext_SYMBOL =
+			htol(tmpstring, RETURN_ON_ERROR, NULL);
+		free(tmpstring);
+	}
+
 	return nd->header_size;

 bailout:
diff --git a/symbols.c b/symbols.c
index 83bc0ff..7d4a4ef 100644
--- a/symbols.c
+++ b/symbols.c
 <at>  <at>  -557,6 +557,46  <at>  <at>  strip_symbol_end(const char *name, char *buf)
 }

 /*
+ * Derives the kernel aslr offset by comparing the _stext symbol from the
+ * the vmcore_info in the dump file to the _stext symbol in the vmlinux file.
+ */
+static void
+derive_kaslr_offset(bfd *abfd, int dynamic, bfd_byte *start, bfd_byte *end,
+		    unsigned int size, asymbol *store)
+{
+	symbol_info syminfo;
+	asymbol *sym;
+	char *name;
+	unsigned long relocate;
+	char buf[BUFSIZE];
+
+	if (kt->vmcoreinfo._stext_SYMBOL == 0)
+		return;
+
+	for (; start < end; start += size) {
+		sym = bfd_minisymbol_to_symbol(abfd, dynamic, start, store);
+		if (sym == NULL)
+			error(FATAL, "bfd_minisymbol_to_symbol() failed\n");
+
+		bfd_get_symbol_info(abfd, sym, &syminfo);
+		name = strip_symbol_end(syminfo.name, buf);
+		if (strcmp("_stext", name) == 0) {
+			relocate = syminfo.value - kt->vmcoreinfo._stext_SYMBOL;
+			/*
+			 *To avoid mistaking an mismatched kernel version with
+			 * a kaslr offset, we make sure that the offset is
+			 * aligned by 0x1000, as it always will be for
+			 * kaslr.
+			 */
+			if ((relocate & 0xFFF) == 0) {
+				kt->relocate = relocate;
+				kt->flags |= RELOC_SET;
+			}
+		}
+	}
+}
+
+/*
  *  Store the symbols gathered by symtab_init().  The symbols are stored
  *  in increasing numerical order.
  */
 <at>  <at>  -591,15 +631,22  <at>  <at>  store_symbols(bfd *abfd, int dynamic, void *minisyms, long symcount,
 	st->symcnt = 0;
 	sp = st->symtable;

-	if (machine_type("X86") || machine_type("X86_64")) {
-		if (!(kt->flags & RELOC_SET))
+	first = 0;
+	from = (bfd_byte *) minisyms;
+	fromend = from + symcount * size;
+
+	if (machine_type("X86")) {
+		if (!(kt->flags & RELOC_SET)) {
 			kt->flags |= RELOC_FORCE;
+		}
+	} else if (machine_type("X86_64")) {
+		if (kt->flags & RELOC_AUTO && !(kt->flags & RELOC_SET)) {
+			derive_kaslr_offset(abfd, dynamic, from,
+					fromend, size, store);
+		}
 	} else
 		kt->flags &= ~RELOC_SET;

-	first = 0;
-  	from = (bfd_byte *) minisyms;
-  	fromend = from + symcount * size;
   	for (; from < fromend; from += size)
     	{
       		if ((sym = bfd_minisymbol_to_symbol(abfd, dynamic, from, store))
--

-- 
1.9.0.rc1.175.g0b1dcb5

Aaron Tomlin | 20 Feb 18:29 2014
Picon

[PATCH] Extensions: swap_usage: Add thread group leader support

Provide the -G option to display the swap consumption
of the thread group leader in a thread group.

For example:

	crash> pswap -k -G | head
	PID     SWAP     COMM
	  1     136k	systemd
	469     284k	  zsh
	599     148k	systemd-journal
	608    1192k	lvmetad
	637    1712k	systemd-udevd
	822     308k	auditd
	836     104k	audispd
	838     156k	sedispatch
	842      92k	alsactl

The complete file can be found here:

http://people.redhat.com/~atomlin/crash/extensions/swap_usage.c

Signed-off-by: Aaron Tomlin <atomlin <at> redhat.com>
---
 extensions/swap_usage.c | 70 ++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 60 insertions(+), 10 deletions(-)

diff --git a/extensions/swap_usage.c b/extensions/swap_usage.c
index 4f92e8c..d9467ca 100644
--- a/extensions/swap_usage.c
+++ b/extensions/swap_usage.c
 <at>  <at>  -19,6 +19,7  <at>  <at> 
 #include "defs.h"

 #define DISPLAY_KB      (0x2)
+#define DISPLAY_TG      (0x4)

 #ifdef	ARM
 #define _PAGE_FILE	(1 << 2)
 <at>  <at>  -138,8 +139,8  <at>  <at>  show_swap_usage(struct task_context *tc, ulong exists, ulong flag)
 	if (flag & DISPLAY_KB)
 		swap_usage  <<= (PAGESHIFT()-10);

-	fprintf(fp, "%5ld  %5ld%s%5s\n",
-	tc->pid, swap_usage, (flag & DISPLAY_KB) ? "k\t" : "\t", tc->comm);
+	fprintf(fp, "%3ld  %6ld%s%5s\n", tc->pid, swap_usage,
+		(flag & DISPLAY_KB) ? "k\t" : "\t", tc->comm);
 }

 
 <at>  <at>  -151,6 +152,7  <at>  <at>  cmd_pswap(void)
 	int c;
 	ulong value;
 	ulong flag = 0;
+	ulong tgid;
 	int subsequent = 0;
 	ulong exists = MEMBER_NOT_FOUND;

 <at>  <at>  -159,11 +161,14  <at>  <at>  cmd_pswap(void)
 		exists = MEMBER_FOUND;
 	}

-	while ((c = getopt(argcnt, args, "k")) != EOF) {
+	while ((c = getopt(argcnt, args, "kG")) != EOF) {
 		switch (c) {
                 case 'k':
                         flag |= DISPLAY_KB;
                         break;
+		case 'G':
+                        flag |= DISPLAY_TG;
+                        break;
 		default:
 			argerrs++;
 			break;
 <at>  <at>  -177,9 +182,16  <at>  <at>  cmd_pswap(void)
                 PRINT_HEADER();
                 tc = FIRST_CONTEXT();
                 for (i = 0; i < RUNNING_TASKS(); i++, tc++) {
-                        if (!is_kernel_thread(tc->task))
-                                show_swap_usage(tc, exists, flag);
-                }   
+                        if (!is_kernel_thread(tc->task)) {
+				if (flag & DISPLAY_TG) {
+					tgid = task_tgid(tc->task);
+					if (tc->pid != tgid)
+						continue;
+					tc = tgid_to_context(tgid);
+				}
+				show_swap_usage(tc, exists, flag);
+			}
+                }
 		return;
         }

 <at>  <at>  -189,6 +201,12  <at>  <at>  cmd_pswap(void)
 		case STR_PID:
 			for (tc = pid_to_context(value); tc; tc = tc->tc_next) {
 				if (!is_kernel_thread(tc->task)) {
+					if (flag & DISPLAY_TG) {
+						tgid = task_tgid(tc->task);
+						if (tc->pid != tgid)
+							continue;
+						tc = tgid_to_context(tgid);
+					}
 					show_swap_usage(tc, exists, flag);
 				} else {
 					error(INFO, "only specify a user task or pid: %s\n",
 <at>  <at>  -200,6 +218,12  <at>  <at>  cmd_pswap(void)
 		case STR_TASK:
 			for (; tc; tc = tc->tc_next) {
 				if (!is_kernel_thread(tc->task)) {
+					if (flag & DISPLAY_TG) {
+						tgid = task_tgid(tc->task);
+						if (tc->pid != tgid)
+							continue;
+						tc = tgid_to_context(tgid);
+					}
 					show_swap_usage(tc, exists, flag);
 				} else {
 					error(INFO, "only specify a user task or pid: %s\n",
 <at>  <at>  -222,19 +246,45  <at>  <at>  cmd_pswap(void)
 char *help_pswap[] = {
 	"pswap",
 	"Returns the actual swap consumption of a user process",
-	"[-k] [pid | taskp]",
+	"[-k -G] [pid | taskp]",

 	"  This command obtains the swap consumption (in pages) of a user process.",
-        "  The -k option can be used to print in kilobytes.\n"
+	"  The process list may be restricted with the following options:\n",
+        "  	-k print in kilobytes.\n"
+        "  	-G show only the thread group leader in a thread group.\n"
+	" ",
 	"  If no arguments are specified, every user process will be checked.",
 	"  Supported on ARM, X86, X86_64, ALPHA, IA64 and S390 only.",
 	"\nEXAMPLE",
 	"  Show the swap consumption for pid 1232, 1353 and 2275:\n",
 	"    crash> pswap 1232 1353 2275",
-	"    PID     SWAP     COMM",
+	"     PID     SWAP    COMM",
 	"     1232     34    auditd",
 	"     1353    526       vi",
 	"     2275  30237    gnome-shell",
-	"    crash>", 
+	"    crash>",
+	" ",
+	" Show the swap consumption for thread group leaders only:\n",
+	"    crash> pswap -G",
+	"     PID     SWAP    COMM",
+	"     469      71      zsh",
+	"     599      37    systemd-journal",
+	"     608     298    lvmetad",
+	"     637     428    systemd-udevd",
+	"     822      77    auditd",
+	"     836      26    audispd",
+	"     838      39    sedispatch",
+	"     842      23    alsactl",
+	"     844      44    bluetoothd",
+	"     851      46    rtkit-daemon",
+	"     852      59    accounts-daemon",
+	"     855      23    avahi-daemon",
+	"     857      96    rsyslogd",
+	"     858     179    restorecond",
+	"     859     144    smartd",
+	"     862      33    irqbalance",
+	"     867      41    systemd-logind",
+	"     868      37    dbus-daemon",
+	"    crash>",
 	NULL
 };
--

-- 
1.8.5.3

Andy Honig | 20 Feb 01:33 2014
Picon

[PATCH v2 0/3] Add support for kernel aslr

Changes from v1:
Separated changes in x86_64 to a separate file as they are only related
in that I needed to add support for slighty different kernels in order
to fully test these patches.

Corrected an alignment check from "& 0x1000 == 0" to "&0xFFF == 0"

Andy Honig (3):
  Improve search for __switch_to symbol
  Add support to kaslr for offline vmcore files.
  Automatically detect kernel aslr offset.

 defs.h    |   2 ++
 main.c    |   8 +++--
 netdump.c |  11 ++++++
 symbols.c | 117 ++++++++++++++++++++++++++++++++++++++++++++++++++------------
 x86_64.c  |  20 +++++++----
 5 files changed, 127 insertions(+), 31 deletions(-)

--

-- 
1.9.0.rc1.175.g0b1dcb5

Andy Honig | 19 Feb 20:11 2014
Picon

[PATCH 2/2] Automatically detect kernel aslr offset.

[PATCH 2/2] Automatically detect kernel aslr offset.

This patch improves support for kernel aslr by automatically
finding the aslr offset based on the _stext symbol in the vmcore
info.

Signed-off-by: Andrew Honig <ahonig <at> google.com>
---
 netdump.c | 11 +++++++++++
 symbols.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++----
 2 files changed, 58 insertions(+), 4 deletions(-)

diff --git a/netdump.c b/netdump.c
index 7dc2fca..884dd73 100644
--- a/netdump.c
+++ b/netdump.c
 <at>  <at>  -411,6 +411,17  <at>  <at>  is_netdump(char *file, ulong source_query)
 		get_log_from_vmcoreinfo(file, vmcoreinfo_read_string);
 	}

+	/*
+	 * We may need the _stext_SYMBOL from the vmcore_info to adjust for
+	 * kaslr and we may not have gotten it elsewhere.
+	 */
+	if (source_query == KDUMP_LOCAL) {
+		char *tmpstring = vmcoreinfo_read_string("SYMBOL(_stext)");
+		kt->vmcoreinfo._stext_SYMBOL =
+			htol(tmpstring, RETURN_ON_ERROR, NULL);
+		free(tmpstring);
+	}
+
 	return nd->header_size;

 bailout:
diff --git a/symbols.c b/symbols.c
index 28378ab..a2fc150 100644
--- a/symbols.c
+++ b/symbols.c
 <at>  <at>  -557,6 +557,43  <at>  <at>  strip_symbol_end(const char *name, char *buf)
 }

 /*
+ * Derives the kernel aslr offset by comparing the _stext symbol from the
+ * the vmcore_info in the dump file to the _stext symbol in the vmlinux file.
+ */
+static void
+derive_kaslr_offset(bfd *abfd, int dynamic, bfd_byte *start, bfd_byte *end,
+		    unsigned int size, asymbol *store)
+{
+	symbol_info syminfo;
+	asymbol *sym;
+	char *name;
+	unsigned long relocate;
+	char buf[BUFSIZE];
+
+	for (; start < end; start += size) {
+		sym = bfd_minisymbol_to_symbol(abfd, dynamic, start, store);
+		if (sym == NULL)
+			error(FATAL, "bfd_minisymbol_to_symbol() failed\n");
+
+		bfd_get_symbol_info(abfd, sym, &syminfo);
+		name = strip_symbol_end(syminfo.name, buf);
+		if (strcmp("_stext", name) == 0) {
+			relocate = syminfo.value - kt->vmcoreinfo._stext_SYMBOL;
+			/*
+			 *To avoid mistaking an mismatched kernel version with
+			 * a kaslr offset, we make sure that the offset is
+			 * aligned by 0x1000, as it always will be for
+			 * kaslr.
+			 */
+			if ((relocate & 0xFFF) == 0) {
+				kt->relocate = relocate;
+				kt->flags |= RELOC_SET;
+			}
+		}
+	}
+}
+
+/*
  *  Store the symbols gathered by symtab_init().  The symbols are stored
  *  in increasing numerical order.
  */
 <at>  <at>  -591,15 +628,21  <at>  <at>  store_symbols(bfd *abfd, int dynamic, void *minisyms, long symcount,
 	st->symcnt = 0;
 	sp = st->symtable;

+	first = 0;
+	from = (bfd_byte *) minisyms;
+	fromend = from + symcount * size;
+
 	if (machine_type("X86") || machine_type("X86_64")) {
-		if (!(kt->flags & RELOC_SET))
+		if (!(kt->flags & RELOC_SET)) {
+			if (machine_type("X86_64")) {
+				derive_kaslr_offset(abfd, dynamic, from,
+						fromend, size, store);
+			}
 			kt->flags |= RELOC_FORCE;
+		}
 	} else
 		kt->flags &= ~RELOC_SET;

-	first = 0;
-  	from = (bfd_byte *) minisyms;
-  	fromend = from + symcount * size;
   	for (; from < fromend; from += size)
     	{
       		if ((sym = bfd_minisymbol_to_symbol(abfd, dynamic, from, store))
--

-- 
1.9.0.rc1.175.g0b1dcb5

Andy Honig | 19 Feb 20:10 2014
Picon

[PATCH 1/2] Add support to kaslr offset for offline vmcore files.

[PATCH 1/2] Add support to kaslr for offline vmcore files.

This patch adds a --kaslr command line parameter for loading x86_64
crash dumps with kaslr enabled.  This reuses the code from 32-bit
x86 relocations with some small changes.  The ASLR offset is postive
instead of negative.  Also had to move the code to traverse the
kernel section before the symbol storing code to figure out which
symbols were outside any sections and therefore were not relocated.

Also made a very small change in search_for_switch_to it was
searching through gdb command output for a slightly incorrect syntax.

Tested: Tested by loading kdump files from kernels with aslr enabled
and not enabled.  Ran bt, files, and struct file 0xXXXXXX.

Signed-off-by: Andy Honig <ahonig <at> google.com>
---
 defs.h    |  2 ++
 main.c    |  8 ++++++--
 symbols.c | 66 +++++++++++++++++++++++++++++++++++++++++++++------------------
 x86_64.c  | 20 +++++++++++++------
 4 files changed, 69 insertions(+), 27 deletions(-)

diff --git a/defs.h b/defs.h
index 4cae5e5..c9a4b73 100644
--- a/defs.h
+++ b/defs.h
 <at>  <at>  -2417,6 +2417,8  <at>  <at>  struct symbol_table_data {
 	ulong __per_cpu_end;
 	off_t dwarf_debug_frame_file_offset;
 	ulong dwarf_debug_frame_size;
+	ulong first_section_start;
+	ulong last_section_end;
 };

 /* flags for st */
diff --git a/main.c b/main.c
index e5829bc..39763da 100644
--- a/main.c
+++ b/main.c
 <at>  <at>  -57,6 +57,7  <at>  <at>  static struct option long_options[] = {
         {"CRASHPAGER", 0, 0, 0},
         {"no_scroll", 0, 0, 0},
         {"reloc", required_argument, 0, 0},
+	{"kaslr", required_argument, 0, 0},
 	{"active", 0, 0, 0},
 	{"minimal", 0, 0, 0},
 	{"mod", required_argument, 0, 0},
 <at>  <at>  -216,12 +217,15  <at>  <at>  main(int argc, char **argv)
 		        else if (STREQ(long_options[option_index].name, "mod"))
 				kt->module_tree = optarg;

-		        else if (STREQ(long_options[option_index].name, "reloc")) {
+			else if (STREQ(long_options[option_index].name, "reloc") ||
+				 STREQ(long_options[option_index].name, "kaslr")) {
 				if (!calculate(optarg, &kt->relocate, NULL, 0)) {
 					error(INFO, "invalid --reloc argument: %s\n",
 						optarg);
 					program_usage(SHORT_FORM);
-				} 
+				} else if (STREQ(long_options[option_index].name, "kaslr")) {
+					kt->relocate *= -1;
+				}
 				kt->flags |= RELOC_SET;
 			}

diff --git a/symbols.c b/symbols.c
index d063a0a..28378ab 100644
--- a/symbols.c
+++ b/symbols.c
 <at>  <at>  -198,22 +198,6  <at>  <at>  symtab_init(void)
 			no_debugging_data(FATAL);
 	}
 	
-	symcount = bfd_read_minisymbols(st->bfd, FALSE, &minisyms, &size);
-
-	if (symcount <= 0)
-		no_debugging_data(FATAL);
-	
-	sort_x = bfd_make_empty_symbol(st->bfd);
-	sort_y = bfd_make_empty_symbol(st->bfd);
-	if (sort_x == NULL || sort_y == NULL)
-		error(FATAL, "bfd_make_empty_symbol() failed\n");
-	
-	gnu_qsort(st->bfd, minisyms, symcount, size, sort_x, sort_y);
-	
-	store_symbols(st->bfd, FALSE, minisyms, symcount, size);
-	
-	free(minisyms);
-
 	/*
 	 *  Gather references to the kernel sections.
 	 */
 <at>  <at>  -222,6 +206,7  <at>  <at>  symtab_init(void)
                 error(FATAL, "symbol table section array malloc: %s\n",
                         strerror(errno));
 	BZERO(st->sections, st->bfd->section_count * sizeof(struct sec *));
+	st->first_section_start = st->last_section_end = 0;

 	bfd_map_over_sections(st->bfd, section_header_info, KERNEL_SECTIONS);
 	if ((st->flags & (NO_SEC_LOAD|NO_SEC_CONTENTS)) ==
 <at>  <at>  -233,6 +218,22  <at>  <at>  symtab_init(void)
 		}
 	}

+	symcount = bfd_read_minisymbols(st->bfd, FALSE, &minisyms, &size);
+
+	if (symcount <= 0)
+		no_debugging_data(FATAL);
+
+	sort_x = bfd_make_empty_symbol(st->bfd);
+	sort_y = bfd_make_empty_symbol(st->bfd);
+	if (sort_x == NULL || sort_y == NULL)
+		error(FATAL, "bfd_make_empty_symbol() failed\n");
+
+	gnu_qsort(st->bfd, minisyms, symcount, size, sort_x, sort_y);
+
+	store_symbols(st->bfd, FALSE, minisyms, symcount, size);
+
+	free(minisyms);
+
 	symname_hash_init();
 	symval_hash_init();
 }                           
 <at>  <at>  -590,7 +591,7  <at>  <at>  store_symbols(bfd *abfd, int dynamic, void *minisyms, long symcount,
 	st->symcnt = 0;
 	sp = st->symtable;

-	if (machine_type("X86")) {
+	if (machine_type("X86") || machine_type("X86_64")) {
 		if (!(kt->flags & RELOC_SET))
 			kt->flags |= RELOC_FORCE;
 	} else
 <at>  <at>  -663,7 +664,7  <at>  <at>  store_sysmap_symbols(void)
                 error(FATAL, "symbol table namespace malloc: %s\n",
                         strerror(errno));

-	if (!machine_type("X86"))
+	if (!machine_type("X86") && !machine_type("X86_64"))
 		kt->flags &= ~RELOC_SET;

 	first = 0;
 <at>  <at>  -735,7 +736,20  <at>  <at>  relocate(ulong symval, char *symname, int first_symbol)
 		break;
 	}

-	return (symval - kt->relocate);
+	if (machine_type("X86_64")) {
+		/*
+		 * There are some symbols which are outside of any section
+		 * either because they are offsets or because they are absolute
+		 * addresses.  These should not be relocated.
+		 */
+		if (symval >= st->first_section_start &&
+			symval <= st->last_section_end) {
+			return symval - kt->relocate;
+		} else {
+			return symval;
+		}
+	} else
+		return symval - kt->relocate;
 }

 /*
 <at>  <at>  -9679,6 +9693,7  <at>  <at>  section_header_info(bfd *bfd, asection *section, void *reqptr)
 	struct load_module *lm;
 	ulong request;
         asection **sec;
+	ulong section_end_address;

 	request = ((ulong)reqptr);

 <at>  <at>  -9697,6 +9712,11  <at>  <at>  section_header_info(bfd *bfd, asection *section, void *reqptr)
                 	kt->etext_init = kt->stext_init +
                         	(ulong)bfd_section_size(bfd, section);
 		}
+
+		if (STREQ(bfd_get_section_name(bfd, section), ".text")) {
+			st->first_section_start = (ulong)
+				bfd_get_section_vma(bfd, section);
+		}
                 if (STREQ(bfd_get_section_name(bfd, section), ".text") ||
                     STREQ(bfd_get_section_name(bfd, section), ".data")) {
                         if (!(bfd_get_section_flags(bfd, section) & SEC_LOAD))
 <at>  <at>  -9713,6 +9733,14  <at>  <at>  section_header_info(bfd *bfd, asection *section, void *reqptr)
 			st->dwarf_debug_frame_file_offset = (off_t)section->filepos;
 			st->dwarf_debug_frame_size = (ulong)bfd_section_size(bfd, section);
 		}
+
+		if (st->first_section_start != 0) {
+			section_end_address =
+				(ulong) bfd_get_section_vma(bfd, section) +
+				(ulong) bfd_section_size(bfd, section);
+			if (section_end_address > st->last_section_end)
+				st->last_section_end = section_end_address;
+		}
 		break;

 	case (ulong)MODULE_SECTIONS:
diff --git a/x86_64.c b/x86_64.c
index 8508e4f..b51e285 100644
--- a/x86_64.c
+++ b/x86_64.c
 <at>  <at>  -5414,16 +5414,22  <at>  <at>  search_for_switch_to(ulong start, ulong end)
 {
 	ulong max_instructions, address;
 	char buf1[BUFSIZE];
-	char buf2[BUFSIZE];
+	char search_string1[BUFSIZE];
+	char search_string2[BUFSIZE];
 	int found;

 	max_instructions = end - start;
 	found = FALSE;
 	sprintf(buf1, "x/%ldi 0x%lx", max_instructions, start);
-	if (symbol_exists("__switch_to"))
-		sprintf(buf2, "callq  0x%lx", symbol_value("__switch_to"));
-	else
-		buf2[0] = NULLCHAR;
+	if (symbol_exists("__switch_to")) {
+		sprintf(search_string1,
+			"callq  0x%lx", symbol_value("__switch_to"));
+		sprintf(search_string2,
+			"call   0x%lx", symbol_value("__switch_to"));
+	} else {
+		search_string1[0] = NULLCHAR;
+		search_string2[0] = NULLCHAR;
+	}

 	open_tmpfile();

 <at>  <at>  -5436,7 +5442,9  <at>  <at>  search_for_switch_to(ulong start, ulong end)
 			break;
 		if (strstr(buf1, "<__switch_to>"))
 			found = TRUE;
-		if (strlen(buf2) && strstr(buf1, buf2))
+		if (strlen(search_string1) && strstr(buf1, search_string1))
+			found = TRUE;
+		if (strlen(search_string2) && strstr(buf1, search_string2))
 			found = TRUE;
 	}
 	close_tmpfile();
--

-- 
1.9.0.rc1.175.g0b1dcb5

Andy Honig | 19 Feb 01:56 2014
Picon

[PATCH] Automatically detect kernel aslr offset

Automatically detext kernel aslr offset

This patch improves support for kernel aslr, to automatically find the
aslr offset based on the location of the _stext symbol in the vmcore
info.

Signed-off-by: Andrew Honig <ahonig <at> google.com>
---
 netdump.c | 19 ++++++++-----------
 symbols.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 54 insertions(+), 14 deletions(-)

diff --git a/netdump.c b/netdump.c
index 8e7ec15..b327649 100644
--- a/netdump.c
+++ b/netdump.c
 <at>  <at>  -411,18 +411,15  <at>  <at>  is_netdump(char *file, ulong source_query)
 		get_log_from_vmcoreinfo(file, vmcoreinfo_read_string);
 	}

-	// This is the code where I should read the aslr offset.
+	/*
+	 *We may need the _stext_SYMBOL from the vmcore_info to adjust for
+	 * kaslr and we may not have gotten it elsewhere.
+	 */
 	if (source_query == KDUMP_LOCAL) {
-		long aslr_offset = 0;
-		char *aslr_string = vmcoreinfo_read_string("KERNELOFFSET");
-		if (aslr_string) {
-			aslr_offset = strtoul(aslr_string, NULL, 16);
-			free (aslr_string);
-		}
-		if (!(kt->flags & RELOC_SET) && aslr_offset > 0) {
-			kt->flags |= RELOC_SET;
-			kt->relocate=aslr_offset * -1;
-		}
+		char *tmpstring = vmcoreinfo_read_string("SYMBOL(_stext)");
+		kt->vmcoreinfo._stext_SYMBOL =
+			htol(tmpstring, RETURN_ON_ERROR, NULL);
+		free(tmpstring);
 	}

 	return nd->header_size;
diff --git a/symbols.c b/symbols.c
index d5f8199..afe5ed0 100755
--- a/symbols.c
+++ b/symbols.c
 <at>  <at>  -553,6 +553,43  <at>  <at>  strip_symbol_end(const char *name, char *buf)
 }

 /*
+ * Derives the kernel aslr offset by comparing the _stext symbol from the
+ * the vmcore_info in the dump file to the _stext symbol in the vmlinux file.
+ */
+static void
+derive_kaslr_offset(bfd *abfd, int dynamic, bfd_byte *start, bfd_byte *end,
+		    unsigned int size, asymbol *store)
+{
+	symbol_info syminfo;
+	asymbol *sym;
+	char *name;
+	unsigned long relocate;
+	char buf[BUFSIZE];
+
+	for (; start < end; start += size) {
+		sym = bfd_minisymbol_to_symbol(abfd, dynamic, start, store);
+		if (sym == NULL)
+			error(FATAL, "bfd_minisymbol_to_symbol() failed\n");
+
+		bfd_get_symbol_info(abfd, sym, &syminfo);
+		name = strip_symbol_end(syminfo.name, buf);
+		if (strcmp("_stext", name) == 0) {
+			relocate = syminfo.value - kt->vmcoreinfo._stext_SYMBOL;
+			/*
+			 *To avoid mistaking an mismatched kernel version with
+			 * a kaslr offset, we make sure that the offset is
+			 * aligned by 0x1000, as it always will be for
+			 * kaslr.
+			 */
+			if ((relocate & 0x1000) == 0) {
+				kt->relocate = relocate;
+				kt->flags |= RELOC_SET;
+			}
+		}
+	}
+}
+
+/*
  *  Store the symbols gathered by symtab_init().  The symbols are stored
  *  in increasing numerical order.
  */
 <at>  <at>  -588,15 +625,21  <at>  <at>  store_symbols(bfd *abfd, int dynamic, void *minisyms, long symcount,
 	st->symcnt = 0;
 	sp = st->symtable;

+	first = 0;
+	from = (bfd_byte *) minisyms;
+	fromend = from + symcount * size;
+
 	if (machine_type("X86") || machine_type("X86_64")) {
+		/* If kernel aslr offset has not been set, try to guess it. */
+		if (kt->relocate == 0)
+			derive_kaslr_offset(abfd, dynamic, from,
+					    fromend, size, store);
+
 		if (!(kt->flags & RELOC_SET))
 			kt->flags |= RELOC_FORCE;
 	} else
 		kt->flags &= ~RELOC_SET;

-	first = 0;
-  	from = (bfd_byte *) minisyms;
-  	fromend = from + symcount * size;
   	for (; from < fromend; from += size)
     	{
       		if ((sym = bfd_minisymbol_to_symbol(abfd, dynamic, from, store))
--

-- 
1.9.0.rc1.175.g0b1dcb5

曾兴胜 | 17 Feb 04:54 2014

Question about: crash: seek error: kernel virtual address: c1625ccc type: "cpu_possible_mask"

 Hi,
    I am using KDUMP tools(version: 2.0.4) to capture kernel panic information. I configured the kernel compile para according to the kdump-tutorial, and get dump file in /var/crash/ through echo c > /proc/sysrq-trigger. but when I analyze the dump file using command:  crash -d8 vmlinux dumpfile
error happens as following:
crash: seek error: kernel virtual address: c1625ccc  type: "cpu_possible_mask"
The more log can be seen in the attachment: crash.log

Otherwise, I found the size of dump file(dump-incomplete) is about 25M, but my memory is 4G. why the dump file is so small?
My linux version is linux Mint15, basing on Ubuntu, the kernel version is 3.8.13.

v10 <at> COS-Desktop ~ $
v10 <at> COS-Desktop ~ $ cat /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-3.8.13.13-cos-i686 root=UUID=c0bd0f62-0dfa-4425-8afa-b5ff8a00df5c ro crashkernel=384M-2G:64M,2G-:128M quiet splash
v10 <at> COS-Desktop ~ $
v10 <at> COS-Desktop ~ $ cat /var/crash/kexec_cmd
/sbin/kexec -p --command-line="BOOT_IMAGE=/boot/vmlinuz-3.8.13.13-cos-i686 root=UUID=c0bd0f62-0dfa-4425-8afa-b5ff8a00df5c ro quiet splash irqpoll maxcpus=1 nousb " --initrd=/boot/initrd.img-3.8.13.13-cos-i686 /boot/vmlinuz-3.8.13.13-cos-i686
v10 <at> COS-Desktop ~ $
v10 <at> COS-Desktop ~ $

other log:
v10 <at> COS-Desktop ~ $ sudo crash --minimal kdump/0211/vmlinux  /var/crash/201402120848/dump-incomplete
[sudo] password for v10:

crash 6.1.6
Copyright (C) 2002-2013  Red Hat, Inc.
Copyright (C) 2004, 2005, 2006, 2010  IBM Corporation
Copyright (C) 1999-2006  Hewlett-Packard Co
Copyright (C) 2005, 2006, 2011, 2012  Fujitsu Limited
Copyright (C) 2006, 2007  VA Linux Systems Japan K.K.
Copyright (C) 2005, 2011  NEC Corporation
Copyright (C) 1999, 2002, 2007  Silicon Graphics, Inc.
Copyright (C) 1999, 2000, 2001, 2002  Mission Critical Linux, Inc.
This program is free software, covered by the GNU General Public License,
and you are welcome to change it and/or distribute copies of it under
certain conditions.  Enter "help copying" to see the conditions.
This program has absolutely no warranty.  Enter "help warranty" for details.
 
GNU gdb (GDB) 7.3.1
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...

NOTE: minimal mode commands: log, dis, rd, sym, eval, set, extend and exit

crash>
crash>
crash> rd linux_banner 30
rd: seek error: kernel virtual address: c1622080  type: "32-bit KVADDR"
crash>
crash>
crash>

I appreciate your help. Thanks!



Attachment (crash.log): text/x-log, 3398 KiB
<div>
<div>&nbsp;Hi,<br>&nbsp;&nbsp;&nbsp; I am using KDUMP tools(version: 2.0.4) to capture kernel panic information. I configured the kernel compile para according to the kdump-tutorial, and get dump file in /var/crash/ through echo c &gt; /proc/sysrq-trigger. but when I analyze the dump file using command:&nbsp; crash -d8 vmlinux dumpfile<br>error happens as following:<br>crash: seek error: kernel virtual address: c1625ccc&nbsp; type: "cpu_possible_mask"<br>The more log can be seen in the attachment: crash.log<br><br>Otherwise, I found the size of dump file(dump-incomplete) is about 25M, but my memory is 4G. <span>why the dump file is so small?</span><br>My linux version is linux Mint15, basing on Ubuntu, the kernel version is 3.8.13.<br><br>v10 <at> COS-Desktop ~ $ <br>v10 <at> COS-Desktop ~ $ cat /proc/cmdline <br>BOOT_IMAGE=/boot/vmlinuz-3.8.13.13-cos-i686 root=UUID=c0bd0f62-0dfa-4425-8afa-b5ff8a00df5c ro crashkernel=384M-2G:64M,2G-:128M quiet splash<br>v10 <at> COS-Desktop ~ $ <br>v10 <at> COS-Desktop ~ $ cat /var/crash/kexec_cmd <br>/sbin/kexec -p --command-line="BOOT_IMAGE=/boot/vmlinuz-3.8.13.13-cos-i686 root=UUID=c0bd0f62-0dfa-4425-8afa-b5ff8a00df5c ro quiet splash irqpoll maxcpus=1 nousb " --initrd=/boot/initrd.img-3.8.13.13-cos-i686 /boot/vmlinuz-3.8.13.13-cos-i686<br>v10 <at> COS-Desktop ~ $ <br>v10 <at> COS-Desktop ~ $ <br><br><span></span><span><span>other log:</span></span><br>v10 <at> COS-Desktop ~ $ sudo crash --minimal kdump/0211/vmlinux&nbsp; /var/crash/201402120848/dump-incomplete <br>[sudo] password for v10: <br><br>crash 6.1.6<br>Copyright (C) 2002-2013&nbsp; Red Hat, Inc.<br>Copyright (C) 2004, 2005, 2006, 2010&nbsp; IBM Corporation<br>Copyright (C) 1999-2006&nbsp; Hewlett-Packard Co<br>Copyright (C) 2005, 2006, 2011, 2012&nbsp; Fujitsu Limited<br>Copyright (C) 2006, 2007&nbsp; VA Linux Systems Japan K.K.<br>Copyright (C) 2005, 2011&nbsp; NEC Corporation<br>Copyright (C) 1999, 2002, 2007&nbsp; Silicon Graphics, Inc.<br>Copyright (C) 1999, 2000, 2001, 2002&nbsp; Mission Critical Linux, Inc.<br>This program is free software, covered by the GNU General Public License,<br>and you are welcome to change it and/or distribute copies of it under<br>certain conditions.&nbsp; Enter "help copying" to see the conditions.<br>This program has absolutely no warranty.&nbsp; Enter "help warranty" for details.<br>&nbsp;<br>GNU gdb (GDB) 7.3.1<br>Copyright (C) 2011 Free Software Foundation, Inc.<br>License GPLv3+: GNU GPL version 3 or later &lt;http://gnu.org/licenses/gpl.html&gt;<br>This is free software: you are free to change and redistribute it.<br>There is NO WARRANTY, to the extent permitted by law.&nbsp; Type "show copying"<br>and "show warranty" for details.<br>This GDB was configured as "i686-pc-linux-gnu"...<br><br>NOTE: minimal mode commands: log, dis, rd, sym, eval, set, extend and exit<br><br>crash&gt; <br>crash&gt; <br>crash&gt; rd linux_banner 30<br>rd: seek error: kernel virtual address: c1622080&nbsp; type: "32-bit KVADDR"<br>crash&gt; <br>crash&gt; <br>crash&gt; <br><br>I appreciate your help. Thanks!<br><br>
</div>
<br><br><span title="neteasefooter"><span></span></span>
</div>

Gmane