Fwd: Re: makedumpfile security key enhancement using SIAL

Aravinda Prasad aravinda at linux.vnet.ibm.com
Thu Mar 22 13:26:30 EDT 2012


On Wednesday 21 March 2012 12:13 PM, Atsushi Kumagai wrote:
> Hello Aravinda,
>
> I have two questions, could you answer me ?
>
> First, what problems do you have about the current format of makedumpfile.conf ?

Even though makedumpfile.conf is capable of filtering out data from the
vmocore, it is not possible to specify and erase complex
data-structures. For example it is not possible to traverse a nested
list or a tree and then erase a particular node based on some
conditions. Extending makedumpfile.conf to support these would require
implementing a lot of language constructs. But we can reuse SIAL
instead of extending makedumpfile.conf.

> Second, what benefits do you expect from using SIAL ? I can't imagine
> specific benefits with using SIAL now.

SIAL can be used as a language construct to specify rules/commands to
erase data in the image file. The makedumpfile would interpret the
rules/commands provided by SIAL macros with the help of SIAL library
and would suitably erase the required data in the dump file. As SIAL
provides a lot of language constructs like conditional statements,
logical and arithmetic operators, nested loops, functions etc, it would
be possible to traverse nested lists and trees and conditionally erase
data in the dump file, enabling users to literally erase any data in
the dump file.

>
> By the way, could you add kexec-ML to CC field from next time ?

Included.

>
>    kexec mailing list:
>      kexec at lists.infradead.org
>      http://lists.infradead.org/mailman/listinfo/kexec
>
>
> Thanks
> Atsushi Kumagai
>
>
> On Tue, 20 Mar 2012 17:28:21 +0530
> Aravinda Prasad<aravinda at linux.vnet.ibm.com>  wrote:
>
>> Hi Luc,
>>
>> We are looking for utilising SIAL as a language construct for the
>> makedumpfile kernel data filtering from vmcore feature. The details of
>> which are in the mail forward.
>>
>> The proposed enhancement will require libsial.a and as SIAL is not
>> currently built/shipped, we are looking for possibilities on how
>> libsial.a can be made available to makedumpfile. Please let us know your
>> opinion on the same.
>>
>> Regards,
>> Aravinda
>>
>>
>> -------- Original Message --------
>> Subject: Re: makedumpfile security key enhancement using SIAL
>> Date: Tue, 13 Mar 2012 10:27:43 -0400 (EDT)
>> From: Dave Anderson<anderson at redhat.com>
>> To: Aravinda Prasad<aravinda at linux.vnet.ibm.com>
>> CC: Atsushi Kumagai<kumagai-atsushi at mxc.nes.nec.co.jp>,         Masaki
>> Tachibana<tachibana at mxm.nes.nec.co.jp>,        Ananth N
>> Mavinakayanahalli<ananth at in.ibm.com>,        Mahesh J Salgaonkar
>> <mahesh at linux.vnet.ibm.com>
>>
>>
>>
>> ----- Original Message -----
>>> Hi Dave,
>>>
>>> Last year, we worked on the makedumpfile security key filtering where we
>>> added support to filter out kernel data from vmcore. This year, we are
>>> working on enhancing the framework to provide more flexibility for the
>>> customers to specify rules to traverse and filter out kernel data - for
>>> which we are planning to use SIAL.
>>>
>>> We are looking into using SIAL as language construct to specify
>>> rules/commands to erase data in the image file. The makedumpfile would
>>> interpret the rules provided in SIAL macro using SIAL library (which
>>> could be dynamically loaded) and erase out suitable data in the vmcore.
>>> We are planning to reuse SIAL as it provides a C language like
>>> construct, which is flexible and powerful enough to specify rules to
>>> erase data in vmcore.
>>>
>>> As SIAL is not built and shipped along with crash, we are looking for
>>> possibilities on how SIAL can be leveraged by makedumpfile and would
>>> like to know your opinion.
>>
>> Sorry but I cannot give you any help with SIAL.  Luc Chouinard is the
>> maintainer of the SIAL extension module adaptation for the crash utility,
>> and he can answer your questions w/respect to adapting it for makedumpfile.
>> And ultimately, that's a question for the makedumpfile maintainers.
>>
>> Dave
>
> _______________________________________________
> kexec mailing list
> kexec at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/kexec
>
Regards,
Aravinda




More information about the kexec mailing list