Inaccurate readings randomize_layout [Linux Kernel] #48

pwnosaur · 2020-09-03T16:29:26Z

The current implementation for the Linux kernel debugging lacks support for kernel 4.13+ because of the randomize_layout security feature which randomizes the location of struct members during the kernel compilation process, thus the offset of each element may vary resulting in inaccurate readings.

More information here about the feature
https://lwn.net/Articles/722293/

note the randomized_struct_fields_start used in

Kernel 4.13+

struct task_struct 
{
#ifdef CONFIG_THREAD_INFO_IN_TASK
	struct thread_info		thread_info;
#endif
	volatile long			state;
	randomized_struct_fields_start
	void				*stack;
...

which was not yet implemented in previous kernel versions

Kernel 4.12-

struct task_struct {
#ifdef CONFIG_THREAD_INFO_IN_TASK
	struct thread_info		thread_info;
#endif
	volatile long			state;
	void				*stack;

The text was updated successfully, but these errors were encountered:

pwnosaur changed the title ~~Inconsistent DTBs [Linux Kernel]~~ Inaccurate readings randomize_layout [Linux Kernel] Sep 3, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Inaccurate readings randomize_layout [Linux Kernel] #48

Inaccurate readings randomize_layout [Linux Kernel] #48

pwnosaur commented Sep 3, 2020

Inaccurate readings randomize_layout [Linux Kernel] #48

Inaccurate readings randomize_layout [Linux Kernel] #48

Comments

pwnosaur commented Sep 3, 2020