Re: [Crash-utility] [PATCH 0/2] Generalize KASLR calculation and use it for KDUMPs
----- Original Message -----
Hi Sergio,
I have one obvious question. Throughout the patch-set you are using
KDUMP_DUMPFILE() as a qualifier, which is restricted to ELF vmcores
only. While the use of ELF vmcores is an option, it's far more likely
that the output format of "virsh dump --memory-only" will utilize one
of the compressed kdump formats, using zlib, lzo or snappy.
Dave
And aside from support for compressed kdumps, i.e., DISKDUMP_DUMPFILE(),
when I requested segregation of this QEMU-dumps-with-no-VMCOREINFO code,
here's what I meant.
Instead of using KDUMP_DUMPFILE() and/or DISKDUMP_DUMPFILE() as top-level
qualifiers for this patchset, the qualifier should restrict it to only
virsh dump generated dumpfiles that do not have VMCOREINFO notes. Note
that these pc->flags2 bits already exist:
QEMU_MEM_DUMP_ELF
QEMU_MEM_DUMP_COMPRESSED
VMCOREINFO
For this patchset, I suggest creating a new QEMU_MEM_DUMP_NO_VMCOREINFO()
macro that looks something like:
#define QEM_MEM_DUMP_NO_VMCOREINFO() \
((pc->flags2 & (QEMU_MEM_DUMP_ELF|QEMU_MEM_DUMP_COMPRESSED)) &&
!(pc->flags2 & VMCOREINFO))
Then after any "if (QEM_MEM_DUMP_NO_VMCOREINFO()" qualifier applies, you
can use KDUMP_DUMPFILE() or DISKDUMP_DUMPFILE() within that code section to
branch appropriately.
Dave
----- Original Message -----
> Commit 45b74b89530d611b3fa95a1041e158fbb865fa84 added support for
> calculating phys_base and kernel offset for KASLR-enabled kernels on
> SADUMPs by using a technique developed by Takao Indoh. Originally, the
> patchset included support for KDUMPs, but this was dropped in v2, as it
> was deemed unnecessary due to the implementation of the vmcoreinfo
> device in QEMU.
>
> Sadly, there are many reasons for which the vmcoreinfo device may not be
> present in the moment of taking the memory dump from a VM, ranging from
> a Host running older QEMU/libvirt versions, to misconfigured VMs or
> environments running Hypervisors that doesn't support this device.
>
> This patchset generalizes the kaslr related functions from sadump.c
> moving them to kaslr_helper.c, and makes KDUMP analysis fallback to
> KASLR offset calculation if vmcoreinfo data is missing.
>
> These changes have been successfully tested with a 3.10.0-830.el7.x86_64
> under the following conditions:
>
> - kdump with KASLR and vmcoreinfo
>
> - kdump with KASLR but no vmcoreinfo
>
> - kdump without KASLR ("nokaslr" kernel command line option)
>
> It was also tested that a "crash" patched with these changes still
> builds and runs (live and kdump debugging) on an aarch64 machine.
>
> Sergio Lopez (2):
> Move kaslr related functions from sadump.c to kaslr_helper.c
> kdump: if vmcoreinfo is missing, try to infer kaslr offset
>
> Makefile | 7 +-
> defs.h | 15 ++
> kaslr_helper.c | 466
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++
> netdump.c | 73 +++++++++
> netdump.h | 1 +
> sadump.c | 487
> +++++----------------------------------------------------
> symbols.c | 29 ++--
> x86_64.c | 14 +-
> 8 files changed, 629 insertions(+), 463 deletions(-)
> create mode 100644 kaslr_helper.c
>
> --
> 2.14.3
>
>