[PATCH v2 0/7] makedumpfile security key filtering with eppic

Aravinda Prasad aravinda at linux.vnet.ibm.com
Fri Nov 16 04:52:50 EST 2012

On 2012-11-15 21:25, Vivek Goyal wrote:

> On Thu, Nov 15, 2012 at 09:27:45AM -0500, Dave Anderson wrote:
> [..]
>>> Yes, makedumpfile needs to be linked against eppic library for filtering
>>> data and this will increase makedumpfile size and initramfs size too.
>> Just to clarify -- your example indicates that the vmlinux file is required
>> for this facility to work, correct?
>>> makedumpfile -c -d 31 -x vmlinux --eppic key.c vmcore filtered_vmcore
>> Clearly distros won't be putting the vmlinux file in the initramfs -- that's
>> the whole reasoning behind vmcoreinfo.  So the 99% of users that aren't
>> interested in scrubbing will have to pay the penalty of the larger makedumpfile
>> binary.
> That's a good point Dave. We will never put debug compiled vmlinux in 
> initramfs. Following two alternatives come to my mind.

As I mentioned, we don't need vmlinux in initramfs as filtering is done
during post processing only.

> - Either makedumpfile provides some kind of library to parse/read/write
>   dump files and we can write another stand alone utility for scrubbing
>   dump files (say, scrub-vmcore),  and it can link against makedumpfile
>   libraries to take advantage of existing code.
> - Or, we just identify what we want to scrube and make that code part
>   of makedumpfile. Export relevant data structures from kernel using
>   vmcoreinfo.
> I prefer to keep things simple and like second option better.
> Thanks
> Vivek


More information about the kexec mailing list