Re: [Crash-utility] [PATCH v4 0/6] Generalize KASLR calculation and use it for KDUMPs
Sergio,
-----Original Message-----
From: Sergio Lopez [mailto:slp@redhat.com]
Sent: Tuesday, March 27, 2018 7:10 PM
To: crash-utility(a)redhat.com
Cc: anderson(a)redhat.com; Indoh, Takao
<indou.takao(a)jp.fujitsu.com>; Hatayama, Daisuke
<d.hatayama(a)jp.fujitsu.com>; Sergio Lopez <slp(a)redhat.com>
Subject: [PATCH v4 0/6] Generalize KASLR calculation and use it for KDUMPs
Commit 45b74b89530d611b3fa95a1041e158fbb865fa84 added support for
calculating phys_base and kernel offset for KASLR-enabled kernels on
SADUMPs by using a technique developed by Takao Indoh. Originally, the
patchset included support for KDUMPs, but this was dropped in v2, as it
was deemed unnecessary due to the implementation of the vmcoreinfo
device in QEMU.
Sadly, there are many reasons for which the vmcoreinfo device may not be
present in the moment of taking the memory dump from a VM, ranging from
a Host running older QEMU/libvirt versions, to misconfigured VMs or
environments running Hypervisors that doesn't support this device.
This patchset generalizes the kaslr related functions from sadump.c
moving them to kaslr_helper.c, and makes KDUMP analysis fallback to
KASLR offset calculation if vmcoreinfo data is missing.
These changes have been successfully tested with a 3.10.0-830.el7.x86_64
under the following conditions:
- kdump with KASLR and vmcoreinfo
- kdump with KASLR but no vmcoreinfo
- kdump without KASLR ("nokaslr" kernel command line option)
It was also tested that a "crash" patched with these changes still
builds and runs (live and kdump debugging) on an aarch64 machine.
changelog:
v4:
- Add missing brackets in map_cpus_to_prstatus_kdump_cmprs (thanks
Dave)
- Apply coding style suggestions.
- Add support for VMWARE VMSS dumps (vmware_vmss)
- Update copyright and authors on kaslr_helper.c and vmware_vmss.c
v3:
- Merge *get_cr3 and *get_idtr functions and move them to
kaslr_helper.c
- diskdump: drop kaslr_phys_base addition and use
sub_header_kdump->phys_base instead.
- Unconditionally call x86_64_virt_phys_base after grabbing phys_base
v2:
- Limit application to QEMU ELF and QEMU COMPRESSED dumps (thanks Dave)
- Add support for QEMU COMPRESSED dumps (diskdump)
Sorry for delayed response.
I had been out of office till today due to a cold.
The patch set seems good to me, and
I tested your patch set on sadump dump files using the following
3 kinds of kernel versions with/without KASLR:
- RHEL7.5 RC3
- RHEL7.4 GA
- 4.16.0-rc7
and result was OK.
Thanks for your work.
Sergio Lopez (6):
Move kaslr related functions from sadump.c to kaslr_helper.c
Move QEMUCPU* structs from netdump.h to defs.h
netdump: infer kaslr offset for QEMU ELF dumps without vmcoreinfo
diskdump: infer kaslr offset for QEMU COMPRESSED dumps without
vmcoreinfo
vmware_vmss: infer kaslr offset for VMSS dumps
kaslr_helper/vmware_vmss: update copyright and authors
Makefile | 7 +-
defs.h | 43 +++++
diskdump.c | 66 +++++++-
kaslr_helper.c | 494
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
netdump.c | 57 +++++++
netdump.h | 24 +--
sadump.c | 486
++++----------------------------------------------------
symbols.c | 30 +++-
vmware_vmss.c | 32 +++-
vmware_vmss.h | 1 +
x86_64.c | 34 +++-
11 files changed, 788 insertions(+), 486 deletions(-)
create mode 100644 kaslr_helper.c
--
2.14.3