[PATCH v2 0/7] makedumpfile security key filtering with eppic
Aravinda Prasad
aravinda at linux.vnet.ibm.com
Mon Dec 3 01:02:27 EST 2012
On 2012-11-26 19:34, Vivek Goyal wrote:
> On Thu, Nov 22, 2012 at 10:44:49PM +0530, Aravinda Prasad wrote:
>
> [..]
>> Customers who want to filter their dump would certainly prefer a single
>> tool and a single shot to throw away pages, scrub data and then
>> compress, split or send the resulting dump to some target using ssh.
>> This important functionality is lost if scrubbing is not part of
>> makedumpfile and a separate tool is developed which just does scrubbing.
>
> Customers do filtering from initramfs context. It is not practical to
> save TB of memory and filter it later. And we just concluded that is
> it not practical to do scrubbing from initramfs due to need of vmlinux.
>
> So doing filtering and doing scrubbing will not happen at the same
> time practically. So bloating size of makedumpfile does not make
> sense to me.
>
Another approach is to dynamically load libeppic library - similar way
how crash does it. No major changes will be done to makedumpfile code,
except the addition of --eppic flag. Upon specifying --eppic flag
makedumpfile will dlopen libeppic.so, which will have functionality to
scrub the specified data. This will prevent makedumpfile bloat and will
not affect the size of initramfs as --eppic is only specified during
post processing. The distribution should build and ship libeppic.so and
the procedure for building .so will be similar to what we have in crash.
> Thanks
> Vivek
>
--
Regards,
Aravinda
More information about the kexec
mailing list