lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZzuRSZc8HX9Zu0dE@google.com>
Date: Mon, 18 Nov 2024 19:11:05 +0000
From: Roman Gushchin <roman.gushchin@...ux.dev>
To: Pasha Tatashin <pasha.tatashin@...een.com>
Cc: linux-kernel@...r.kernel.org, linux-mm@...ck.org,
	linux-doc@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	cgroups@...r.kernel.org, linux-kselftest@...r.kernel.org,
	akpm@...ux-foundation.org, corbet@....net, derek.kiernan@....com,
	dragan.cvetic@....com, arnd@...db.de, gregkh@...uxfoundation.org,
	viro@...iv.linux.org.uk, brauner@...nel.org, jack@...e.cz,
	tj@...nel.org, hannes@...xchg.org, mhocko@...nel.org,
	shakeel.butt@...ux.dev, muchun.song@...ux.dev,
	Liam.Howlett@...cle.com, lorenzo.stoakes@...cle.com, vbabka@...e.cz,
	jannh@...gle.com, shuah@...nel.org, vegard.nossum@...cle.com,
	vattunuru@...vell.com, schalla@...vell.com, david@...hat.com,
	willy@...radead.org, osalvador@...e.de, usama.anjum@...labora.com,
	andrii@...nel.org, ryan.roberts@....com, peterx@...hat.com,
	oleg@...hat.com, tandersen@...flix.com, rientjes@...gle.com,
	gthelen@...gle.com
Subject: Re: [RFCv1 0/6] Page Detective

On Sat, Nov 16, 2024 at 05:59:16PM +0000, Pasha Tatashin wrote:
> Page Detective is a new kernel debugging tool that provides detailed
> information about the usage and mapping of physical memory pages.
> 
> It is often known that a particular page is corrupted, but it is hard to
> extract more information about such a page from live system. Examples
> are:
> 
> - Checksum failure during live migration
> - Filesystem journal failure
> - dump_page warnings on the console log
> - Unexcpected segfaults
> 
> Page Detective helps to extract more information from the kernel, so it
> can be used by developers to root cause the associated problem.
> 
> It operates through the Linux debugfs interface, with two files: "virt"
> and "phys".
> 
> The "virt" file takes a virtual address and PID and outputs information
> about the corresponding page.
> 
> The "phys" file takes a physical address and outputs information about
> that page.
> 
> The output is presented via kernel log messages (can be accessed with
> dmesg), and includes information such as the page's reference count,
> mapping, flags, and memory cgroup. It also shows whether the page is
> mapped in the kernel page table, and if so, how many times.

This looks questionable both from the security and convenience points of view.
Given the request-response nature of the interface, the output can be
provided using a "normal" seq-based pseudo-file.

But I have a more generic question:
doesn't it make sense to implement it as a set of drgn scripts instead
of kernel code? This provides more flexibility, is safer (even if it's buggy,
you won't crash the host) and should be at least in theory equally
powerful.

Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ