• Xunlei Pang's avatar
    kdump: protect vmcoreinfo data under the crash memory · 1229384f
    Xunlei Pang authored
    Currently vmcoreinfo data is updated at boot time subsys_initcall(), it
    has the risk of being modified by some wrong code during system is
    running.
    
    As a result, vmcore dumped may contain the wrong vmcoreinfo.  Later on,
    when using "crash", "makedumpfile", etc utility to parse this vmcore, we
    probably will get "Segmentation fault" or other unexpected errors.
    
    E.g.  1) wrong code overwrites vmcoreinfo_data; 2) further crashes the
    system; 3) trigger kdump, then we obviously will fail to recognize the
    crash context correctly due to the corrupted vmcoreinfo.
    
    Now except for vmcoreinfo, all the crash data is well
    protected(including the cpu note which is fully updated in the crash
    path, thus its correctness is guaranteed).  Given that vmcoreinfo data
    is a large chunk prepared for kdump, we better protect it as well.
    
    To solve this, we relocate and copy vmcoreinfo_data to the crash memory
    when kdump is loading via kexec syscalls.  Because the whole crash
    memory will be protected by existing arch_kexec_protect_crashkres()
    mechanism, we naturally protect vmcoreinfo_data from write(even read)
    access under kernel direct mapping after kdump is loaded.
    
    Since kdump is usually loaded at the very early stage after boot, we can
    trust the correctness of the vmcoreinfo data copied.
    
    On the other hand, we still need to operate the vmcoreinfo safe copy
    when crash happens to generate vmcoreinfo_note again, we rely on vmap()
    to map out a new kernel virtual address and update to use this new one
    instead in the following crash_save_vmcoreinfo().
    
    BTW, we do not touch vmcoreinfo_note, because it will be fully updated
    using the protected vmcoreinfo_data after crash which is surely correct
    just like the cpu crash note.
    
    Link: http://lkml.kernel.org/r/1493281021-20737-3-git-send-email-xlpang@redhat.comSigned-off-by: default avatarXunlei Pang <xlpang@redhat.com>
    Tested-by: default avatarMichael Holzheu <holzheu@linux.vnet.ibm.com>
    Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
    Cc: Dave Young <dyoung@redhat.com>
    Cc: Eric Biederman <ebiederm@xmission.com>
    Cc: Hari Bathini <hbathini@linux.vnet.ibm.com>
    Cc: Juergen Gross <jgross@suse.com>
    Cc: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    1229384f
kexec.c 7.01 KB