<font size=2 face="sans-serif">Hi,</font>
<br>
<br><font size=2 face="sans-serif">I do not think the list of erased symbols
must be secret. After all we use a special value to do most of the erasing.
Thus hinting at what was erased. </font>
<br><font size=2 face="sans-serif">The intention of this item is certainly
not to unduly confuse service. </font>
<br>
<br><font size=2 face="sans-serif">this work shall increase the customers
confidence that no sensitive data may leak through a dump - clearly at
the cost with very low probability some problems may no longer be analyzed.
- But that's all you can do if sensitive data is really needed to analyze
a problem.</font>
<br><font size=2 face="sans-serif"><br>
</font><font size=2 face="Verdana">Mit freundlichen Grüßen/Best Regards/Cordialement
<br>
</font><font size=5 face="Brush Script"><br>
Reinhard</font>
<p>
<hr noshade>
<table width=100%>
<tr>
<td width=34%><font size=2 face="Verdana"><b>Dr. Reinhard Bündgen </b></font><font size=1 color=#5f5f5f face="Verdana"><br>
RAS & Crypto Architect for Linux on System z <br>
Virtualization and Systems Management </font>
<td width=1%><font size=1 face="Verdana"> </font>
<td width=23%><font size=1 face="Verdana">Mail:</font><a href=mailto:buendgen@de.ibm.com><font size=1 color=blue face="Verdana"><u>buendgen@de.ibm.com</u></font></a><font size=1 face="Verdana"><br>
Phone: ++49-(0)7031-16-1130<br>
Fax: ++49-(0)7031-16-3456 </font>
<td width=1%><font size=1 face="Verdana"> </font>
<td width=38%><font size=1 face="Verdana">IBM Deutschland Research &
Development GmbH</font><font size=1 color=#5f5f5f face="Verdana"><br>
Vorsitzender des Aufsichtsrats: Martin Jetter<br>
Geschäftsführung: Dirk Wittkopp <br>
Sitz der Gesellschaft: Böblingen<br>
Registergericht: Amtsgericht Stuttgart, HRB 243294</font></table>
<br>
<p>
<hr noshade>
<br>
<br>
<br>
<br><font size=1 color=#5f5f5f face="sans-serif">From:
</font><font size=1 face="sans-serif">"Ken'ichi Ohmichi"
<oomichi@mxs.nes.nec.co.jp></font>
<br><font size=1 color=#5f5f5f face="sans-serif">To:
</font><font size=1 face="sans-serif">Mahesh Jagannath Salgaonkar
<mahesh@linux.vnet.ibm.com></font>
<br><font size=1 color=#5f5f5f face="sans-serif">Cc:
</font><font size=1 face="sans-serif">Dave Anderson <anderson@redhat.com>,
V Srivatsa <vsrivatsa@in.ibm.com>, kexec@lists.infradead.org, Ananth
N Mavinakayanahalli <ananth@in.ibm.com>, Reinhard Buendgen/Germany/IBM@IBMDE</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Date:
</font><font size=1 face="sans-serif">14.03.2011 08:08</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Subject:
</font><font size=1 face="sans-serif">Re: [PATCH v1
0/6] makedumpfile: makedumpfile enhancement to filter out kernel data from
vmcore</font>
<br>
<hr noshade>
<br>
<br>
<br><tt><font size=2><br>
Hi Mahesh,<br>
<br>
On Mon, 14 Mar 2011 11:48:19 +0530<br>
Mahesh Jagannath Salgaonkar <mahesh@linux.vnet.ibm.com> wrote:<br>
> > <br>
> > <br>
> > ----- Original Message -----<br>
> >> Hi All,<br>
> >><br>
> >> Please find the makedumpfile enhancement patchset that introduces
a data<br>
> >> filtering feature which enables makedumpfile to filter out
desired kernel<br>
> >> symbol data and it's members from the specified VMCORE file.
The data to be<br>
> >> filtered out is poisoned with character 'X' (58 in Hex).<br>
> >><br>
> >> This feature will be very useful for the customers who wants
to erase the<br>
> >> customer sensitive data like security keys and other confidential
data, in<br>
> >> DUMPFILE before sending it to support team for analysis.<br>
> >><br>
> >> This feature introduces a filter config file where, using
filter commands,<br>
> >> user can specify desired kernel data symbols and it's members
that need to be<br>
> >> filtered out while creating o/p DUMPFILE. The Syntax for
filter commands are<br>
> >> provided in the filter.conf(8) man page.<br>
> >><br>
> >> The first 4 patches prepares the base work for filtering
framework. The last 2<br>
> >> patches implements the generic filtering framework to erase
desired kernel<br>
> >> data.<br>
> >><br>
> >> I have tested these patches on x86_64 and s390x architecture
against RHEL6 GA<br>
> >> kernel. The feature supports filtering data from ELF as well
as kdump-compressed<br>
> >> formatted dump.<br>
> >><br>
> >> Please review the patchset and let me know your comments.<br>
> >><br>
> >> Thanks,<br>
> >> -Mahesh.<br>
> > <br>
> > Hi Mahesh,<br>
> > <br>
> > Is there any notation in the filtered ELF kdump or compressed
kdump file<br>
> > that filtering has been done? Given that there may be potential
ramifications<br>
> > in crash utility behavior (or outright failure?), the crash utility
should<br>
> > display a warning message early on during invocation.<br>
> <br>
> Hmm... I did not think about it. I am thinking of following approach:<br>
> <br>
> - Set a bit in dump_level (DL_FILTER_KERNEL_DATA => 0x800) that
will<br>
> denote that filtering has been done.<br>
> - For compressed kdump file we anyway have dump_level available in
kdump<br>
> sub header<br>
> - For ELF kdump, currently we do not have any way to convey dump_level<br>
> info to crash utility (Ken'chi, correct me if I am wrong). How about<br>
> introducing an additional ELF note (NT_DUMP_LEVEL) that will include<br>
> dump_level info.<br>
<br>
On your above approach, a member of support team for analysis cannot<br>
know what symbols are erased.<br>
And he/she will not believe the received dumpfile from a customer site.<br>
<br>
I have one question, do you think it is better not to inform support<br>
team of the erased symbols ?<br>
Is also the list of the erased symbols secret ?<br>
<br>
<br>
Thanks<br>
Ken'ichi Ohmichi<br>
</font></tt>
<br>