From: Steven Rostedt <rostedt@goodmis.org>
To: linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>,
Mark Rutland <mark.rutland@arm.com>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
Andrew Morton <akpm@linux-foundation.org>
Subject: [PATCH v4 1/8] ring-buffer: Use kaslr address instead of text delta
Date: Wed, 05 Mar 2025 11:45:40 -0500 [thread overview]
Message-ID: <20250305164608.274956504@goodmis.org> (raw)
In-Reply-To: 20250305164539.379008535@goodmis.org
From: Steven Rostedt <rostedt@goodmis.org>
Instead of saving off the text and data pointers and using them to compare
with the current boot's text and data pointers, just save off the KASLR
offset. Then that can be used to figure out how to read the previous boots
buffer.
The last_boot_info will now show this offset, but only if it is for a
previous boot:
~# cat instances/boot_mapped/last_boot_info
39000000 [kernel]
~# echo function > instances/boot_mapped/current_tracer
~# cat instances/boot_mapped/last_boot_info
# Current
If the KASLR offset saved is for the current boot, the last_boot_info will
show the value of "current".
Reviewed-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
---
include/linux/ring_buffer.h | 3 +--
kernel/trace/ring_buffer.c | 31 ++++++++++++-------------------
kernel/trace/trace.c | 30 +++++++++++++++++++++---------
kernel/trace/trace.h | 9 +++++----
4 files changed, 39 insertions(+), 34 deletions(-)
diff --git a/include/linux/ring_buffer.h b/include/linux/ring_buffer.h
index 17fbb7855295..8de035f4f0d9 100644
--- a/include/linux/ring_buffer.h
+++ b/include/linux/ring_buffer.h
@@ -94,8 +94,7 @@ struct trace_buffer *__ring_buffer_alloc_range(unsigned long size, unsigned flag
unsigned long range_size,
struct lock_class_key *key);
-bool ring_buffer_last_boot_delta(struct trace_buffer *buffer, long *text,
- long *data);
+bool ring_buffer_last_boot_delta(struct trace_buffer *buffer, unsigned long *kaslr_addr);
/*
* Because the ring buffer is generic, if other users of the ring buffer get
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index 7b6bd1f3daf4..49c3c46fe2f4 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -31,6 +31,7 @@
#include <asm/local64.h>
#include <asm/local.h>
+#include <asm/setup.h>
#include "trace.h"
@@ -49,8 +50,7 @@ static void update_pages_handler(struct work_struct *work);
struct ring_buffer_meta {
int magic;
int struct_size;
- unsigned long text_addr;
- unsigned long data_addr;
+ unsigned long kaslr_addr;
unsigned long first_buffer;
unsigned long head_buffer;
unsigned long commit_buffer;
@@ -550,8 +550,7 @@ struct trace_buffer {
unsigned long range_addr_start;
unsigned long range_addr_end;
- long last_text_delta;
- long last_data_delta;
+ unsigned long kaslr_addr;
unsigned int subbuf_size;
unsigned int subbuf_order;
@@ -1891,16 +1890,13 @@ static void rb_meta_validate_events(struct ring_buffer_per_cpu *cpu_buffer)
}
}
-/* Used to calculate data delta */
-static char rb_data_ptr[] = "";
-
-#define THIS_TEXT_PTR ((unsigned long)rb_meta_init_text_addr)
-#define THIS_DATA_PTR ((unsigned long)rb_data_ptr)
-
static void rb_meta_init_text_addr(struct ring_buffer_meta *meta)
{
- meta->text_addr = THIS_TEXT_PTR;
- meta->data_addr = THIS_DATA_PTR;
+#ifdef CONFIG_RANDOMIZE_BASE
+ meta->kaslr_addr = kaslr_offset();
+#else
+ meta->kaslr_addr = 0;
+#endif
}
static void rb_range_meta_init(struct trace_buffer *buffer, int nr_pages)
@@ -1928,8 +1924,7 @@ static void rb_range_meta_init(struct trace_buffer *buffer, int nr_pages)
meta->first_buffer += delta;
meta->head_buffer += delta;
meta->commit_buffer += delta;
- buffer->last_text_delta = THIS_TEXT_PTR - meta->text_addr;
- buffer->last_data_delta = THIS_DATA_PTR - meta->data_addr;
+ buffer->kaslr_addr = meta->kaslr_addr;
continue;
}
@@ -2482,17 +2477,15 @@ struct trace_buffer *__ring_buffer_alloc_range(unsigned long size, unsigned flag
*
* Returns: The true if the delta is non zero
*/
-bool ring_buffer_last_boot_delta(struct trace_buffer *buffer, long *text,
- long *data)
+bool ring_buffer_last_boot_delta(struct trace_buffer *buffer, unsigned long *kaslr_addr)
{
if (!buffer)
return false;
- if (!buffer->last_text_delta)
+ if (!buffer->kaslr_addr)
return false;
- *text = buffer->last_text_delta;
- *data = buffer->last_data_delta;
+ *kaslr_addr = buffer->kaslr_addr;
return true;
}
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 25ff37aab00f..41d463e5327c 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -50,7 +50,7 @@
#include <linux/irq_work.h>
#include <linux/workqueue.h>
-#include <asm/setup.h> /* COMMAND_LINE_SIZE */
+#include <asm/setup.h> /* COMMAND_LINE_SIZE and kaslr_offset() */
#include "trace.h"
#include "trace_output.h"
@@ -4193,7 +4193,7 @@ static enum print_line_t print_trace_fmt(struct trace_iterator *iter)
* safe to use if the array has delta offsets
* Force printing via the fields.
*/
- if ((tr->text_delta || tr->data_delta) &&
+ if ((tr->text_delta) &&
event->type > __TRACE_LAST_TYPE)
return print_event_fields(iter, event);
@@ -5990,7 +5990,7 @@ ssize_t tracing_resize_ring_buffer(struct trace_array *tr,
static void update_last_data(struct trace_array *tr)
{
- if (!tr->text_delta && !tr->data_delta)
+ if (!(tr->flags & TRACE_ARRAY_FL_LAST_BOOT))
return;
/*
@@ -6003,7 +6003,8 @@ static void update_last_data(struct trace_array *tr)
/* Using current data now */
tr->text_delta = 0;
- tr->data_delta = 0;
+
+ tr->flags &= ~TRACE_ARRAY_FL_LAST_BOOT;
}
/**
@@ -6821,8 +6822,17 @@ tracing_last_boot_read(struct file *filp, char __user *ubuf, size_t cnt, loff_t
seq_buf_init(&seq, buf, 64);
- seq_buf_printf(&seq, "text delta:\t%ld\n", tr->text_delta);
- seq_buf_printf(&seq, "data delta:\t%ld\n", tr->data_delta);
+ /*
+ * Do not leak KASLR address. This only shows the KASLR address of
+ * the last boot. When the ring buffer is started, the LAST_BOOT
+ * flag gets cleared, and this should only report "current".
+ * Otherwise it shows the KASLR address from the previous boot which
+ * should not be the same as the current boot.
+ */
+ if (tr->flags & TRACE_ARRAY_FL_LAST_BOOT)
+ seq_buf_printf(&seq, "%lx\t[kernel]\n", tr->kaslr_addr);
+ else
+ seq_buf_puts(&seq, "# Current\n");
return simple_read_from_buffer(ubuf, cnt, ppos, buf, seq_buf_used(&seq));
}
@@ -9206,8 +9216,10 @@ allocate_trace_buffer(struct trace_array *tr, struct array_buffer *buf, int size
tr->range_addr_start,
tr->range_addr_size);
- ring_buffer_last_boot_delta(buf->buffer,
- &tr->text_delta, &tr->data_delta);
+#ifdef CONFIG_RANDOMIZE_BASE
+ if (ring_buffer_last_boot_delta(buf->buffer, &tr->kaslr_addr))
+ tr->text_delta = kaslr_offset() - tr->kaslr_addr;
+#endif
/*
* This is basically the same as a mapped buffer,
* with the same restrictions.
@@ -10455,7 +10467,7 @@ __init static void enable_instances(void)
* to it.
*/
if (start) {
- tr->flags |= TRACE_ARRAY_FL_BOOT;
+ tr->flags |= TRACE_ARRAY_FL_BOOT | TRACE_ARRAY_FL_LAST_BOOT;
tr->ref++;
}
diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h
index 9c21ba45b7af..abe8169c3e87 100644
--- a/kernel/trace/trace.h
+++ b/kernel/trace/trace.h
@@ -348,8 +348,8 @@ struct trace_array {
unsigned int mapped;
unsigned long range_addr_start;
unsigned long range_addr_size;
+ unsigned long kaslr_addr;
long text_delta;
- long data_delta;
struct trace_pid_list __rcu *filtered_pids;
struct trace_pid_list __rcu *filtered_no_pids;
@@ -433,9 +433,10 @@ struct trace_array {
};
enum {
- TRACE_ARRAY_FL_GLOBAL = BIT(0),
- TRACE_ARRAY_FL_BOOT = BIT(1),
- TRACE_ARRAY_FL_MOD_INIT = BIT(2),
+ TRACE_ARRAY_FL_GLOBAL = BIT(0),
+ TRACE_ARRAY_FL_BOOT = BIT(1),
+ TRACE_ARRAY_FL_LAST_BOOT = BIT(2),
+ TRACE_ARRAY_FL_MOD_INIT = BIT(3),
};
#ifdef CONFIG_MODULES
--
2.47.2
next prev parent reply other threads:[~2025-03-05 16:46 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-05 16:45 [PATCH v4 0/8] ring-buffer/tracing: Save module information in persistent memory Steven Rostedt
2025-03-05 16:45 ` Steven Rostedt [this message]
2025-03-05 16:45 ` [PATCH v4 2/8] ring-buffer: Add buffer meta data for persistent ring buffer Steven Rostedt
2025-03-05 16:45 ` [PATCH v4 3/8] ring-buffer: Add ring_buffer_meta_scratch() Steven Rostedt
2025-03-05 16:45 ` [PATCH v4 4/8] tracing: Have persistent trace instances save KASLR offset Steven Rostedt
2025-03-05 16:45 ` [PATCH v4 5/8] module: Add module_for_each_mod() function Steven Rostedt
2025-03-05 16:45 ` [PATCH v4 6/8] tracing: Have persistent trace instances save module addresses Steven Rostedt
2025-03-05 16:45 ` [PATCH v4 7/8] tracing: Show module names and addresses of last boot Steven Rostedt
2025-03-05 16:45 ` [PATCH v4 8/8] tracing: Update modules to persistent instances when loaded Steven Rostedt
2025-03-14 9:53 ` Biju Das
2025-03-14 9:59 ` [PATCH v4 0/8] ring-buffer/tracing: Save module information in persistent memory Biju Das
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250305164608.274956504@goodmis.org \
--to=rostedt@goodmis.org \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mathieu.desnoyers@efficios.com \
--cc=mhiramat@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).