Hi Mahesh, On Mon, 14 Mar 2011 11:48:19 +0530 Mahesh Jagannath Salgaonkar <mahesh at linux.vnet.ibm.com> wrote: > > > > > > ----- Original Message ----- > >> Hi All, > >> > >> Please find the makedumpfile enhancement patchset that introduces a data > >> filtering feature which enables makedumpfile to filter out desired kernel > >> symbol data and it's members from the specified VMCORE file. The data to be > >> filtered out is poisoned with character 'X' (58 in Hex). > >> > >> This feature will be very useful for the customers who wants to erase the > >> customer sensitive data like security keys and other confidential data, in > >> DUMPFILE before sending it to support team for analysis. > >> > >> This feature introduces a filter config file where, using filter commands, > >> user can specify desired kernel data symbols and it's members that need to be > >> filtered out while creating o/p DUMPFILE. The Syntax for filter commands are > >> provided in the filter.conf(8) man page. > >> > >> The first 4 patches prepares the base work for filtering framework. The last 2 > >> patches implements the generic filtering framework to erase desired kernel > >> data. > >> > >> I have tested these patches on x86_64 and s390x architecture against RHEL6 GA > >> kernel. The feature supports filtering data from ELF as well as kdump-compressed > >> formatted dump. > >> > >> Please review the patchset and let me know your comments. > >> > >> Thanks, > >> -Mahesh. > > > > Hi Mahesh, > > > > Is there any notation in the filtered ELF kdump or compressed kdump file > > that filtering has been done? Given that there may be potential ramifications > > in crash utility behavior (or outright failure?), the crash utility should > > display a warning message early on during invocation. > > Hmm... I did not think about it. I am thinking of following approach: > > - Set a bit in dump_level (DL_FILTER_KERNEL_DATA => 0x800) that will > denote that filtering has been done. > - For compressed kdump file we anyway have dump_level available in kdump > sub header > - For ELF kdump, currently we do not have any way to convey dump_level > info to crash utility (Ken'chi, correct me if I am wrong). How about > introducing an additional ELF note (NT_DUMP_LEVEL) that will include > dump_level info. On your above approach, a member of support team for analysis cannot know what symbols are erased. And he/she will not believe the received dumpfile from a customer site. I have one question, do you think it is better not to inform support team of the erased symbols ? Is also the list of the erased symbols secret ? Thanks Ken'ichi Ohmichi
