Re: [PATCH 0/3] Fix KASLR problem on virsh dump and sadump

[Takao Indoh <indou.takao@xxxxxxxxxxxxxx>]

Hi Dave,

On 2017/10/10 22:50, Dave Anderson wrote:
> ----- Original Message -----
> > ----- Original Message -----
> > > Hi Dave, Hatayama-san,
> > >
> > > These patch series fix a problem that crash cannot open a dumpfile which is
> > > captured by "virsh dump --memory-only" or sadump on KASLR enabled kernel.
> > >
> > > When KASLR feature is enabled, a kernel is placed on the memory randomly and
> > > therefore crash cannot open a dumpfile because addresses of kernel symbols in
> > > vmlinux are different from actual addresses. In the case of kdump, information
> > > to get actual address is included in the vmcoreinfo, but dumpfile of virsh dump
> > > or sadump does not have such a information.
> >
> > Hello Takao,
> >
> > Are you aware that the upstream maintainers of virsh are currently addressing the
> > issue by gathering and including phys_base in the ELF header and in the makedumpfile
> > kdump_sub_header?  I haven't looked at this patch as of yet, but I worry whether
> > this will somehow interfere with virsh dump when it is released?
>
> The "virsh dump --memory-only" facility will copy all of the VMCOREINFO ELF note from
> kernel memory into the dumpfile, which since 4.10 includes the *value* of phys_base.

Thanks for the information. I checked patches of qemu:
http://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg02657.html
Once these patches are merged, a part of my patches is not needed.
I'll update my patches and re-post only sadump part.

Thanks,
Takao Indoh


> Dave
>
>   
> > I don't know why sadump was never able to store phys_base.   But I will
> > defer to Daisuke as to the sadump changes.
> >
> > Dave
> >
> >
> >
> > > These patches calculate kaslr offset and phys_base to solve this problem.
> > > The
> > > basic idea is getting register (IDTR and CR3) from dump header, and
> > > calculate
> > > kaslr_offset/phys_base using them.
> > >
> > > Takao Indoh (3):
> > >    Introduce x86_64_kvtop_pagetable
> > >    Fix a KASLR problem of virsh dump
> > >    Fix a KASLR problem of sadump
> > >
> > >   defs.h    |  11 ++
> > >   netdump.c | 505
> > >   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> > >   netdump.h |   1 +
> > >   sadump.c  |  60 +++++++-
> > >   sadump.h  |   4 +
> > >   symbols.c |  38 +++++
> > >   x86_64.c  |  35 ++++-
> > >   7 files changed, 652 insertions(+), 2 deletions(-)
> > >
> > > --
> > > 2.9.5
> > >
> > >
> > > --
> > > Crash-utility mailing list
> > > Crash-utility@xxxxxxxxxx
> > > https://www.redhat.com/mailman/listinfo/crash-utility
> >
> > --
> > Crash-utility mailing list
> > Crash-utility@xxxxxxxxxx
> > https://www.redhat.com/mailman/listinfo/crash-utility
>
> --
> Crash-utility mailing list
> Crash-utility@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/crash-utility


--
Crash-utility mailing list
Crash-utility@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/crash-utility