lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 22 May 2017 16:51:13 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Ankit Kumar <ankit@...ux.vnet.ibm.com>
Cc:     Anton Vorontsov <anton@...msg.org>,
        Colin Cross <ccross@...roid.com>,
        Tony Luck <tony.luck@...el.com>,
        LKML <linux-kernel@...r.kernel.org>,
        "mahesh@...ux.vnet.ibm.com" <mahesh@...ux.vnet.ibm.com>,
        Hari Bathini <hbathini@...ux.vnet.ibm.com>,
        hegdevasant@...ux.vnet.ibm.com
Subject: Re: [PATCH 2/2] Save current timestamp part of dmesg while writing
 oops message to pstore

On Mon, May 22, 2017 at 3:20 AM, Ankit Kumar <ankit@...ux.vnet.ibm.com> wrote:
> Currently on panic or Oops, kernel saves the last few bytes from dmesg
> buffer to nvram. Usually kdump does capture kernel memory and provide
> dmesg logs as well. But in some cases where kdump fails to capture
> vmcore, the dmesg buffer stored in nvram/pstore turns out to be very
> helpful in analyzing root cause.
>
> Present code creates pstore dump file(/sys/fs/pstore/dmesg-***) based on
> timestamp(retrieved from header). Current pstore code creates dump file
> (/sys/fs/pstore/dmesg-***) with that timestamp. Dump file can be analyzed
> based on file creation time and we can make out whether dump file has latest
> data or not.
>
> But when we transfer pstore dump file(/sys/fs/pstore/dmesg-***) to other
> machine or collect file using some utilities(sosreport/supportconfig) then file
> timestamp gets changed and hence by looking at device file (dmesg-***) we won't
> be able to identify whether dump has latest data or not.
>
> Above issue can be fixed if we also have timestamp(dump creation time) as
> initial few bytes while capturing dmesg buffer to pstore dump file
> (/sys/fs/pstore/dmesg-***).
>
>
> This patch enhances pstore write code to also write timestamp as part of data.
>
> Here is sample log of dump file:(/sys/fs/pstore/dmesg-***)
> Oops#1 Part1 [timestamp:1494939359.590463]

While I understand your rationale about possibly losing file timestamp
information in userspace, I think this is a solvable problem on the
collection side. If an additional header is needed, perhaps copy the
dmesg files like this:

for i in dmesg-*; do
    (stat --format=%y /sys/fs/pstore/$i; \
     cat /sys/fs/pstore/$i) > $collect_dir/$i
done

One of the primary concerns for pstore is the stored dump size, even
to the point of adding compression to the routines to squeeze out
every last bit of space. I'd really rather avoid adding the timestamp
to the stored data like this. It's up to the backends already to
efficiently store this, and it's exposed via the file timestamp, so I
really can't justify adding redundant data.

-Kees

-- 
Kees Cook
Pixel Security

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ