[Crash-utility] [PATCH 0/3] Fix KASLR problem on virsh dump and sadump

Dave Anderson anderson at redhat.com
Tue Oct 10 13:50:51 UTC 2017 


----- Original Message -----
> 
> 
> ----- Original Message -----
> > Hi Dave, Hatayama-san,
> > 
> > These patch series fix a problem that crash cannot open a dumpfile which is
> > captured by "virsh dump --memory-only" or sadump on KASLR enabled kernel.
> > 
> > When KASLR feature is enabled, a kernel is placed on the memory randomly and
> > therefore crash cannot open a dumpfile because addresses of kernel symbols in
> > vmlinux are different from actual addresses. In the case of kdump, information
> > to get actual address is included in the vmcoreinfo, but dumpfile of virsh dump
> > or sadump does not have such a information.
> 
> Hello Takao,
> 
> Are you aware that the upstream maintainers of virsh are currently addressing the
> issue by gathering and including phys_base in the ELF header and in the makedumpfile
> kdump_sub_header?  I haven't looked at this patch as of yet, but I worry whether
> this will somehow interfere with virsh dump when it is released?

The "virsh dump --memory-only" facility will copy all of the VMCOREINFO ELF note from
kernel memory into the dumpfile, which since 4.10 includes the *value* of phys_base.

Dave

 
> 
> I don't know why sadump was never able to store phys_base.   But I will
> defer to Daisuke as to the sadump changes.
> 
> Dave
> 
> 
> 
> > 
> > These patches calculate kaslr offset and phys_base to solve this problem.
> > The
> > basic idea is getting register (IDTR and CR3) from dump header, and
> > calculate
> > kaslr_offset/phys_base using them.
> > 
> > Takao Indoh (3):
> >   Introduce x86_64_kvtop_pagetable
> >   Fix a KASLR problem of virsh dump
> >   Fix a KASLR problem of sadump
> > 
> >  defs.h    |  11 ++
> >  netdump.c | 505
> >  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> >  netdump.h |   1 +
> >  sadump.c  |  60 +++++++-
> >  sadump.h  |   4 +
> >  symbols.c |  38 +++++
> >  x86_64.c  |  35 ++++-
> >  7 files changed, 652 insertions(+), 2 deletions(-)
> > 
> > --
> > 2.9.5
> > 
> > 
> > --
> > Crash-utility mailing list
> > Crash-utility at redhat.com
> > https://www.redhat.com/mailman/listinfo/crash-utility
> > 
> 
> --
> Crash-utility mailing list
> Crash-utility at redhat.com
> https://www.redhat.com/mailman/listinfo/crash-utility
>

More information about the Crash-utility mailing list