[PATCH v2 0/7] makedumpfile security key filtering with eppic

Aravinda Prasad aravinda at linux.vnet.ibm.com
Fri Dec 7 01:05:12 EST 2012 


On 2012-12-06 20:56, Dave Anderson wrote:

> 
> 
> ----- Original Message -----
> 
>>
>> Another approach is to dynamically load libeppic library - similar way
>> how crash does it. No major changes will be done to makedumpfile code,
>> except the addition of --eppic flag. Upon specifying --eppic flag
>> makedumpfile will dlopen libeppic.so, which will have functionality to
>> scrub the specified data. This will prevent makedumpfile bloat and will
>> not affect the size of initramfs as --eppic is only specified during
>> post processing. The distribution should build and ship libeppic.so and
>> the procedure for building .so will be similar to what we have in
>> crash.
> 
> OK, so based upon the most recent discussion here:
> 
>  Re: [PATCH v2 0/7] makedumpfile security key filtering with eppic
>  http://lists.infradead.org/pipermail/kexec/2012-December/007452.html
> 
> Aravinda states that he will be posting an update for makedumpfile 
> that will dlopen() a new "libeppic.so" shared object that is built
> with the libeppic.a library.
> 
> The upstream eppic git tree contains an "applications/crash" subdirectory
> that contains the code that creates a crash-utility-specific "eppic.so" file.
> 
> Accordingly, this new proposal will also require new source file(s) and
> a build process to create this new makedumpfile-specific "libeppic.so" 
> shared object.
>    
> Arvinda -- will you be proposing an additional "applications/makedumpfile"
> subdirectory for the upstream eppic git tree that can be used to create
> the makedumpfile-specific libeppic.so file?


This is what I am planning.

A new extension_eppic.c file will be created under makedumpfile source
directory. This file is equivalent to applications/crash/eppic.c in
upstream eppic repository. A new target will be added to the Makefile of
makedumpfile to build the shared library and to build this shared
library libeppic.a would be required. The makedumpfile specific shared
library will be named different - say eppic_mkdumpfile.so to avoid
conflict with crash specific libeppic.so.

The reason for including extension_eppic.c under makedumpfile source is
because it will be dependent on other functions in makedumpfile code
like dwarf related calls etc. People modifying those functions should be
aware of the callers in extension_eppic.c and if this is included in
upstream eppic code, it will be easily overlooked (or may not be aware
of its existence).

A flag --eppic will be added to makedumpfile which will dlopen the
shared library. Few additional helper functions will be added to
dwarf_info.c and erase_info.c - the same functions which are in v2 of
the patchset.


> 
> Dave
> 
> 
> _______________________________________________
> kexec mailing list
> kexec at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/kexec
> 


-- 
Regards,
Aravinda

More information about the kexec mailing list