[PATCH v2 0/7] makedumpfile security key filtering with eppic
Aravinda Prasad
aravinda at linux.vnet.ibm.com
Fri Nov 16 04:52:50 EST 2012
On 2012-11-15 21:25, Vivek Goyal wrote:
> On Thu, Nov 15, 2012 at 09:27:45AM -0500, Dave Anderson wrote:
>
> [..]
>>> Yes, makedumpfile needs to be linked against eppic library for filtering
>>> data and this will increase makedumpfile size and initramfs size too.
>>
>> Just to clarify -- your example indicates that the vmlinux file is required
>> for this facility to work, correct?
>>
>>> makedumpfile -c -d 31 -x vmlinux --eppic key.c vmcore filtered_vmcore
>>
>> Clearly distros won't be putting the vmlinux file in the initramfs -- that's
>> the whole reasoning behind vmcoreinfo. So the 99% of users that aren't
>> interested in scrubbing will have to pay the penalty of the larger makedumpfile
>> binary.
>
> That's a good point Dave. We will never put debug compiled vmlinux in
> initramfs. Following two alternatives come to my mind.
As I mentioned, we don't need vmlinux in initramfs as filtering is done
during post processing only.
>
> - Either makedumpfile provides some kind of library to parse/read/write
> dump files and we can write another stand alone utility for scrubbing
> dump files (say, scrub-vmcore), and it can link against makedumpfile
> libraries to take advantage of existing code.
>
> - Or, we just identify what we want to scrube and make that code part
> of makedumpfile. Export relevant data structures from kernel using
> vmcoreinfo.
>
> I prefer to keep things simple and like second option better.
>
> Thanks
> Vivek
>
--
Regards,
Aravinda
More information about the kexec
mailing list