[PATCH v1 0/6] makedumpfile: makedumpfile enhancement to filter out kernel data from vmcore

Reinhard Buendgen BUENDGEN at de.ibm.com
Mon Mar 14 04:51:35 EDT 2011


Hi,

I do not think the list of erased symbols must be secret. After all we use 
a special value to do most of the erasing. Thus hinting at what was 
erased. 
The intention of this item is certainly not to unduly confuse service. 

this work shall increase the customers confidence that no sensitive data 
may leak through a dump - clearly at the cost with very low probability 
some problems may no longer be analyzed. - But that's all you can do if 
sensitive data is really needed to analyze a problem.

Mit freundlichen Grüßen/Best Regards/Cordialement 

Reinhard

Dr. Reinhard Bündgen 
RAS & Crypto Architect for Linux on System z 
Virtualization and Systems Management 
 
Mail:buendgen at de.ibm.com
Phone: ++49-(0)7031-16-1130
Fax: ++49-(0)7031-16-3456 
 
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Martin Jetter
Geschäftsführung: Dirk Wittkopp 
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294





From:   "Ken'ichi Ohmichi" <oomichi at mxs.nes.nec.co.jp>
To:     Mahesh Jagannath Salgaonkar <mahesh at linux.vnet.ibm.com>
Cc:     Dave Anderson <anderson at redhat.com>, V Srivatsa 
<vsrivatsa at in.ibm.com>, kexec at lists.infradead.org, Ananth N 
Mavinakayanahalli <ananth at in.ibm.com>, Reinhard Buendgen/Germany/IBM at IBMDE
Date:   14.03.2011 08:08
Subject:        Re: [PATCH v1 0/6] makedumpfile: makedumpfile enhancement 
to filter out kernel data from vmcore




Hi Mahesh,

On Mon, 14 Mar 2011 11:48:19 +0530
Mahesh Jagannath Salgaonkar <mahesh at linux.vnet.ibm.com> wrote:
> > 
> > 
> > ----- Original Message -----
> >> Hi All,
> >>
> >> Please find the makedumpfile enhancement patchset that introduces a 
data
> >> filtering feature which enables makedumpfile to filter out desired 
kernel
> >> symbol data and it's members from the specified VMCORE file. The data 
to be
> >> filtered out is poisoned with character 'X' (58 in Hex).
> >>
> >> This feature will be very useful for the customers who wants to erase 
the
> >> customer sensitive data like security keys and other confidential 
data, in
> >> DUMPFILE before sending it to support team for analysis.
> >>
> >> This feature introduces a filter config file where, using filter 
commands,
> >> user can specify desired kernel data symbols and it's members that 
need to be
> >> filtered out while creating o/p DUMPFILE. The Syntax for filter 
commands are
> >> provided in the filter.conf(8) man page.
> >>
> >> The first 4 patches prepares the base work for filtering framework. 
The last 2
> >> patches implements the generic filtering framework to erase desired 
kernel
> >> data.
> >>
> >> I have tested these patches on x86_64 and s390x architecture against 
RHEL6 GA
> >> kernel. The feature supports filtering data from ELF as well as 
kdump-compressed
> >> formatted dump.
> >>
> >> Please review the patchset and let me know your comments.
> >>
> >> Thanks,
> >> -Mahesh.
> > 
> > Hi Mahesh,
> > 
> > Is there any notation in the filtered ELF kdump or compressed kdump 
file
> > that filtering has been done?  Given that there may be potential 
ramifications
> > in crash utility behavior (or outright failure?), the crash utility 
should
> > display a warning message early on during invocation.
> 
> Hmm... I did not think about it. I am thinking of following approach:
> 
> - Set a bit in dump_level (DL_FILTER_KERNEL_DATA => 0x800) that will
> denote that filtering has been done.
> - For compressed kdump file we anyway have dump_level available in kdump
> sub header
> - For ELF kdump, currently we do not have any way to convey dump_level
> info to crash utility (Ken'chi, correct me if I am wrong). How about
> introducing an additional ELF note (NT_DUMP_LEVEL) that will include
> dump_level info.

On your above approach, a member of support team for analysis cannot
know what symbols are erased.
And he/she will not believe the received dumpfile from a customer site.

I have one question, do you think it is better not to inform support
team of the erased symbols ?
Is also the list of the erased symbols secret ?


Thanks
Ken'ichi Ohmichi

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.infradead.org/pipermail/kexec/attachments/20110314/1c4d8a88/attachment-0001.html>


More information about the kexec mailing list