[patch] crash: Show warning message if specified dumpfile has its kernel data scrubbed out.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The new version of makedumpfile 1.4.0 allows user to filter out kernel data
(e.g. security keys, confidential/secret information etc.) from the vmcore.
The data to be filtered out is poisoned with character 'X' (0x58 in Hex).
The filtered ELF kdump now carries a new ELF note section "ERASEINFO" that
contains eraseinfo data. The filtered compressed kdump now contains new
members (offset_eraseinfo, size_eraseinfo) int the sub header with new header
version 5.

With the above change in place, there may be instances where the filtered
dumpfile may not be readable OR may not be helpful in analyzing the problem
using crash tool. Most of the time crash tool will be able to read/analyze
the dump unless someone scrubs out the data on which crash utility is
dependent on. Hence, This patch adds support into crash utility to detect the
above changes and show early warning message to the user about the fact that
he is dealing with filtered dumpfile.

This patch adds support for "help -n" output to display the filter data
strings that are appended to the dumpfile or stored in an ELF note.

Signed-off-by: Mahesh Salgaonkar <mahesh@xxxxxxxxxxxxxxxxxx>
---
 defs.h     |    1 +
 diskdump.c |   60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 diskdump.h |    2 ++
 main.c     |    5 +++++
 netdump.c  |   22 ++++++++++++++++------
 5 files changed, 84 insertions(+), 6 deletions(-)

Index: crash-5.1.7/defs.h
===================================================================
--- crash-5.1.7.orig/defs.h
+++ crash-5.1.7/defs.h
@@ -431,6 +431,7 @@ struct program_context {
 #define FLAT          (0x1ULL)
 #define ELF_NOTES     (0x2ULL)
 #define GET_OSRELEASE (0x4ULL)
+#define ERASEINFO_DATA (0x8ULL)
 #define FLAT_FORMAT() (pc->flags2 & FLAT)
 #define ELF_NOTES_VALID() (pc->flags2 & ELF_NOTES)
 	char *cleanup;
Index: crash-5.1.7/main.c
===================================================================
--- crash-5.1.7.orig/main.c
+++ crash-5.1.7/main.c
@@ -603,6 +603,11 @@ main(int argc, char **argv)
 void
 main_loop(void)
 {
+	if (pc->flags2 & ERASEINFO_DATA)
+		error(WARNING, "\nFile %s may not be readable/analyzable. Some"
+			" of the kernel data from the dump has been scrubbed"
+			" out\n", pc->dumpfile);
+
         if (!(pc->flags & GDB_INIT)) {
 		gdb_session_init();
 		show_untrusted_files();
Index: crash-5.1.7/netdump.c
===================================================================
--- crash-5.1.7.orig/netdump.c
+++ crash-5.1.7/netdump.c
@@ -1636,13 +1636,13 @@ dump_Elf32_Nhdr(Elf32_Off offset, int st
 	char buf[BUFSIZE];
 	char *ptr;
 	ulong *uptr;
-	int xen_core, vmcoreinfo;
+	int xen_core, vmcoreinfo, eraseinfo;
 	uint64_t remaining, notesize;
 
 	note = (Elf32_Nhdr *)((char *)nd->elf32 + offset);
 
         BZERO(buf, BUFSIZE);
-	xen_core = vmcoreinfo = FALSE;
+	xen_core = vmcoreinfo = eraseinfo = FALSE;
         ptr = (char *)note + sizeof(Elf32_Nhdr);
 
 	if (ptr > (nd->elf_header + nd->header_size)) {
@@ -1730,6 +1730,7 @@ dump_Elf32_Nhdr(Elf32_Off offset, int st
 	default:
 		xen_core = STRNEQ(buf, "XEN CORE") || STRNEQ(buf, "Xen");
 		vmcoreinfo = STRNEQ(buf, "VMCOREINFO");
+		eraseinfo = STRNEQ(buf, "ERASEINFO");
 		if (xen_core) {
 			netdump_print("(unknown Xen n_type)\n"); 
 			if (store)
@@ -1739,6 +1740,10 @@ dump_Elf32_Nhdr(Elf32_Off offset, int st
 			netdump_print("(unused)\n");
 			nd->vmcoreinfo = (char *)(ptr + note->n_namesz + 1);
 			nd->size_vmcoreinfo = note->n_descsz;
+		} else if (eraseinfo) {
+			netdump_print("(unused)\n");
+			if (note->n_descsz)
+				pc->flags2 |= ERASEINFO_DATA;
 		} else
 			netdump_print("(?)\n");
 		break;
@@ -1813,7 +1818,7 @@ dump_Elf32_Nhdr(Elf32_Off offset, int st
 	if (xen_core)
 		uptr = (ulong *)roundup((ulong)uptr, 4);
 
-	if (vmcoreinfo) {
+	if (vmcoreinfo || eraseinfo) {
                 netdump_print("                         ");
                 ptr += note->n_namesz + 1;
                 for (i = 0; i < note->n_descsz; i++, ptr++) {
@@ -1856,14 +1861,14 @@ dump_Elf64_Nhdr(Elf64_Off offset, int st
 	ulonglong *uptr;
 	int *iptr;
 	ulong *up;
-	int xen_core, vmcoreinfo;
+	int xen_core, vmcoreinfo, eraseinfo;
 	uint64_t remaining, notesize;
 
 	note = (Elf64_Nhdr *)((char *)nd->elf64 + offset);
 
         BZERO(buf, BUFSIZE);
         ptr = (char *)note + sizeof(Elf64_Nhdr);
-	xen_core = vmcoreinfo = FALSE;
+	xen_core = vmcoreinfo = eraseinfo = FALSE;
 
 	if (ptr > (nd->elf_header + nd->header_size)) {
 		error(WARNING, 
@@ -1981,6 +1986,7 @@ dump_Elf64_Nhdr(Elf64_Off offset, int st
 	default:
 		xen_core = STRNEQ(buf, "XEN CORE") || STRNEQ(buf, "Xen");
 		vmcoreinfo = STRNEQ(buf, "VMCOREINFO");
+		eraseinfo = STRNEQ(buf, "ERASEINFO");
                 if (xen_core) {
                         netdump_print("(unknown Xen n_type)\n");
 			if (store)
@@ -1997,6 +2003,10 @@ dump_Elf64_Nhdr(Elf64_Off offset, int st
 			if (READ_PAGESIZE_FROM_VMCOREINFO() && store)
 				nd->page_size = (uint)
 					vmcoreinfo_read_integer("PAGESIZE", 0);
+		} else if (eraseinfo) {
+			netdump_print("(unused)\n");
+			if (note->n_descsz)
+				pc->flags2 |= ERASEINFO_DATA;
                 } else
                         netdump_print("(?)\n");
                 break;
@@ -2090,7 +2100,7 @@ dump_Elf64_Nhdr(Elf64_Off offset, int st
 				lf = 0;
 			netdump_print("%08lx ", *iptr++);
 		}
-	} else if (vmcoreinfo) {
+	} else if (vmcoreinfo || eraseinfo) {
 		netdump_print("                         ");
 		ptr += note->n_namesz + 1;
 		for (i = 0; i < note->n_descsz; i++, ptr++) {
Index: crash-5.1.7/diskdump.c
===================================================================
--- crash-5.1.7.orig/diskdump.c
+++ crash-5.1.7/diskdump.c
@@ -516,6 +516,12 @@ restart:
 		machdep->process_elf_notes(dd->notes_buf, size);
 	}
 
+	/* Check if dump file contains erasesinfo data */
+	if (KDUMP_CMPRS_VALID() && (dd->header->header_version >= 5) &&
+		(sub_header_kdump->offset_eraseinfo) &&
+		(sub_header_kdump->size_eraseinfo))
+		pc->flags2 |= ERASEINFO_DATA;
+
 	/* For split dumpfile */
 	if (KDUMP_CMPRS_VALID()) {
 		is_split = ((dd->header->header_version >= 2) &&
@@ -1016,6 +1022,50 @@ err:
 }
 
 static void 
+dump_eraseinfo(FILE *fp)
+{
+	char *buf = NULL;
+	unsigned long i = 0;
+	unsigned long size_eraseinfo = dd->sub_header_kdump->size_eraseinfo;
+	off_t offset = dd->sub_header_kdump->offset_eraseinfo;
+	const off_t failed = (off_t)-1;
+
+	if ((buf = malloc(size_eraseinfo)) == NULL) {
+		error(FATAL, "compressed kdump: cannot malloc eraseinfo"
+				" buffer\n");
+	}
+
+	if (FLAT_FORMAT()) {
+		if (!read_flattened_format(dd->dfd, offset, buf, size_eraseinfo)) {
+			error(INFO, "compressed kdump: cannot read eraseinfo data\n");
+			goto err;
+		}
+	} else {
+		if (lseek(dd->dfd, offset, SEEK_SET) == failed) {
+			error(INFO, "compressed kdump: cannot lseek dump eraseinfo\n");
+			goto err;
+		}
+		if (read(dd->dfd, buf, size_eraseinfo) < size_eraseinfo) {
+			error(INFO, "compressed kdump: cannot read eraseinfo data\n");
+			goto err;
+		}
+	}
+
+	fprintf(fp, "                      ");
+	for (i = 0; i < size_eraseinfo; i++) {
+		fprintf(fp, "%c", buf[i]);
+		if (buf[i] == '\n')
+			fprintf(fp, "                      ");
+	}
+	if (buf[i - 1] != '\n')
+		fprintf(fp, "\n");
+err:
+	if (buf)
+		free(buf);
+	return;
+}
+
+static void
 dump_nt_prstatus_offset(FILE *fp)
 {
 	struct kdump_sub_header *sub_header_kdump = dd->sub_header_kdump;
@@ -1260,6 +1310,16 @@ __diskdump_memory_dump(FILE *fp)
 			}
 			dump_nt_prstatus_offset(fp);
 		}
+		if (dh->header_version >= 5) {
+			fprintf(fp, "    offset_eraseinfo: %lx\n",
+				(ulong)dd->sub_header_kdump->offset_eraseinfo);
+			fprintf(fp, "      size_eraseinfo: %lu\n",
+				dd->sub_header_kdump->size_eraseinfo);
+			if (dd->sub_header_kdump->offset_eraseinfo &&
+				dd->sub_header_kdump->size_eraseinfo) {
+				dump_eraseinfo(fp);
+			}
+		}
 		fprintf(fp, "\n");
 	} else
         	fprintf(fp, "(n/a)\n\n");
Index: crash-5.1.7/diskdump.h
===================================================================
--- crash-5.1.7.orig/diskdump.h
+++ crash-5.1.7/diskdump.h
@@ -67,6 +67,8 @@ struct kdump_sub_header {
 	unsigned long	size_vmcoreinfo;    /* header_version 3 and later */
 	off_t		offset_note;        /* header_version 4 and later */
 	unsigned long	size_note;          /* header_version 4 and later */
+	off_t		offset_eraseinfo;   /* header_version 5 and later */
+	unsigned long	size_eraseinfo;     /* header_version 5 and later */
 };
 
 /* page flags */

--
Crash-utility mailing list
Crash-utility@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/crash-utility


[Index of Archives]     [Fedora Development]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]

 

Powered by Linux