[Crash-utility] [PATCH 0/3] Fix KASLR problem on virsh dump and sadump
Dave Anderson
anderson at redhat.com
Tue Oct 10 13:34:14 UTC 2017
----- Original Message -----
> Hi Dave, Hatayama-san,
>
> These patch series fix a problem that crash cannot open a dumpfile which is
> captured by "virsh dump --memory-only" or sadump on KASLR enabled kernel.
>
> When KASLR feature is enabled, a kernel is placed on the memory randomly and
> therefore crash cannot open a dumpfile because addresses of kernel symbols in
> vmlinux are different from actual addresses. In the case of kdump, information
> to get actual address is included in the vmcoreinfo, but dumpfile of virsh dump
> or sadump does not have such a information.
Hello Takao,
Are you aware that the upstream maintainers of virsh are currently addressing the
issue by gathering and including phys_base in the ELF header and in the makedumpfile
kdump_sub_header? I haven't looked at this patch as of yet, but I worry whether
this will somehow interfere with virsh dump when it is released?
I don't know why sadump was never able to store phys_base. But I will
defer to Daisuke as to the sadump changes.
Dave
>
> These patches calculate kaslr offset and phys_base to solve this problem. The
> basic idea is getting register (IDTR and CR3) from dump header, and calculate
> kaslr_offset/phys_base using them.
>
> Takao Indoh (3):
> Introduce x86_64_kvtop_pagetable
> Fix a KASLR problem of virsh dump
> Fix a KASLR problem of sadump
>
> defs.h | 11 ++
> netdump.c | 505
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> netdump.h | 1 +
> sadump.c | 60 +++++++-
> sadump.h | 4 +
> symbols.c | 38 +++++
> x86_64.c | 35 ++++-
> 7 files changed, 652 insertions(+), 2 deletions(-)
>
> --
> 2.9.5
>
>
> --
> Crash-utility mailing list
> Crash-utility at redhat.com
> https://www.redhat.com/mailman/listinfo/crash-utility
>
More information about the Crash-utility
mailing list