[PATCH v1 0/6] makedumpfile: makedumpfile enhancement to filter out kernel data from vmcore
Mahesh Jagannath Salgaonkar
mahesh at linux.vnet.ibm.com
Mon Mar 14 02:26:17 EDT 2011
On 03/14/2011 07:25 AM, Ken'ichi Ohmichi wrote:
>
> Hi Mahesh,
>
> On Fri, 11 Mar 2011 13:34:32 +0530
> Mahesh J Salgaonkar <mahesh at linux.vnet.ibm.com> wrote:
>>
>> Please find the makedumpfile enhancement patchset that introduces a data
>> filtering feature which enables makedumpfile to filter out desired kernel
>> symbol data and it's members from the specified VMCORE file. The data to be
>> filtered out is poisoned with character 'X' (58 in Hex).
>>
>> This feature will be very useful for the customers who wants to erase the
>> customer sensitive data like security keys and other confidential data, in
>> DUMPFILE before sending it to support team for analysis.
>>
>> This feature introduces a filter config file where, using filter commands,
>> user can specify desired kernel data symbols and it's members that need to be
>> filtered out while creating o/p DUMPFILE. The Syntax for filter commands are
>> provided in the filter.conf(8) man page.
>>
>> The first 4 patches prepares the base work for filtering framework. The last 2
>> patches implements the generic filtering framework to erase desired kernel
>> data.
>>
>> I have tested these patches on x86_64 and s390x architecture against RHEL6 GA
>> kernel. The feature supports filtering data from ELF as well as
>> kdump-compressed formatted dump.
>>
>> Please review the patchset and let me know your comments.
>
> This patchset is interesting, and I start reviewing.
> I haven't reviewed the code yet, and this is a quick review.
>
> * About the filename of configuration.
> Is filter.conf only for makedumpfile command ?
> If so, I feel filter.conf is too generic file name.
> How about makedumpfile.conf ?
:-) I initially started with that name. But since it was only for
filtering purpose I went for filter.conf. However, I am ok with the name
makdumpfile.conf
>
> If makedumpfile.conf, it is clear that the file is only for
> makedumpfile, and we will be able to use the file for not only
> erasing secret data but also other purpose.
> (ex: specifying the other options like -d 31 in the file)
Agree, Makes sense.
>
>
> Thanks
> Ken'ichi Ohmichi
More information about the kexec
mailing list