[Crash-utility] [PATCH 0/3] Fix KASLR problem on virsh dump and sadump

Takao Indoh indou.takao at jp.fujitsu.com
Wed Oct 11 01:54:33 UTC 2017 

Hi Dave,

On 2017/10/10 22:50, Dave Anderson wrote:
> 
> 
> ----- Original Message -----
>>
>>
>> ----- Original Message -----
>>> Hi Dave, Hatayama-san,
>>>
>>> These patch series fix a problem that crash cannot open a dumpfile which is
>>> captured by "virsh dump --memory-only" or sadump on KASLR enabled kernel.
>>>
>>> When KASLR feature is enabled, a kernel is placed on the memory randomly and
>>> therefore crash cannot open a dumpfile because addresses of kernel symbols in
>>> vmlinux are different from actual addresses. In the case of kdump, information
>>> to get actual address is included in the vmcoreinfo, but dumpfile of virsh dump
>>> or sadump does not have such a information.
>>
>> Hello Takao,
>>
>> Are you aware that the upstream maintainers of virsh are currently addressing the
>> issue by gathering and including phys_base in the ELF header and in the makedumpfile
>> kdump_sub_header?  I haven't looked at this patch as of yet, but I worry whether
>> this will somehow interfere with virsh dump when it is released?
> 
> The "virsh dump --memory-only" facility will copy all of the VMCOREINFO ELF note from
> kernel memory into the dumpfile, which since 4.10 includes the *value* of phys_base.

Thanks for the information. I checked patches of qemu:
http://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg02657.html
Once these patches are merged, a part of my patches is not needed.
I'll update my patches and re-post only sadump part.

Thanks,
Takao Indoh


> 
> Dave
> 
>   
>>
>> I don't know why sadump was never able to store phys_base.   But I will
>> defer to Daisuke as to the sadump changes.
>>
>> Dave
>>
>>
>>
>>>
>>> These patches calculate kaslr offset and phys_base to solve this problem.
>>> The
>>> basic idea is getting register (IDTR and CR3) from dump header, and
>>> calculate
>>> kaslr_offset/phys_base using them.
>>>
>>> Takao Indoh (3):
>>>    Introduce x86_64_kvtop_pagetable
>>>    Fix a KASLR problem of virsh dump
>>>    Fix a KASLR problem of sadump
>>>
>>>   defs.h    |  11 ++
>>>   netdump.c | 505
>>>   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>>   netdump.h |   1 +
>>>   sadump.c  |  60 +++++++-
>>>   sadump.h  |   4 +
>>>   symbols.c |  38 +++++
>>>   x86_64.c  |  35 ++++-
>>>   7 files changed, 652 insertions(+), 2 deletions(-)
>>>
>>> --
>>> 2.9.5
>>>
>>>
>>> --
>>> Crash-utility mailing list
>>> Crash-utility at redhat.com
>>> https://www.redhat.com/mailman/listinfo/crash-utility
>>>
>>
>> --
>> Crash-utility mailing list
>> Crash-utility at redhat.com
>> https://www.redhat.com/mailman/listinfo/crash-utility
>>
> 
> --
> Crash-utility mailing list
> Crash-utility at redhat.com
> https://www.redhat.com/mailman/listinfo/crash-utility
>

More information about the Crash-utility mailing list