lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110919183656.GC3373@redhat.com>
Date:	Mon, 19 Sep 2011 14:36:56 -0400
From:	Vivek Goyal <vgoyal@...hat.com>
To:	Michael Holzheu <holzheu@...ux.vnet.ibm.com>
Cc:	ebiederm@...ssion.com, mahesh@...ux.vnet.ibm.com,
	schwidefsky@...ibm.com, heiko.carstens@...ibm.com,
	kexec@...ts.infradead.org, linux-kernel@...r.kernel.org,
	linux-s390@...r.kernel.org
Subject: Re: [patch 1/2] kdump: Initialize vmcoreinfo note at startup

On Fri, Sep 16, 2011 at 10:21:17AM +0200, Michael Holzheu wrote:
> Hello Vivek,
> 
> On Thu, 2011-09-15 at 14:46 -0400, Vivek Goyal wrote:
> > On Fri, Sep 09, 2011 at 12:27:00PM +0200, Michael Holzheu wrote:
> > > From: Michael Holzheu <holzheu@...ux.vnet.ibm.com>
> > > 
> > > Currently the vmcoreinfo note is only initialized in case of kdump. On s390
> > > it is possible to create kernel dumps with other dump mechanisms than kdump
> > > (e.g. via hypervisor dump or stand-alone dump tools).
> > 
> > Both of these will be invoked through panic notifiers because kdump kernel
> > is not loaded?
> 
> This is only one possibility. The other is that they are invoked
> manually or by hypervisor watchdog without any Linux kernel involvement.
> 
> > 
> > >For those dumps it
> > > would also be desirable to include the vmcoreinfo data.
> > 
> > Curious that how these two dump schemes make use vmcoreinfo data?
> 
> We have a tool named zgetdump. With this tool it is possible to convert
> dump formats on the fly using fuse. E.g. you can mount a s390
> stand-alone dump as ELF dump. When this is done, the tool finds the
> vmcoreinfo in the stand-alone dump via our well known ABI defined
> address and it creates the respective VMCOREINFO ELF note in the output
> ELF dump. This then can be used e.g. by makedumpfile for dump filtering.
> No more need for a vmlinux file with debug information.

Ok, so you basically need it so that makedumpfile can do filtering without
debug info.

Well, if zgetdump is doing everything and you are stashing away an arch
specific pointer, I guss you could have saved pointer directly to
vmcoreinfo_data and then zgetdump could have made an ELF note out of it
for use of makedumpfile.

But anyway, having kernel exported the note does not harm.

> So this will look like the following:
> 
> # zgetdump --mount standalone.dump -f elf /mnt
> # ls /mnt
> # dump.elf
> # readelf -n /mnt/dump.elf
> # ...
>   VMCOREINFO		0x00000474	Unknown note type: (0x00000000)
> # makedumpfile -c -d 31 /mnt/dump.elf dump.kdump

If you can do this easily, then you really did not need kdump in kernel? 
Just use stand alone dump to take dump and then do this to filter dump.

But what happens to ELF headers which map kernel virtual address to
physical addresses? kexec-tools prepares those. So in this case when
you are capturing the dump, who prepares those? IOW, how does zgetdump
creates a mapping between kernel virtual and physical addresses?

Thanks
Vivek
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ