Re: [PATCH] pstore/ftrace: Factor KASLR offset in the core kernel instruction addresses

From: Steven Rostedt

Date: Fri Mar 13 2026 - 16:31:07 EST

On Fri, 13 Mar 2026 17:00:22 -0300
"Guilherme G. Piccoli" <gpiccoli@xxxxxxxxxx> wrote:

> Hi folks, first of all thanks in advance for reviews and comments!
>
> I was testing a pstore/ftrace patch the other day and noticed
> the lack of the KASLR support. But to my surprise, it was not
> as easy to fix up as I expected heh
>
> Main reason is the obvious thing with modules: the way to
> go, I think, is to somehow save the module name (or some other
> id?) and the instruction offset inside such module, to then
> resolve that in next boot, when printing. But that would require
> more intrusive changes in the way pstore/ftrace saves the IP
> (which is quite simple now), leading to some potentially
> meaningful perf overhead.
>
> Hence, I've decided to just mess with core kernel addresses
> so far, lemme know WDYT - should I somehow pursue fixing
> modules addr resolution as well? Or doesn't worth the changes?
> Any ideas on how to approach that? I noticed that currently,
> modules' symbols are sometimes resolved fine, sometimes they're
> bogus but point to the module at least (not some other random
> code), but eventually they are just nonsense addresses.
>
> Regarding the choice of using the MSB to store if an addr is core
> kernel or module, well this was also a choice taking into account
> simplicity and performance, lemme know please if it's no good and
> any suggestions on how to better do it, I can easily re-implement!
> Thanks again,

You can look at what ftrace does with the persistent ring buffer. It adds
the offset data to a "scratch pad" that is saved in the persistent memory.

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/kernel/trace/trace.c#n5352

If you know your memory isn't reset over reboots, you can create a
"persistent ring buffer" via the kernel command line:

reserve_mem=20M:2M:trace trace_instance=boot_map@trace

Read more about it here: https://docs.kernel.org/trace/debugging.html

Then on reboot, the persistent ring buffer lives here:

/sys/kernel/tracing/instances/boot_map/

You can enable tracing just like any other instance:

# echo 1 > /sys/kernel/tracing/instances/boot_map/tracing_on
# echo function_graph > /sys/kernel/tracing/instances/boot_map/current_tracer
# cat /sys/kernel/tracing/instances/boot_map/trace

Then reboot, if the memory wasn't corrupted or reset, the instance will
have everything from the last boot, right to where it rebooted the machine.

There's a file that shows the indexes of the kernel from the previous boot:

# cat /sys/kernel/tracing/instances/boot_map/last_boot_info
ffffffffa6000000 [kernel]
ffffffffc0400000 drm
ffffffffc0444000 wmi
ffffffffc0446000 soundcore
ffffffffc0447000 tpm_infineon
ffffffffc0449000 lpc_ich
ffffffffc044a000 serio_raw
ffffffffc044b000 i2c_smbus
ffffffffc044c000 i2c_i801
ffffffffc044f000 snd_seq_device
ffffffffc0450000 e1000e
ffffffffc047a000 intel_cstate
ffffffffc047b000 video
ffffffffc047f000 drm_kms_helper
ffffffffc0493000 snd
ffffffffc04a0000 intel_uncore
ffffffffc04ad000 mei
ffffffffc04bf000 snd_timer
ffffffffc04c4000 snd_pcm
ffffffffc04d7000 snd_seq
ffffffffc04e2000 drm_display_helper
ffffffffc04f6000 iTCO_vendor_support
ffffffffc04f7000 mei_wdt
ffffffffc04f8000 iTCO_wdt
ffffffffc04f9000 mei_me
ffffffffc04fe000 wmi_bmof
ffffffffc04ff000 ttm
ffffffffc050a000 rapl
ffffffffc050b000 drm_buddy
ffffffffc050e000 snd_hda_core
ffffffffc0518000 ghash_clmulni_intel
ffffffffc0519000 i2c_algo_bit
ffffffffc051b000 snd_hwdep
ffffffffc051d000 irqbypass
ffffffffc051e000 drm_client_lib
ffffffffc051f000 snd_hda_codec
ffffffffc0531000 snd_intel_dspcfg
ffffffffc0532000 kvm
ffffffffc05ab000 snd_hda_intel
ffffffffc05af000 kvm_intel
ffffffffc05d5000 intel_powerclamp
ffffffffc05d6000 coretemp
ffffffffc05d7000 snd_hda_codec_generic
ffffffffc05e4000 snd_hda_scodec_component
ffffffffc05e5000 snd_hda_codec_realtek_lib
ffffffffc05ea000 snd_hda_codec_alc269
ffffffffc05f2000 snd_hda_codec_hdmi
ffffffffc05f7000 x86_pkg_temp_thermal
ffffffffc05f8000 intel_rapl_common
ffffffffc05fc000 intel_rapl_msr
ffffffffc05fd000 snd_hda_codec_intelhdmi
ffffffffc05ff000 llc
ffffffffc0a00000 i915
ffffffffc0c10000 rfkill
ffffffffc0c13000 vmw_vmci
ffffffffc0c1d000 vsock
ffffffffc0c23000 stp
ffffffffc0c24000 bridge

That has where the _text address was for the main kernel, and also where
every module was loaded.

If you enable tracing, that file will just show:

# echo 1 > /sys/kernel/tracing/boot_map/events/sched/sched_switch/enable
# cat /sys/kernel/tracing/instances/boot_map/last_boot_info
# Current

As it will not show the current mappings. Only the mappings of a previous
boot.

-- Steve