Re: Help needed in getting kernel dump in QEMU VM
On 11/15/21 at 03:49pm, Dongliang Mu wrote: > On Mon, Nov 15, 2021 at 3:27 PM Baoquan He wrote: > > > > Hi, > > > > On 11/13/21 at 10:40am, Dongliang Mu wrote: > > > Hi all KDUMP maintainers, > > > > > > I would like to generate a kernel dump within QEMU VM. > > > > > > 1. I reproduced the kernel crash [1] in QEMU VM. The QEMU startup > > > script is as follows: > > > > > > qemu-system-x86_64 \ > > > -kernel $KERNEL/arch/x86/boot/bzImage \ > > > -append "console=ttyS0 root=/dev/sda debug earlyprintk=serial > > > slub_debug=QUZ"\ > > > -hda $IMAGE/stretch.img \ > > > -net user,hostfwd=tcp::10021-:22 -net nic \ > > > -enable-kvm \ > > > -nographic \ > > > -m 2G \ > > > -smp 2 \ > > > -pidfile vm.pid \ > > > 2>&1 | tee vm.log > > > > > > The stretch.img is generated by Syzkaller script [1]. -kernel option > > > is convenient for loading any other kernels. > > > > > > 2. As the .config already has the essential > > > configuration(CONFIG_KEXEC, CONFIG_CRASH_DUMP, CONFIG_DEBUG_INFO), I > > > did not change this configuration file. > > > > > > 3. I installed kdump-tools crash kexec-tools makedumpfile > > > linux-image-4.9.0-13-amd64 in the stretch.img. Here I installed > > > linux-image-4.9.0-13-amd64 because there is no default kernel in /boot > > > directory. And to make kdump-tools working, I modify > > > /etc/default/kdump-tools in the following: > > > > > > KDUMP_INITRD=/boot/initrd.img-4.9.0-13-amd64 > > > KDUMP_KERNEL=/boot/vmlinuz-4.9.0-13-amd64 > > > > What distros are you using? Asking this because I am sure you are not > > using Fedora/RHEL OS. The implementation of kdump tools is different in > > each distros, even though the mechanims in kdump code is the same. > > > > I am using Debian stretch as the guest OS. So kdump-tools kexec > makedumpfile is all from Debian. Then I would sugest asking in a Debian/ubuntu forum or mailing list, figure out if the configuration or setting is correct. I never try Debian OS, can't help, sorry. > > > When we try to get help from upstream, considering and asking good question > > is very important for getting quick response and effective help. > > > > Thanks > > Baoquan > > > > > > > > 4. I append "crashkernel=384M-:128M" to the command line in the > > > startup script of QEMU. > > > > > > 5. After rebooting, kdump service can start successfully, and the > > > kdump-config shows: > > > > > > root@syzkaller:~# kdump-config show > > > DUMP_MODE:kdump > > > USE_KDUMP:1 > > > KDUMP_SYSCTL: kernel.panic_on_oops=1 > > > KDUMP_COREDIR:/var/crash > > > crashkernel addr: 0x7700 > > >/boot/vmlinuz-4.9.0-13-amd64 > > > kdump initrd: > > >/boot/initrd.img-4.9.0-13-amd64 > > > current state:ready to kdump > > > > > > kexec command: > > > /sbin/kexec -p --command-line="earlyprintk=serial oops=panic > > > panic_on_warn=1 nmi_watchdog=panic panic=86400 net.ifnames=0 > > > sysctl.kernel.hung_task_all_cpu_backtrace=1 ima_policy=tcb > > > kvm-intel.nested=1 nf-conntrack-ftp.ports=2 > > > nf-conntrack-tftp.ports=2 nf-conntrack-sip.ports=2 > > > nf-conntrack-irc.ports=2 nf-conntrack-sane.ports=2 > > > vivid.n_devs=16 vivid.multiplanar=1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2 > > > netrom.nr_ndevs=16 rose.rose_ndevs=16 spec_store_bypass_disable=prctl > > > numa=fake=2 nopcid dummy_hcd.num=8 binder.debug_mask=0 > > > rcupdate.rcu_expedited=1 root=/dev/sda console=ttyS0 vsyscall=native > > > watchdog_thresh=55 workqueue.watchdog_thresh=140 console=ttyS0 > > > root=/dev/sda debug earlyprintk=serial slub_debug=QUZ irqpoll > > > nr_cpus=1 nousb systemd.unit=kdump-tools.service > > > ata_piix.prefer_ms_hyperv=0" --initrd=/boot/initrd.img-4.9.0-13-amd64 > > > /boot/vmlinuz-4.9.0-13-amd64 > > > > > > 6. When I execute the PoC, the current kernel crashes and then reboots > > > into the dump-capture kernel. However, the kernel log shows, it is in > > > emergency mode, > > > > > > You are in emergency mode. After logging in, type "journalctl -xb" to view > > > system logs, "systemctl reboot" to reboot, "systemctl default" or ^D to > > > try again to boot into default mode. > > > > > > Finally, I would like to ask several questions: > > > 1) is the emergency mode due to the incorrect command line? > > > 2) is this the right way to generate kernel dump from QEMU VM? > > > 3) Any comments on the above procedures? > > > > > > Thanks very much in advance. > > > > > > [1] general protection fault in reiserfs_security_init > > > (https://syzkaller.appspot.com/bug?id=8abaedbdeb32c861dc5340544284167dd0e46cde) > > > > > > [2] https://github.com/google/syzkaller/blob/master/tools/create-image.sh > > > > > > -- > > > My best regards to you. > > > > > > No System Is Safe! > > > Dongliang Mu > > > > > ___ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec
Re: [PATCH v2 09/12] x86/sev: Use AP Jump Table blob to stop CPU
On Mon, Sep 13, 2021 at 05:56:00PM +0200, Joerg Roedel wrote:
> diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
> index 134a7c9d91b6..cd14b6e10f12 100644
> --- a/arch/x86/include/asm/sev.h
> +++ b/arch/x86/include/asm/sev.h
> @@ -81,12 +81,19 @@ static __always_inline void sev_es_nmi_complete(void)
> __sev_es_nmi_complete();
> }
> extern int __init sev_es_efi_map_ghcbs(pgd_t *pgd);
> +void __sev_es_stop_this_cpu(void);
> +static __always_inline void sev_es_stop_this_cpu(void)
What's that for?
IOW, the below seems to build too:
---
diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
index 1f16fc907636..398105580862 100644
--- a/arch/x86/include/asm/sev.h
+++ b/arch/x86/include/asm/sev.h
@@ -87,12 +87,7 @@ extern enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb,
struct es_em_ctxt *ctxt,
u64 exit_code, u64 exit_info_1,
u64 exit_info_2);
-void __sev_es_stop_this_cpu(void);
-static __always_inline void sev_es_stop_this_cpu(void)
-{
- if (static_branch_unlikely(&sev_es_enable_key))
- __sev_es_stop_this_cpu();
-}
+void sev_es_stop_this_cpu(void);
#else
static inline void sev_es_ist_enter(struct pt_regs *regs) { }
static inline void sev_es_ist_exit(void) { }
diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c
index 39378357dc5a..7a74b3273f1a 100644
--- a/arch/x86/kernel/sev.c
+++ b/arch/x86/kernel/sev.c
@@ -694,8 +694,11 @@ void __noreturn sev_jumptable_ap_park(void)
}
STACK_FRAME_NON_STANDARD(sev_jumptable_ap_park);
-void __sev_es_stop_this_cpu(void)
+void sev_es_stop_this_cpu(void)
{
+ if (!static_branch_unlikely(&sev_es_enable_key))
+ return;
+
/* Only park in the AP Jump Table when the code has been installed */
if (!sev_ap_jumptable_blob_installed)
return;
---
And as previously mentioned s/sev_es/sev/ if those are going to be used
on SNP guests too.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
___
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
Re: [PATCH v2] proc/vmcore: fix clearing user buffer by properly using clear_user()
On Fri, 12 Nov 2021 10:27:50 +0100 David Hildenbrand wrote: > To clear a user buffer we cannot simply use memset, we have to use > clear_user(). With a virtio-mem device that registers a vmcore_cb and has > some logically unplugged memory inside an added Linux memory block, I can > easily trigger a BUG by copying the vmcore via "cp": > > ... > > Some x86-64 CPUs have a CPU feature called "Supervisor Mode Access > Prevention (SMAP)", which is used to detect wrong access from the kernel to > user buffers like this: SMAP triggers a permissions violation on wrong > access. In the x86-64 variant of clear_user(), SMAP is properly > handled via clac()+stac(). > > To fix, properly use clear_user() when we're dealing with a user buffer. > I added cc:stable, OK? ___ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec
[PATCH v2 2/2] s390/kexec: fix kmemleak
unreferenced object 0x38000195000 (size 4096):
comm "kexec", pid 8548, jiffies 4294953647 (age 32443.270s)
hex dump (first 32 bytes):
00 00 00 c8 20 00 00 00 00 00 00 c0 02 80 00 00 ...
40 40 40 40 40 40 40 40 00 00 00 00 00 00 00 00
backtrace:
[<11a2f199>] __vmalloc_node_range+0xc0/0x140
[<81fa2752>] vzalloc+0x5a/0x70
[<63a4c92d>] ipl_report_finish+0x2c/0x180
[<553304da>] kexec_file_add_ipl_report+0xf4/0x150
[<862d033f>] kexec_file_add_components+0x124/0x160
[<0d2717bb>] arch_kexec_kernel_image_load+0x62/0x90
[<2e0373b6>] kimage_file_alloc_init+0x1aa/0x2e0
[<60f2d14f>] __do_sys_kexec_file_load+0x17c/0x2c0
[<8c86fe5a>] __s390x_sys_kexec_file_load+0x40/0x50
[<1fdb9dac>] __do_syscall+0x1bc/0x1f0
[<3ee4258d>] system_call+0x78/0xa0
Signed-off-by: Baoquan He
Fixes: 99feaa717e55 ("s390/kexec_file: Create ipl report and pass to next
kernel")
---
arch/s390/include/asm/kexec.h | 7 +++
arch/s390/kernel/machine_kexec_file.c | 9 +
2 files changed, 16 insertions(+)
diff --git a/arch/s390/include/asm/kexec.h b/arch/s390/include/asm/kexec.h
index ea398a05f643..bbe125dd0329 100644
--- a/arch/s390/include/asm/kexec.h
+++ b/arch/s390/include/asm/kexec.h
@@ -74,6 +74,13 @@ void *kexec_file_add_components(struct kimage *image,
int arch_kexec_do_relocs(int r_type, void *loc, unsigned long val,
unsigned long addr);
+#define ARCH_HAS_KIMAGE_ARCH
+
+struct kimage_arch {
+void *ipl_buf;
+};
+
+
extern const struct kexec_file_ops s390_kexec_image_ops;
extern const struct kexec_file_ops s390_kexec_elf_ops;
diff --git a/arch/s390/kernel/machine_kexec_file.c
b/arch/s390/kernel/machine_kexec_file.c
index 17e961975624..7f51837e9bc2 100644
--- a/arch/s390/kernel/machine_kexec_file.c
+++ b/arch/s390/kernel/machine_kexec_file.c
@@ -205,6 +205,7 @@ static int kexec_file_add_ipl_report(struct kimage *image,
return ret;
buf.bufsz = data->report->size;
buf.memsz = buf.bufsz;
+ image->arch.ipl_buf = buf.buffer;
data->memsz += buf.memsz;
@@ -325,3 +326,11 @@ int arch_kexec_apply_relocations_add(struct purgatory_info
*pi,
}
return 0;
}
+
+int arch_kimage_file_post_load_cleanup(struct kimage *image)
+{
+ kvfree(image->arch.ipl_buf);
+ image->arch.ipl_buf = NULL;
+
+ return kexec_image_post_load_cleanup_default(image);
+}
--
2.17.2
___
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
[PATCH v2 1/2] s390/kexec: check the return value of ipl_report_finish
In function ipl_report_finish(), it could fail by memory allocation
failure, so check the return value to handle the case.
Signed-off-by: Baoquan He
---
arch/s390/include/asm/ipl.h | 2 +-
arch/s390/kernel/ipl.c| 6 --
arch/s390/kernel/machine_kexec_file.c | 5 -
3 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/arch/s390/include/asm/ipl.h b/arch/s390/include/asm/ipl.h
index 3f8ee257f9aa..864ab5d2890c 100644
--- a/arch/s390/include/asm/ipl.h
+++ b/arch/s390/include/asm/ipl.h
@@ -122,7 +122,7 @@ struct ipl_report_certificate {
struct kexec_buf;
struct ipl_report *ipl_report_init(struct ipl_parameter_block *ipib);
-void *ipl_report_finish(struct ipl_report *report);
+int ipl_report_finish(struct ipl_report *report, void **ipl_buf);
int ipl_report_free(struct ipl_report *report);
int ipl_report_add_component(struct ipl_report *report, struct kexec_buf *kbuf,
unsigned char flags, unsigned short cert);
diff --git a/arch/s390/kernel/ipl.c b/arch/s390/kernel/ipl.c
index e2cc35775b99..a0af0b23148d 100644
--- a/arch/s390/kernel/ipl.c
+++ b/arch/s390/kernel/ipl.c
@@ -2144,7 +2144,7 @@ struct ipl_report *ipl_report_init(struct
ipl_parameter_block *ipib)
return report;
}
-void *ipl_report_finish(struct ipl_report *report)
+int ipl_report_finish(struct ipl_report *report, void **ipl_buf)
{
struct ipl_report_certificate *cert;
struct ipl_report_component *comp;
@@ -2195,7 +2195,9 @@ void *ipl_report_finish(struct ipl_report *report)
}
BUG_ON(ptr > buf + report->size);
- return buf;
+ *ipl_buf = buf;
+
+ return 0;
}
int ipl_report_free(struct ipl_report *report)
diff --git a/arch/s390/kernel/machine_kexec_file.c
b/arch/s390/kernel/machine_kexec_file.c
index 528edff085d9..17e961975624 100644
--- a/arch/s390/kernel/machine_kexec_file.c
+++ b/arch/s390/kernel/machine_kexec_file.c
@@ -170,6 +170,7 @@ static int kexec_file_add_ipl_report(struct kimage *image,
struct kexec_buf buf;
unsigned long addr;
void *ptr, *end;
+ int ret;
buf.image = image;
@@ -199,7 +200,9 @@ static int kexec_file_add_ipl_report(struct kimage *image,
ptr += len;
}
- buf.buffer = ipl_report_finish(data->report);
+ ret = ipl_report_finish(data->report, &buf.buffer);
+ if (ret)
+ return ret;
buf.bufsz = data->report->size;
buf.memsz = buf.bufsz;
--
2.17.2
___
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
[PATCH v2 RESEND 2/2] s390/kexec: fix memory leak of ipl report buffer
unreferenced object 0x38000195000 (size 4096):
comm "kexec", pid 8548, jiffies 4294953647 (age 32443.270s)
hex dump (first 32 bytes):
00 00 00 c8 20 00 00 00 00 00 00 c0 02 80 00 00 ...
40 40 40 40 40 40 40 40 00 00 00 00 00 00 00 00
backtrace:
[<11a2f199>] __vmalloc_node_range+0xc0/0x140
[<81fa2752>] vzalloc+0x5a/0x70
[<63a4c92d>] ipl_report_finish+0x2c/0x180
[<553304da>] kexec_file_add_ipl_report+0xf4/0x150
[<862d033f>] kexec_file_add_components+0x124/0x160
[<0d2717bb>] arch_kexec_kernel_image_load+0x62/0x90
[<2e0373b6>] kimage_file_alloc_init+0x1aa/0x2e0
[<60f2d14f>] __do_sys_kexec_file_load+0x17c/0x2c0
[<8c86fe5a>] __s390x_sys_kexec_file_load+0x40/0x50
[<1fdb9dac>] __do_syscall+0x1bc/0x1f0
[<3ee4258d>] system_call+0x78/0xa0
Signed-off-by: Baoquan He
Fixes: 99feaa717e55 ("s390/kexec_file: Create ipl report and pass to next
kernel")
---
RESEND:
Fix the incorrect subject.
arch/s390/include/asm/kexec.h | 7 +++
arch/s390/kernel/machine_kexec_file.c | 9 +
2 files changed, 16 insertions(+)
diff --git a/arch/s390/include/asm/kexec.h b/arch/s390/include/asm/kexec.h
index ea398a05f643..bbe125dd0329 100644
--- a/arch/s390/include/asm/kexec.h
+++ b/arch/s390/include/asm/kexec.h
@@ -74,6 +74,13 @@ void *kexec_file_add_components(struct kimage *image,
int arch_kexec_do_relocs(int r_type, void *loc, unsigned long val,
unsigned long addr);
+#define ARCH_HAS_KIMAGE_ARCH
+
+struct kimage_arch {
+void *ipl_buf;
+};
+
+
extern const struct kexec_file_ops s390_kexec_image_ops;
extern const struct kexec_file_ops s390_kexec_elf_ops;
diff --git a/arch/s390/kernel/machine_kexec_file.c
b/arch/s390/kernel/machine_kexec_file.c
index 17e961975624..7f51837e9bc2 100644
--- a/arch/s390/kernel/machine_kexec_file.c
+++ b/arch/s390/kernel/machine_kexec_file.c
@@ -205,6 +205,7 @@ static int kexec_file_add_ipl_report(struct kimage *image,
return ret;
buf.bufsz = data->report->size;
buf.memsz = buf.bufsz;
+ image->arch.ipl_buf = buf.buffer;
data->memsz += buf.memsz;
@@ -325,3 +326,11 @@ int arch_kexec_apply_relocations_add(struct purgatory_info
*pi,
}
return 0;
}
+
+int arch_kimage_file_post_load_cleanup(struct kimage *image)
+{
+ kvfree(image->arch.ipl_buf);
+ image->arch.ipl_buf = NULL;
+
+ return kexec_image_post_load_cleanup_default(image);
+}
--
2.17.2
___
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
