[PATCH v1 0/6] makedumpfile: makedumpfile enhancement to filter out kernel data from vmcore
BUENDGEN at de.ibm.com
Mon Mar 14 04:51:35 EDT 2011
I do not think the list of erased symbols must be secret. After all we use
a special value to do most of the erasing. Thus hinting at what was
The intention of this item is certainly not to unduly confuse service.
this work shall increase the customers confidence that no sensitive data
may leak through a dump - clearly at the cost with very low probability
some problems may no longer be analyzed. - But that's all you can do if
sensitive data is really needed to analyze a problem.
Mit freundlichen Grüßen/Best Regards/Cordialement
Dr. Reinhard Bündgen
RAS & Crypto Architect for Linux on System z
Virtualization and Systems Management
Mail:buendgen at de.ibm.com
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Martin Jetter
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
From: "Ken'ichi Ohmichi" <oomichi at mxs.nes.nec.co.jp>
To: Mahesh Jagannath Salgaonkar <mahesh at linux.vnet.ibm.com>
Cc: Dave Anderson <anderson at redhat.com>, V Srivatsa
<vsrivatsa at in.ibm.com>, kexec at lists.infradead.org, Ananth N
Mavinakayanahalli <ananth at in.ibm.com>, Reinhard Buendgen/Germany/IBM at IBMDE
Date: 14.03.2011 08:08
Subject: Re: [PATCH v1 0/6] makedumpfile: makedumpfile enhancement
to filter out kernel data from vmcore
On Mon, 14 Mar 2011 11:48:19 +0530
Mahesh Jagannath Salgaonkar <mahesh at linux.vnet.ibm.com> wrote:
> > ----- Original Message -----
> >> Hi All,
> >> Please find the makedumpfile enhancement patchset that introduces a
> >> filtering feature which enables makedumpfile to filter out desired
> >> symbol data and it's members from the specified VMCORE file. The data
> >> filtered out is poisoned with character 'X' (58 in Hex).
> >> This feature will be very useful for the customers who wants to erase
> >> customer sensitive data like security keys and other confidential
> >> DUMPFILE before sending it to support team for analysis.
> >> This feature introduces a filter config file where, using filter
> >> user can specify desired kernel data symbols and it's members that
need to be
> >> filtered out while creating o/p DUMPFILE. The Syntax for filter
> >> provided in the filter.conf(8) man page.
> >> The first 4 patches prepares the base work for filtering framework.
The last 2
> >> patches implements the generic filtering framework to erase desired
> >> data.
> >> I have tested these patches on x86_64 and s390x architecture against
> >> kernel. The feature supports filtering data from ELF as well as
> >> formatted dump.
> >> Please review the patchset and let me know your comments.
> >> Thanks,
> >> -Mahesh.
> > Hi Mahesh,
> > Is there any notation in the filtered ELF kdump or compressed kdump
> > that filtering has been done? Given that there may be potential
> > in crash utility behavior (or outright failure?), the crash utility
> > display a warning message early on during invocation.
> Hmm... I did not think about it. I am thinking of following approach:
> - Set a bit in dump_level (DL_FILTER_KERNEL_DATA => 0x800) that will
> denote that filtering has been done.
> - For compressed kdump file we anyway have dump_level available in kdump
> sub header
> - For ELF kdump, currently we do not have any way to convey dump_level
> info to crash utility (Ken'chi, correct me if I am wrong). How about
> introducing an additional ELF note (NT_DUMP_LEVEL) that will include
> dump_level info.
On your above approach, a member of support team for analysis cannot
know what symbols are erased.
And he/she will not believe the received dumpfile from a customer site.
I have one question, do you think it is better not to inform support
team of the erased symbols ?
Is also the list of the erased symbols secret ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the kexec