[Crash-utility] [PATCH 0/2] Generalize KASLR calculation and use it for KDUMPs

Dave Anderson anderson at redhat.com
Thu Mar 15 14:41:56 UTC 2018 


----- Original Message -----
> 
> Hi Sergio,
> 
> I have one obvious question.  Throughout the patch-set you are using
> KDUMP_DUMPFILE() as a qualifier, which is restricted to ELF vmcores
> only.  While the use of ELF vmcores is an option, it's far more likely
> that the output format of "virsh dump --memory-only" will utilize one
> of the compressed kdump formats, using zlib, lzo or snappy.
> 
> Dave

And aside from support for compressed kdumps, i.e., DISKDUMP_DUMPFILE(),
when I requested segregation of this QEMU-dumps-with-no-VMCOREINFO code,
here's what I meant.

Instead of using KDUMP_DUMPFILE() and/or DISKDUMP_DUMPFILE() as top-level
qualifiers for this patchset, the qualifier should restrict it to only 
virsh dump generated dumpfiles that do not have VMCOREINFO notes.  Note
that these pc->flags2 bits already exist:

 QEMU_MEM_DUMP_ELF
 QEMU_MEM_DUMP_COMPRESSED
 VMCOREINFO

For this patchset, I suggest creating a new QEMU_MEM_DUMP_NO_VMCOREINFO()
macro that looks something like:

  #define QEM_MEM_DUMP_NO_VMCOREINFO() \
      ((pc->flags2 & (QEMU_MEM_DUMP_ELF|QEMU_MEM_DUMP_COMPRESSED)) && !(pc->flags2 & VMCOREINFO))

Then after any "if (QEM_MEM_DUMP_NO_VMCOREINFO()" qualifier applies, you
can use KDUMP_DUMPFILE() or DISKDUMP_DUMPFILE() within that code section to
branch appropriately.

Dave






 
> 
> 
> ----- Original Message -----
> > Commit 45b74b89530d611b3fa95a1041e158fbb865fa84 added support for
> > calculating phys_base and kernel offset for KASLR-enabled kernels on
> > SADUMPs by using a technique developed by Takao Indoh. Originally, the
> > patchset included support for KDUMPs, but this was dropped in v2, as it
> > was deemed unnecessary due to the implementation of the vmcoreinfo
> > device in QEMU.
> > 
> > Sadly, there are many reasons for which the vmcoreinfo device may not be
> > present in the moment of taking the memory dump from a VM, ranging from
> > a Host running older QEMU/libvirt versions, to misconfigured VMs or
> > environments running Hypervisors that doesn't support this device.
> > 
> > This patchset generalizes the kaslr related functions from sadump.c
> > moving them to kaslr_helper.c, and makes KDUMP analysis fallback to
> > KASLR offset calculation if vmcoreinfo data is missing.
> > 
> > These changes have been successfully tested with a 3.10.0-830.el7.x86_64
> > under the following conditions:
> > 
> >  - kdump with KASLR and vmcoreinfo
> > 
> >  - kdump with KASLR but no vmcoreinfo
> > 
> >  - kdump without KASLR ("nokaslr" kernel command line option)
> > 
> > It was also tested that a "crash" patched with these changes still
> > builds and runs (live and kdump debugging) on an aarch64 machine.
> > 
> > Sergio Lopez (2):
> >   Move kaslr related functions from sadump.c to kaslr_helper.c
> >   kdump: if vmcoreinfo is missing, try to infer kaslr offset
> > 
> >  Makefile       |   7 +-
> >  defs.h         |  15 ++
> >  kaslr_helper.c | 466
> >  ++++++++++++++++++++++++++++++++++++++++++++++++++++++
> >  netdump.c      |  73 +++++++++
> >  netdump.h      |   1 +
> >  sadump.c       | 487
> >  +++++----------------------------------------------------
> >  symbols.c      |  29 ++--
> >  x86_64.c       |  14 +-
> >  8 files changed, 629 insertions(+), 463 deletions(-)
> >  create mode 100644 kaslr_helper.c
> > 
> > --
> > 2.14.3
> > 
> > 
>

More information about the Crash-utility mailing list