libdrgn: fix _page_offset() helper and move to object finder

The internal _page_offset() helper gets the value of PAGE_OFFSET, but
the fallback when KASLR is disabled has been out of date since Linux
v4.20 and never handled 5-level page tables. Additionally, it makes more
sense as part of the Linux kernel (formerly vmcoreinfo) object finder so
that it's cleanly accessible outside of drgn internals.

Author: osandov

drgn/helpers/linux/mm.py

@@ -44,15 +44,6 @@ def _vmemmap(prog):
         return Object(prog, "struct page *", value=0xFFFFEA0000000000)
 
 
-def _page_offset(prog):
-    try:
-        # KASAN
-        return prog["page_offset_base"].value_()
-    except KeyError:
-        # x86-64
-        return 0xFFFF880000000000
-
-
 def for_each_page(prog):
     """
     Iterate over all pages in the system.
@@ -101,7 +92,7 @@ def virt_to_pfn(prog_or_addr, addr=None):
         addr = prog_or_addr.value_()
     else:
         prog = prog_or_addr
-    return Object(prog, "unsigned long", value=(addr - _page_offset(prog)) >> 12)
+    return Object(prog, "unsigned long", value=(addr - prog["PAGE_OFFSET"]) >> 12)
 
 
 def pfn_to_virt(prog_or_pfn, pfn=None):
@@ -117,7 +108,7 @@ def pfn_to_virt(prog_or_pfn, pfn=None):
         pfn = prog_or_pfn.value_()
     else:
         prog = prog_or_pfn
-    return Object(prog, "void *", value=(pfn << 12) + _page_offset(prog))
+    return Object(prog, "void *", value=(pfn << 12) + prog["PAGE_OFFSET"])
 
 
 def page_to_virt(page):

libdrgn/arch_x86_64.c.in

@@ -4,6 +4,7 @@
 
 #include "internal.h"
 #include "platform.h"
+#include "program.h"
 %}
 
 x86-64
@@ -274,11 +275,81 @@ out:
 	return err;
 }
 
+static struct drgn_error *
+linux_kernel_get_page_offset_x86_64(struct drgn_program *prog, uint64_t *ret)
+{
+	struct drgn_error *err;
+	struct drgn_object obj;
+	bool nonzero;
+
+	/*
+	 * If KASLR is enabled, PAGE_OFFSET is easily available via
+	 * page_offset_base.
+	 */
+	drgn_object_init(&obj, prog);
+	err = drgn_program_find_object(prog, "page_offset_base", NULL,
+				       DRGN_FIND_OBJECT_VARIABLE, &obj);
+	if (!err) {
+		err = drgn_object_read_unsigned(&obj, ret);
+		goto out;
+	}
+	if (err->code == DRGN_ERROR_LOOKUP)
+		drgn_error_destroy(err);
+	else
+		goto out;
+
+	/*
+	 * If not, we determine PAGE_OFFSET based on the kernel page table. On
+	 * x86_64, swapper_pg_dir is a macro defined to init_top_pgt, which
+	 * itself is defined in assembly. They're both available in VMCOREINFO,
+	 * but it's easier to get it from init_mm.pgd.
+	 */
+	err = drgn_program_find_object(prog, "init_mm", NULL,
+				       DRGN_FIND_OBJECT_VARIABLE, &obj);
+	if (err)
+		goto out;
+	err = drgn_object_member(&obj, &obj, "pgd");
+	if (err)
+		goto out;
+
+	/*
+	 * Before Linux kernel commit d52888aa2753 ("x86/mm: Move LDT remap out
+	 * of KASLR region on 5-level paging") (in v4.20), PAGE_OFFSET was pgd
+	 * slot 272. After that, it is pgd slot 273, and slot 272 is empty
+	 * (reserved for Local Descriptor Table mappings for userspace tasks).
+	 */
+	err = drgn_object_subscript(&obj, &obj, 272);
+	if (err)
+		goto out;
+	err = drgn_object_member(&obj, &obj, "pgd");
+	if (err)
+		goto out;
+	err = drgn_object_bool(&obj, &nonzero);
+	if (err)
+		goto out;
+	if (nonzero) {
+		if (prog->vmcoreinfo.pgtable_l5_enabled)
+			*ret = UINT64_C(0xff10000000000000);
+		else
+			*ret = UINT64_C(0xffff880000000000);
+	} else {
+		if (prog->vmcoreinfo.pgtable_l5_enabled)
+			*ret = UINT64_C(0xff11000000000000);
+		else
+			*ret = UINT64_C(0xffff888000000000);
+	}
+
+out:
+	drgn_object_deinit(&obj);
+	return err;
+}
+
 const struct drgn_architecture_info arch_info_x86_64 = {
 	ARCHITECTURE_INFO,
 	.default_flags = (DRGN_PLATFORM_IS_64_BIT |
 			  DRGN_PLATFORM_IS_LITTLE_ENDIAN),
 	.frame_registers = frame_registers_x86_64,
 	.num_frame_registers = ARRAY_SIZE(frame_registers_x86_64),
 	.linux_kernel_set_initial_registers = linux_kernel_set_initial_registers_x86_64,
+	.linux_kernel_get_page_offset = linux_kernel_get_page_offset_x86_64,
 };

libdrgn/kdump.c

@@ -125,7 +125,7 @@ struct drgn_error *drgn_program_set_kdump(struct drgn_program *prog)
 	}
 
 	prog->flags |= DRGN_PROGRAM_IS_LINUX_KERNEL;
-	err = drgn_program_add_object_finder(prog, vmcoreinfo_object_find,
+	err = drgn_program_add_object_finder(prog, linux_kernel_object_find,
 					     prog);
 	if (err)
 		goto err;

libdrgn/linux_kernel.c

@@ -235,19 +235,40 @@ struct drgn_error *read_vmcoreinfo_fallback(struct drgn_memory_reader *reader,
 	return err;
 }
 
-struct drgn_error *
-vmcoreinfo_object_find(const char *name, size_t name_len, const char *filename,
-		       enum drgn_find_object_flags flags, void *arg,
-		       struct drgn_object *ret)
+struct drgn_error *linux_kernel_object_find(const char *name, size_t name_len,
+					    const char *filename,
+					    enum drgn_find_object_flags flags,
+					    void *arg, struct drgn_object *ret)
 {
 	struct drgn_error *err;
 	struct drgn_program *prog = arg;
 
 	if (!filename && (flags & DRGN_FIND_OBJECT_CONSTANT)) {
 		struct drgn_qualified_type qualified_type = {};
 
-		if (name_len == strlen("PAGE_SHIFT") &&
-		    memcmp(name, "PAGE_SHIFT", name_len) == 0) {
+		if (name_len == strlen("PAGE_OFFSET") &&
+		    memcmp(name, "PAGE_OFFSET", name_len) == 0) {
+			if (!prog->page_offset) {
+				if (!prog->has_platform ||
+				    !prog->platform.arch->linux_kernel_get_page_offset)
+					return &drgn_not_found;
+				err = prog->platform.arch->linux_kernel_get_page_offset(prog,
+											&prog->page_offset);
+				if (err) {
+					prog->page_offset = 0;
+					return err;
+				}
+			}
+
+			err = drgn_type_index_find_primitive(&prog->tindex,
+							     DRGN_C_TYPE_UNSIGNED_LONG,
+							     &qualified_type.type);
+			if (err)
+				return err;
+			return drgn_object_set_unsigned(ret, qualified_type,
+							prog->page_offset, 0);
+		} else if (name_len == strlen("PAGE_SHIFT") &&
+			   memcmp(name, "PAGE_SHIFT", name_len) == 0) {
 			err = drgn_type_index_find_primitive(&prog->tindex,
 							     DRGN_C_TYPE_INT,
 							     &qualified_type.type);

libdrgn/linux_kernel.h

@@ -19,10 +19,10 @@ struct drgn_error *read_vmcoreinfo_fallback(struct drgn_memory_reader *reader,
 					    bool have_non_zero_phys_addr,
 					    struct vmcoreinfo *ret);
 
-struct drgn_error *
-vmcoreinfo_object_find(const char *name, size_t name_len, const char *filename,
-		       enum drgn_find_object_flags flags, void *arg,
-		       struct drgn_object *ret);
+struct drgn_error *linux_kernel_object_find(const char *name, size_t name_len,
+					    const char *filename,
+					    enum drgn_find_object_flags flags,
+					    void *arg, struct drgn_object *ret);
 
 struct drgn_error *
 linux_kernel_report_debug_info(struct drgn_program *prog,

libdrgn/platform.h

@@ -35,6 +35,8 @@ struct drgn_architecture_info {
 	size_t num_frame_registers;
 	struct drgn_error *(*linux_kernel_set_initial_registers)(Dwfl_Thread *,
 								 const struct drgn_object *);
+	struct drgn_error *(*linux_kernel_get_page_offset)(struct drgn_program *,
+							   uint64_t *);
 };
 
 static inline const struct drgn_register *

libdrgn/program.c

@@ -412,7 +412,7 @@ drgn_program_set_core_dump(struct drgn_program *prog, const char *path)
 	}
 	if (prog->flags & DRGN_PROGRAM_IS_LINUX_KERNEL) {
 		err = drgn_program_add_object_finder(prog,
-						     vmcoreinfo_object_find,
+						     linux_kernel_object_find,
 						     prog);
 		if (err)
 			goto out_segments;

libdrgn/program.h

@@ -69,6 +69,8 @@ struct drgn_program {
 	 * Valid iff <tt>flags & DRGN_PROGRAM_IS_LINUX_KERNEL</tt>.
 	 */
 	struct vmcoreinfo vmcoreinfo;
+	/* Cached PAGE_OFFSET. */
+	uint64_t page_offset;
 #ifdef WITH_LIBKDUMPFILE
 	kdump_ctx_t *kdump_ctx;
 #endif