On Fri, 13 Mar 2026 17:00:22 -0300 "Guilherme G. Piccoli" <[email protected]> wrote:
> Hi folks, first of all thanks in advance for reviews and comments! > > I was testing a pstore/ftrace patch the other day and noticed > the lack of the KASLR support. But to my surprise, it was not > as easy to fix up as I expected heh > > Main reason is the obvious thing with modules: the way to > go, I think, is to somehow save the module name (or some other > id?) and the instruction offset inside such module, to then > resolve that in next boot, when printing. But that would require > more intrusive changes in the way pstore/ftrace saves the IP > (which is quite simple now), leading to some potentially > meaningful perf overhead. > > Hence, I've decided to just mess with core kernel addresses > so far, lemme know WDYT - should I somehow pursue fixing > modules addr resolution as well? Or doesn't worth the changes? > Any ideas on how to approach that? I noticed that currently, > modules' symbols are sometimes resolved fine, sometimes they're > bogus but point to the module at least (not some other random > code), but eventually they are just nonsense addresses. > > Regarding the choice of using the MSB to store if an addr is core > kernel or module, well this was also a choice taking into account > simplicity and performance, lemme know please if it's no good and > any suggestions on how to better do it, I can easily re-implement! > Thanks again, You can look at what ftrace does with the persistent ring buffer. It adds the offset data to a "scratch pad" that is saved in the persistent memory. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/kernel/trace/trace.c#n5352 If you know your memory isn't reset over reboots, you can create a "persistent ring buffer" via the kernel command line: reserve_mem=20M:2M:trace trace_instance=boot_map@trace Read more about it here: https://docs.kernel.org/trace/debugging.html Then on reboot, the persistent ring buffer lives here: /sys/kernel/tracing/instances/boot_map/ You can enable tracing just like any other instance: # echo 1 > /sys/kernel/tracing/instances/boot_map/tracing_on # echo function_graph > /sys/kernel/tracing/instances/boot_map/current_tracer # cat /sys/kernel/tracing/instances/boot_map/trace Then reboot, if the memory wasn't corrupted or reset, the instance will have everything from the last boot, right to where it rebooted the machine. There's a file that shows the indexes of the kernel from the previous boot: # cat /sys/kernel/tracing/instances/boot_map/last_boot_info ffffffffa6000000 [kernel] ffffffffc0400000 drm ffffffffc0444000 wmi ffffffffc0446000 soundcore ffffffffc0447000 tpm_infineon ffffffffc0449000 lpc_ich ffffffffc044a000 serio_raw ffffffffc044b000 i2c_smbus ffffffffc044c000 i2c_i801 ffffffffc044f000 snd_seq_device ffffffffc0450000 e1000e ffffffffc047a000 intel_cstate ffffffffc047b000 video ffffffffc047f000 drm_kms_helper ffffffffc0493000 snd ffffffffc04a0000 intel_uncore ffffffffc04ad000 mei ffffffffc04bf000 snd_timer ffffffffc04c4000 snd_pcm ffffffffc04d7000 snd_seq ffffffffc04e2000 drm_display_helper ffffffffc04f6000 iTCO_vendor_support ffffffffc04f7000 mei_wdt ffffffffc04f8000 iTCO_wdt ffffffffc04f9000 mei_me ffffffffc04fe000 wmi_bmof ffffffffc04ff000 ttm ffffffffc050a000 rapl ffffffffc050b000 drm_buddy ffffffffc050e000 snd_hda_core ffffffffc0518000 ghash_clmulni_intel ffffffffc0519000 i2c_algo_bit ffffffffc051b000 snd_hwdep ffffffffc051d000 irqbypass ffffffffc051e000 drm_client_lib ffffffffc051f000 snd_hda_codec ffffffffc0531000 snd_intel_dspcfg ffffffffc0532000 kvm ffffffffc05ab000 snd_hda_intel ffffffffc05af000 kvm_intel ffffffffc05d5000 intel_powerclamp ffffffffc05d6000 coretemp ffffffffc05d7000 snd_hda_codec_generic ffffffffc05e4000 snd_hda_scodec_component ffffffffc05e5000 snd_hda_codec_realtek_lib ffffffffc05ea000 snd_hda_codec_alc269 ffffffffc05f2000 snd_hda_codec_hdmi ffffffffc05f7000 x86_pkg_temp_thermal ffffffffc05f8000 intel_rapl_common ffffffffc05fc000 intel_rapl_msr ffffffffc05fd000 snd_hda_codec_intelhdmi ffffffffc05ff000 llc ffffffffc0a00000 i915 ffffffffc0c10000 rfkill ffffffffc0c13000 vmw_vmci ffffffffc0c1d000 vsock ffffffffc0c23000 stp ffffffffc0c24000 bridge That has where the _text address was for the main kernel, and also where every module was loaded. If you enable tracing, that file will just show: # echo 1 > /sys/kernel/tracing/boot_map/events/sched/sched_switch/enable # cat /sys/kernel/tracing/instances/boot_map/last_boot_info # Current As it will not show the current mappings. Only the mappings of a previous boot. -- Steve
