Bug 1555268

Summary: [RFE] Kernel address space layout randomization [KASLR] support
Product: Red Hat Enterprise Virtualization Manager Reporter: Jaroslav Suchanek <jsuchane>
Component: ovirt-engineAssignee: Michal Skrivanek <michal.skrivanek>
Status: CLOSED ERRATA QA Contact: Israel Pinto <ipinto>
Severity: high Docs Contact:
Priority: medium    
Version: unspecifiedCC: ahadas, anderson, apinnick, areis, arozansk, berrange, bhe, chayang, chorn, cye, danken, drjones, dyuan, fj-lsoft-kernel-it, fj-lsoft-rh-dump, herbert.xu, ipinto, jherrman, jpoimboe, jsuchane, juzhang, lersek, lsurette, lwang, marcandre.lureau, michal.skrivanek, mkalinin, mkletzan, mtessun, pasik, pmatouse, ratamir, rbalakri, Rhev-m-bugs, ruyang, srevivo, tcarlin, tony, tumeya, xuzhang, yafu, ycui, ykaul, zpeng
Target Milestone: ovirt-4.2.3Keywords: FutureFeature, OtherQA
Target Release: ---Flags: ipinto: testing_plan_complete+
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: rhv-4.2.3-2 Doc Type: Enhancement
Doc Text:
Previously, Red Hat Enterprise Linux kernels had kernel address space layout randomization enabled by default. This feature prevented trouble-shooting and analysis of the guest's memory dumps. In the current feature, "vmcoreinfo" is enabled for all Linux guests. It allows a compatible kernel to export the debugging information so that the memory image can be analyzed.
 Story Points: ---
Clone Of: 1395248
: 1568461 1568736 (view as bug list) Environment:
Last Closed: 2018-05-15 17:48:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Virt RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1290840, 1395248, 1398633, 1411490, 1424943, 1493125, 1519748, 1555276    
Bug Blocks: 1288169, 1298243, 1317091, 1469590, 1522983, 1568461, 1568736    

Description Jaroslav Suchanek 2018-03-14 11:14:59 UTC 
+++ This bug was initially created as a clone of Bug #1395248 +++

Patches are ready for most components, but we need a solution virsh dump when KVM guests have KASLR enabled.

The discussion upstream appears to be converging to a qemu-guest-agent solution for now: http://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg01618.html

+++ This bug was initially created as a clone of Bug #1290840 +++

Description of problem:
Kernel Address Space Randomization [KASLR] allows to randomize the physical and virtual address at which the kernel image is decompressed, as a security feature that deters exploit attempts relying on knowledge of the location of kernel internals. 

The feature has been described in LWN article:
https://lwn.net/Articles/569635/

With upstream patchsets of:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e8236c4d9338d52d0f2fcecc0b792ac0542e4ee9

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=da2b6fb990cf782b18952f534ec7323453bc4fc9

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a653f3563c51c7bb7de63d607bef09d3baddaeb8

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5bfce5ef55cbe78ee2ee6e97f2e26a8a582008f3

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6145cfe394a7f138f6b64491c5663f97dba12450

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19259943f0954dcd1817f94776376bf51c6a46d5

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f32360ef6608434a032dc7ad262d45e9693c27f3

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ab3820fd5b2896d66da7bb2a906bc382e63e7bc

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=82fa9637a2ba285bcc7c5050c73010b2c1b3d803

Version-Release number of selected component (if applicable):
went upstream in 3.14


Additional info:

https://lwn.net/Articles/569635/

--- Additional comment from Jaroslav Suchanek on 2017-11-22 15:16:58 CET ---

Fixed upstream:

commit 7e4177a35bae49a53b04940be04418daaa988734
Author:     Marc-André Lureau <marcandre.lureau>
AuthorDate: Thu Nov 16 17:49:38 2017 +0100
Commit:     Martin Kletzander <mkletzan>
CommitDate: Sat Nov 18 10:45:10 2017 +0100

    qemu: add vmcoreinfo support
    
    Starting from qemu 2.11, the `-device vmcoreinfo` will create a fw_cfg
    entry for a guest to store dump details, necessary to process kernel
    dump with KASLR enabled and providing additional kernel details.
    
    In essence, it is similar to -fw_cfg name=etc/vmcoreinfo,file=X but in
    this case it is not backed by a file, but collected by QEMU itself.
    
    Since the device is a singleton and shouldn't use additional hardware
    resources, it is presented as a <feature> element in the libvirt
    domain XML.
    
    The device is arm/x86 only for now (targets that support fw_cfg+dma).
    
    Related to:
    https://bugzilla.redhat.com/show_bug.cgi?id=1395248
    
    Signed-off-by: Marc-André Lureau <marcandre.lureau>
Comment 1 Dan Kenigsberg 2018-03-14 11:21:21 UTC 
Starting RHV-4.2, libvirt domxml is built centrally by Engine.
Suggesting to fix this for GA.
Comment 2 Michal Skrivanek 2018-03-15 07:49:25 UTC 
do we use virsh dump anywhere? in logcollector perhaps?
Comment 4 Raz Tamir 2018-04-27 10:09:44 UTC 
Israel,

Can you please ack or nack this?
Comment 5 Dan Kenigsberg 2018-04-29 15:00:26 UTC 
(In reply to Michal Skrivanek from comment #2)
> do we use virsh dump anywhere? in logcollector perhaps?

virsh is not mentioned in ovirt-log-collector, nor its vdsm plugin.
Comment 6 Michal Skrivanek 2018-04-29 17:02:55 UTC 
adding back needinfo on ipinto

this is already present in latest build
Comment 7 Israel Pinto 2018-05-01 11:13:39 UTC 
Verify with:
Software Version:4.2.3.3-0.1.el7


https://polarion.engineering.redhat.com/polarion/#/project/RHEVM3/testrun?id=1-1&tab=records&result=passed
Comment 11 errata-xmlrpc 2018-05-15 17:48:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:1488
Comment 12 Franta Kust 2019-05-16 13:06:28 UTC 
BZ<2>Jira Resync