[Crash-utility] [PATCH] Fix live debugging with lockdown=integrity
lijiang
lijiang at redhat.com
Fri Nov 12 07:23:18 UTC 2021
On Wed, Nov 10, 2021 at 5:53 PM Philipp Rudo <prudo at redhat.com> wrote:
> Hi Lianbo,
>
> On Wed, 10 Nov 2021 14:07:50 +0800
> lijiang <lijiang at redhat.com> wrote:
>
> > Hi, Philipp
> > Thank you for the fix.
> >
> > Date: Tue, 9 Nov 2021 14:52:22 +0100
> > > From: Philipp Rudo <prudo at redhat.com>
> > > To: crash-utility at redhat.com
> > > Subject: [Crash-utility] [PATCH] Fix live debugging with
> > > lockdown=integrity
> > > Message-ID: <20211109135222.51636-1-prudo at redhat.com>
> > >
> > > With kernel lockdown the access to kernel interfaces that allow to
> > > extract confidential information (lockdown=confidentiality) or modify a
> > > running kernel (lockdown=integrity) can be restricted. Two of the
> > > interfaces that can be restricted are /dev/mem (integrity &
> > > confidentiality) and /proc/kcore (confidentiality). With
> > > lockdown=integrity this leads to a situation where /dev/mem exists but
> > > is not readable while /proc/kcore exists and is readable. This breaks
> > > crash's live debugging when it is invoked without argument, i.e.
> > >
> > > $ crash
> > > [...]
> > > crash: /dev/mem: Operation not permitted
> > >
> > > while passing /proc/kcore as image succeeds. The reason for this is
> that
> > > crash always picks /dev/mem as source when it exits but doesn't check
> if
> > > it is readable. Fix this by only selecting /dev/mem when it is
> readable.
> > >
> > > Signed-off-by: Philipp Rudo <prudo at redhat.com>
> > > ---
> > > filesys.c | 2 +-
> > > main.c | 2 +-
> > > 2 files changed, 2 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/filesys.c b/filesys.c
> > > index 3361b6c..43cbe82 100644
> > > --- a/filesys.c
> > > +++ b/filesys.c
> > > @@ -3666,7 +3666,7 @@ get_live_memory_source(void)
> > > if (pc->live_memsrc)
> > > goto live_report;
> > >
> > > - if (file_exists("/dev/mem", NULL))
> > > + if (file_readable("/dev/mem"))
> > > pc->live_memsrc = "/dev/mem";
> > > else if (file_exists("/proc/kcore", NULL)) {
> > > pc->flags &= ~DEVMEM;
> > > diff --git a/main.c b/main.c
> > > index 71c59d2..b278c22 100644
> > > --- a/main.c
> > > +++ b/main.c
> > > @@ -1119,7 +1119,7 @@ setup_environment(int argc, char **argv)
> > > pc->flags2 |= REDZONE;
> > > pc->confd = -2;
> > > pc->machine_type = MACHINE_TYPE;
> > > - if (file_exists("/dev/mem", NULL)) { /* defaults until
> argv[]
> > > is parsed */
> > > + if (file_readable("/dev/mem")) { /* defaults until argv[]
> is
> > > parsed */
> > > pc->readmem = read_dev_mem;
> > > pc->writemem = write_dev_mem;
> > > } else if (file_exists("/proc/kcore", NULL)) {
> > > --
> > > 2.31.1
> > >
> >
> > After applying this patch, it works, but redundant information is
> > displayed in the crash prompt as below. I marked it twice, is that
> expected?
> >
> > [root at testvm crash]# ./crash
> > [69580.039885] Lockdown: crash: /dev/mem,kmem,port is restricted; see man
> > kernel_lockdown.7
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> > crash 7.3.0++
> > Copyright (C) 2002-2021 Red Hat, Inc.
> > Copyright (C) 2004, 2005, 2006, 2010 IBM Corporation
> > Copyright (C) 1999-2006 Hewlett-Packard Co
> > Copyright (C) 2005, 2006, 2011, 2012 Fujitsu Limited
> > Copyright (C) 2006, 2007 VA Linux Systems Japan K.K.
> > Copyright (C) 2005, 2011, 2020-2021 NEC Corporation
> > Copyright (C) 1999, 2002, 2007 Silicon Graphics, Inc.
> > Copyright (C) 1999, 2000, 2001, 2002 Mission Critical Linux, Inc.
> > Copyright (C) 2015, 2021 VMware, Inc.
> > This program is free software, covered by the GNU General Public License,
> > and you are welcome to change it and/or distribute copies of it under
> > certain conditions. Enter "help copying" to see the conditions.
> > This program has absolutely no warranty. Enter "help warranty" for
> details.
> >
> > [69580.662388] Lockdown: crash: /dev/mem,kmem,port is restricted; see man
> > kernel_lockdown.7
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > GNU gdb (GDB) 10.2
> > ...
> > crash>
>
> I assume you are using a serial console as I cannot see the messages
> when connecting via ssh. They do appear in dmesg though.
>
Yes. I only saw this message on the serial console.
> The message is emitted by the kernel every time someone opens /dev/mem
> (or one of the other two files). This is done in file_readable as it
> checks if a file can be read from by actually opening and reading from
> it. Unfortunately I don't see a way around it. At least stat still
> shows /dev/mem as readable
>
> # stat /dev/mem
> [...]
> Access: (0640/crw-r-----) Uid: ( 0/ root) Gid: ( 9/ kmem)
> [...]
>
> So yes, seeing those messages is expected.
>
OK, thank you for the explanation, Philipp. I have no other issues.
Acked-by: Lianbo Jiang <lijiang at redhat.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/crash-utility/attachments/20211112/cc913538/attachment.htm>
More information about the Crash-utility
mailing list