Re: [Qemu-devel] virsh dump (qemu guest memory dump?): KASLR enabled linux guest support

[Dave Young]

On 11/09/16 at 03:42pm, Wen Congyang wrote:
> On 11/09/2016 01:02 PM, Dave Young wrote:
> > On 11/09/16 at 11:58am, Wen Congyang wrote:
> >> On 11/09/2016 11:17 AM, Dave Young wrote:
> >>> Drop qiaonuohan, seems the mail address is wrong..
> >>>
> >>> On 11/09/16 at 11:01am, Dave Young wrote:
> >>>> Hi,
> >>>>
> >>>> Latest linux kernel enabled kaslr to randomiz phys/virt memory
> >>>> addresses, we had some effort to support kexec/kdump so that crash
> >>>> utility can still works in case crashed kernel has kaslr enabled.
> >>>>
> >>>> But according to Dave Anderson virsh dump does not work, quoted messages
> >>>> from Dave below:
> >>>>
> >>>> """
> >>>> with virsh dump, there's no way of even knowing that KASLR
> >>>> has randomized the kernel __START_KERNEL_map region, because there is no
> >>>> virtual address information -- e.g., like "SYMBOL(_stext)" in the kdump
> >>>> vmcoreinfo data to compare against the vmlinux file symbol value.
> >>>> Unless virsh dump can export some basic virtual memory data, which
> >>>> they say it can't, I don't see how KASLR can ever be supported.
> >>>> """
> >>>>
> >>>> I assume virsh dump is using qemu guest memory dump facility so it
> >>>> should be first addressed in qemu. Thus post this query to qemu devel
> >>>> list. If this is not correct please let me know.
> >>
> >> IIRC, 'virsh dump --memory-only' uses dump-guest-memory, and 'virsh dump'
> >> uses migration to dump.
> > 
> > Do they need different fixes? Dave, I guess you mean --memory-only, but
> > could you clarify and confirm it?
> > 
> >>
> >> I think I should study kaslr first...
> > 
> > Thanks for taking care of it.
> 
> Can you give me the patch for kexec/kdump. I want to know what I need to do
> for dump-guest-memory.

AFAIK, there are below patches for kexec/kdump userspace:
kexec-tools, git commit:
commit 9f62cbddddfc93d78d9aafbddf3e1208cb242f7b
Author: Thomas Garnier <address@hidden>
Date:   Tue Sep 13 15:10:05 2016 +0800

    kexec/arch/i386: Add support for KASLR memory randomization

Originally Baoquan He posted below patches to export vmcoreinfo for some
kernel fields:
http://lists.infradead.org/pipermail/kexec/2016-September/017191.html
But later it was dropped, we finally do it in userspace with several
makedumpfile patches:
http://lists.infradead.org/pipermail/kexec/2016-October/017540.html
http://lists.infradead.org/pipermail/kexec/2016-October/017539.html
http://lists.infradead.org/pipermail/kexec/2016-October/017541.html

For virsh dumped vmcore it should manage to export some infomation so that
crash utility can use. I would leave Dave to provide more information
what he needs because the goal is userspace utility like crash can
correctly analysis the vmcore. 

> 
> Thanks
> Wen Congyang
> 
> > 
> >>
> >> Thanks
> >> Wen Congyang
> >>
> >>>>
> >>>> Could you qemu dump people make it work? Or we can not support virt dump
> >>>> as long as KASLR being enabled. Latest Fedora kernel has enabled it in 
> >>>> x86_64.
> >>>>
> >>>> Thanks
> >>>> Dave
> >>>
> >>>
> >>>
> >>
> >>
> >>
> > 
> > 
> > .
> > 
> 
> 
>