----- Original Message ----- > > > On 09/11/2016 16:28, Dave Anderson wrote: > > I'm not sure whether this "guest userspace agent" is still in play here, > > but if there were such a thing, it could theoretically do the same > > thing that crash currently does when running on a live system. > > > > Both of those are available or calculatable from the contents of > > a kdump header. However, on a live system, it's done like this: > > > > - /proc/kallsyms is queried for the symbol value of "_text", which would > > be relocated if KASLR is in play. That value is compared against the > > "_text" symbol value compiled into the vmlinux file to determine the > > relocation value generated by CONFIG_RANDOMIZE_BASE. > > > > [...] in order to read kernel symbols from the > > statically-mapped kernel region based at __START_KERNEL_map, it > > translates a (possibly relocated) kernel virtual address into a > > physical address like this: > > > > physical-address = virtual-address - __START_KERNEL_map + phys_base > > > > But it's a chicken-and-egg deal, because the contents of the "phys_base" > > symbol are needed to calculate the physical address, but it can't > > read the "phys_base" symbol contents without first knowing its contents. > > > > So on a live system, the "phys_base" is calculated by reading > > the "Kernel Code:" value from /proc/iomem, and then doing this: > > > > phys_base = [Kernel Code: value] - ["_text" symbol value] - > > __START_KERNEL_map > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > Should there be parentheses around this?
Yes, sorry, that's correct -- that's what the code does, and what I meant to express... Dave > The physical-address formula above is equivalent to > > phys_base = physical-address - (virtual-address - __START_KERNEL_map) > > > > > So theoretically, the guest agent could read /proc/iomem and /proc/kallsyms > > for the information required. (I think...) > > Then yes, the guest-agent could add a command get-kernel-text-start with an > output like: > > { 'virtual': 0xffffffff86000000, 'physical': 0xb6000000 } > > and libvirt can expose it to crash. In this case, phys_base would be > 0xb0000000 > if I did the math right, and the relocation value is obtained by comparing the > "virtual" address with the vmlinux "_text". > > IIRC the guest agent runs as root, so reading /proc/iomem is not a problem. > > Paolo >