Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1398633

Summary:	[RFE] Kernel address space layout randomization [KASLR] support (qemu-kvm-rhev)
Product:	Red Hat Enterprise Linux 7	Reporter:	Ademar Reis <areis>
Component:	qemu-kvm-rhev	Assignee:	Marc-Andre Lureau <marcandre.lureau>
Status:	CLOSED ERRATA	QA Contact:	cliao <cliao>
Severity:	high	Docs Contact:
Priority:	medium
Version:	7.3	CC:	anderson, arozansk, berrange, bhe, chayang, cliao, coli, cye, drjones, hachen, herbert.xu, jinzhao, jpoimboe, juzhang, knoel, lersek, libvirt-maint, lmiksik, lwang, marcandre.lureau, michen, mrezanin, mtessun, ngu, pingl, pmatouse, rbalakri, ruyang, virt-bugs, yafu, yilzhang, yuhuang, zhguo
Target Milestone:	rc	Keywords:	FutureFeature
Target Release:	7.5
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	qemu-kvm-rhev-2.10.0-20.el7	Doc Type:	Enhancement
Doc Text:		Story Points:	---
Clone Of:	1395248
Clones:	1411490 1493125 (view as bug list)		Environment:
Last Closed:	2018-04-11 00:12:33 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	1290840, 1424943, 1540836
Bug Blocks:	1288169, 1395248, 1411490, 1419537, 1469590, 1484340, 1493125, 1517775, 1519748, 1555268, 1555276, 1568461, 1568736

Description Ademar Reis 2016-11-25 12:38:53 UTC

QEMU clone for the implementation of this feature. There's no consensus yet on how this part should be implemented (guest agent, acpi hook that sends this via qemu monitor, virtio-pstore?)

+++ This bug was initially created as a clone of Bug #1395248 +++

Patches are ready for most components, but we need a solution virsh dump when KVM guests have KASLR enabled.

The discussion upstream appears to be converging to a qemu-guest-agent solution for now: http://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg01618.html

+++ This bug was initially created as a clone of Bug #1290840 +++

Description of problem:
Kernel Address Space Randomization [KASLR] allows to randomize the physical and virtual address at which the kernel image is decompressed, as a security feature that deters exploit attempts relying on knowledge of the location of kernel internals. 

The feature has been described in LWN article:
https://lwn.net/Articles/569635/

With upstream patchsets of:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e8236c4d9338d52d0f2fcecc0b792ac0542e4ee9

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=da2b6fb990cf782b18952f534ec7323453bc4fc9

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a653f3563c51c7bb7de63d607bef09d3baddaeb8

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5bfce5ef55cbe78ee2ee6e97f2e26a8a582008f3

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6145cfe394a7f138f6b64491c5663f97dba12450

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19259943f0954dcd1817f94776376bf51c6a46d5

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f32360ef6608434a032dc7ad262d45e9693c27f3

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ab3820fd5b2896d66da7bb2a906bc382e63e7bc

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=82fa9637a2ba285bcc7c5050c73010b2c1b3d803

Version-Release number of selected component (if applicable):
went upstream in 3.14


Additional info:

https://lwn.net/Articles/569635/

--- Additional comment from Baoquan He on 2016-06-22 00:13:24 BRT ---


Hi,

Currently kernel text mapping separate randomization has been through several rounds. The latest one is v9 to address the last part of actual work as below:

https://lkml.org/lkml/2016/5/25/687
Now the status is Ingo has added them into tip-bot tree for testing.

Then Thomas Garnier from google raised another aslr realted issue: memory area address randomizatiuon. Ingo accepted the idea, and is reviewing the patchset.

[PATCH v7 0/9] x86/mm: memory area address KASLR
http://www.gossamer-threads.com/lists/linux/kernel/2467722

It could be merged into v4.8.

Just update the progress here for reference.

Thanks
Baoquan

--- Additional comment from Baoquan He on 2016-07-27 23:50:51 BRT ---

Separating kernel image virtual address randomization from physical address randomization and extending kernel physical address randomization to be above 4G; 

Randomize kernel memory regions;

Both of these two new features have been merged into Linus's tree.

90397a4 x86/mm: Add memory hotplug support for KASLR memory randomization
a95ae27 x86/mm: Enable KASLR for vmalloc memory regions
021182e x86/mm: Enable KASLR for physical mapping memory regions
0483e1f x86/mm: Implement ASLR for kernel memory regions
d899a7d x86/mm: Refactor KASLR entropy functions
6daa2ec x86/KASLR: Fix boot crash with certain memory configurations
e066cc4 x86/KASLR: Allow randomization below the load address
ed9f007 x86/KASLR: Extend kernel image physical address randomization to addresses larger than 4G
8391c73 x86/KASLR: Randomize virtual address separately
11fdf97 x86/KASLR: Clarify identity map interface
65fe935 x86/KASLR, x86/power: Remove x86 hibernation restrictions
d2d3462 x86/KASLR: Clarify purpose of each get_random_long()
071a749 x86/KASLR: Add virtual address choosing function
06486d6 x86/KASLR: Return earliest overlap when avoiding regions
c401cf1 x86/KASLR: Add 'struct slot_area' to manage random_addr slots
434a6c9 x86/KASLR: Initialize mapping_info every time
3a94707 x86/KASLR: Build identity mappings on demand
ed09acd x86/KASLR: Improve comments around the mem_avoid[] logic
549f90d x86/boot: Simplify pointer casting in choose_random_location()
9dc1969 x86/KASLR: Consolidate mem_avoid[] entries
4d2d542 x86/KASLR: Clean up unused code from old 'run_size' and rename it to 'kernel_total_size'
6f9af75 x86/KASLR: Handle kernel relocations above 2G correctly
0f8ede1b x86/KASLR: Warn when KASLR is disabled
e8581e3 x86/KASLR: Drop CONFIG_RANDOMIZE_BASE_MAX_OFFSET
4252db1 x86/KASLR: Update description for decompressor worst case size
9016875 x86/KASLR: Rename "random" to "random_addr"
7de828d x86/KASLR: Clarify purpose of kaslr.c
206f25a x86/KASLR: Remove unneeded boot_params argument
9b23874 x86/KASLR: Rename aslr.c to kaslr.c

--- Additional comment from Dave Young on 2016-11-10 00:09:55 BRST ---

Memo:
userspace support status:
Kexec/kdump: 
 kernel: ready
 kexec-tools: ready
 makedumpfile: patches are ready. will be in makedumpfile 1.6.1
 crash: ready

Systemtap:
 Per systemtap maintainer, it is ready

Kpatch:
 Kpatch team can do it after kernel backport, opened a bug

Crash:
 kdump is ready
 virsh dump is not ready
 dyoung: opened an upstream thread:
 http://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg01618.html

So we need monitor and wait for virsh dump in qemu upstream before enabling the kernel kaslr.

--- Additional comment from Ademar Reis on 2016-11-25 10:22:54 BRST ---

The upstream discussion appears to have converged around the idea that an initial implementation could be made via the guest-agent.

The guest-agent part shold be relatively trivial to implement, so maybe could be implemented by the same developer working on the libvirt feature.

--- Additional comment from Daniel Berrange on 2016-11-25 10:26:27 BRST ---

FYI, from libvirt POV, I am *not* in favour of using guest agent for it - IMHO there should be a mechanism to feed this data back to the host via the core platform without requiring running special processes - perhaps something in an ACPI hook that can be exposed via the monitor, so that it is available from the very moment the kernel boots and configures KASLR, instead of only some arbitrary time later.

Comment 3 Ademar Reis 2017-05-04 02:44:05 UTC

*** Bug 1447210 has been marked as a duplicate of this bug. ***

Comment 6 Guo, Zhiyi 2017-09-28 03:09:43 UTC

Hi Nini,

   This may help you: https://lists.gnu.org/archive/html/qemu-devel/2017-09/msg02657.html. Thanks for Marc-Andre's point.

BR/
Guo, Zhiyi

Comment 7 Gu Nini 2017-09-28 09:18:33 UTC

(In reply to Guo, Zhiyi from comment #6)

Zhiyi,

Get it. Thanks for the info.

Comment 8 Gu Nini 2017-11-08 05:52:58 UTC

*** Bug 1507740 has been marked as a duplicate of this bug. ***

Comment 12 Miroslav Rezanina 2017-11-30 16:52:25 UTC

Fix included in qemu-kvm-rhev-2.10.0-10.el7

Comment 14 cliao 2017-12-01 07:40:42 UTC

test result:

version:
host kernel: kernel-3.10.0-799.el7.x86_64
guest kernel: kernel-3.10.0-799.el7.x86_64
qemu: qemu-kvm-rhev-2.10.0-10.el7

step:
1.boot guest:
/usr/libexec/qemu-kvm  \
                -m 1024 \
                -smp 1 \
                -vnc :0 \
                -name guest=test5-4,debug-threads=on \
                -boot menu=on \
                -device virtio-scsi-pci,bus=pci.0,addr=0x5,id=scsi0 \
                -drive file=/home/image/rhel75-64-virtio-scsi.raw,format=raw,if=none,id=drive-scsi0-0-0-0 \
                -device scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0,bootindex=1 \
                -device virtio-net-pci,mac=9a:70:71:72:74:73,id=idIBZSw2,vectors=4,netdev=idHrhHM9,bus=pci.0,addr=06,bootindex=2 \
                -netdev tap,id=idHrhHM9,vhost=on \
                -device vmcoreinfo \
                -monitor stdio -qmp tcp:0:4444,server


2.
#{ "execute": "qmp_capabilities" }
{"return": {}}
{"execute": "dump-guest-memory", "arguments": { "paging": false, "protocol": "file:/home/dump.normal"}}
{"timestamp": {"seconds": 1512108151, "microseconds": 843955}, "event": "STOP"}
{"timestamp": {"seconds": 1512108152, "microseconds": 651379}, "event": "DUMP_COMPLETED", "data": {"result": {"total": 1090715648, "status": "completed", "completed": 1090715648}}}
{"timestamp": {"seconds": 1512108152, "microseconds": 651782}, "event": "RESUME"}
{"return": {}}
#{"execute":"query-dump-guest-memory-capability"}
#{"return": {"formats": ["elf", "kdump-zlib", "kdump-lzo", "kdump-snappy"]}}
{"execute": "dump-guest-memory", "arguments": { "paging": false, "protocol": "file:/home/dump.elf", "format": "elf"}}
{"timestamp": {"seconds": 1512108185, "microseconds": 241082}, "event": "STOP"}
{"timestamp": {"seconds": 1512108186, "microseconds": 92823}, "event": "DUMP_COMPLETED", "data": {"result": {"total": 1090715648, "status": "completed", "completed": 1090715648}}}
{"timestamp": {"seconds": 1512108186, "microseconds": 93191}, "event": "RESUME"}
{"return": {}}
#{"execute": "dump-guest-memory", "arguments": { "paging": false, "protocol": "file:/home/dump.zlib", "format": "kdump-zlib"}}
{"timestamp": {"seconds": 1512108229, "microseconds": 170590}, "event": "STOP"}
{"timestamp": {"seconds": 1512108245, "microseconds": 361914}, "event": "DUMP_COMPLETED", "data": {"result": {"total": 1090715648, "status": "completed", "completed": 1090715648}}}
{"timestamp": {"seconds": 1512108245, "microseconds": 362320}, "event": "RESUME"}
{"return": {}}
#{"execute": "dump-guest-memory", "arguments": { "paging": false, "protocol": "file:/home/dump.lzo", "format": "kdump-lzo"}}
{"timestamp": {"seconds": 1512108615, "microseconds": 399338}, "event": "STOP"}
{"timestamp": {"seconds": 1512108617, "microseconds": 648353}, "event": "DUMP_COMPLETED", "data": {"result": {"total": 1090715648, "status": "completed", "completed": 1090715648}}}
{"timestamp": {"seconds": 1512108617, "microseconds": 648749}, "event": "RESUME"}
{"return": {}}

3.result:
3.1 crash:
crash /usr/lib/debug/lib/modules/3.10.0-799.el7.x86_64/vmlinux dump.elf 

crash 7.2.0-1.el7
Copyright (C) 2002-2017  Red Hat, Inc.
Copyright (C) 2004, 2005, 2006, 2010  IBM Corporation
Copyright (C) 1999-2006  Hewlett-Packard Co
Copyright (C) 2005, 2006, 2011, 2012  Fujitsu Limited
Copyright (C) 2006, 2007  VA Linux Systems Japan K.K.
Copyright (C) 2005, 2011  NEC Corporation
Copyright (C) 1999, 2002, 2007  Silicon Graphics, Inc.
Copyright (C) 1999, 2000, 2001, 2002  Mission Critical Linux, Inc.
This program is free software, covered by the GNU General Public License,
and you are welcome to change it and/or distribute copies of it under
certain conditions.  Enter "help copying" to see the conditions.
This program has absolutely no warranty.  Enter "help warranty" for details.
 
WARNING: cannot determine physical base address: defaulting to 0

GNU gdb (GDB) 7.6
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu"...

WARNING: failed to init kexec backup region
WARNING: cannot read linux_banner string
crash: /usr/lib/debug/lib/modules/3.10.0-799.el7.x86_64/vmlinux and dump.elf do not match!

Usage:

  crash [OPTION]... NAMELIST MEMORY-IMAGE[@ADDRESS]	(dumpfile form)
  crash [OPTION]... [NAMELIST]             		(live system form)

Enter "crash -h" for details.

3.2 gdb use dump-guest-memory.py
 gdb /var/core.2043-0-0-11-1512111124-hp-z420-01.qe.lab.eng.nay.redhat.com-qemu-kvm
(gdb) source /usr/share/qemu-kvm/dump-guest-memory.py
(gdb) set height 0
(gdb) dump-guest-memory /home/vmcore1 X86_64
guest RAM blocks:
target_start     target_end       host_addr        message count
---------------- ---------------- ---------------- ------- -----
0000000000000000 00000000000a0000 00007f04e5200000 added       1
00000000000a0000 00000000000b0000 00007f04e3c00000 added       2
00000000000c0000 00000000000ca000 00007f04e52c0000 added       3
00000000000ca000 00000000000cd000 00007f04e52ca000 joined      3
00000000000cd000 00000000000e8000 00007f04e52cd000 joined      3
00000000000e8000 00000000000f0000 00007f04e52e8000 joined      3
00000000000f0000 0000000000100000 00007f04e52f0000 joined      3
0000000000100000 0000000040000000 00007f04e5300000 joined      3
00000000fd000000 00000000fe000000 00007f04e3c00000 added       4
00000000fffc0000 0000000100000000 00007f04e5000000 added       5
Python Exception <class 'gdb.error'> No symbol "vmcoreinfo_find" in current context.: 
Error occurred in Python command: No symbol "vmcoreinfo_find" in current context.
(gdb)



but crash can work when guest kernel add "nokaslr".

Comment 15 Marc-Andre Lureau 2017-12-01 11:50:25 UTC

(In reply to cliao from comment #14)
> test result:
> 
> version:
> host kernel: kernel-3.10.0-799.el7.x86_64
> guest kernel: kernel-3.10.0-799.el7.x86_64
> qemu: qemu-kvm-rhev-2.10.0-10.el7
> 
> step:
> 1.boot guest:
> /usr/libexec/qemu-kvm  \
>                 -m 1024 \
>                 -smp 1 \
>                 -vnc :0 \
>                 -name guest=test5-4,debug-threads=on \
>                 -boot menu=on \
>                 -device virtio-scsi-pci,bus=pci.0,addr=0x5,id=scsi0 \
>                 -drive
> file=/home/image/rhel75-64-virtio-scsi.raw,format=raw,if=none,id=drive-scsi0-
> 0-0-0 \
>                 -device
> scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,
> id=scsi0-0-0-0,bootindex=1 \
>                 -device
> virtio-net-pci,mac=9a:70:71:72:74:73,id=idIBZSw2,vectors=4,netdev=idHrhHM9,
> bus=pci.0,addr=06,bootindex=2 \
>                 -netdev tap,id=idHrhHM9,vhost=on \
>                 -device vmcoreinfo \
>                 -monitor stdio -qmp tcp:0:4444,server
> 
> 
> 2.
> #{ "execute": "qmp_capabilities" }
> {"return": {}}
> {"execute": "dump-guest-memory", "arguments": { "paging": false, "protocol":
> "file:/home/dump.normal"}}
> {"timestamp": {"seconds": 1512108151, "microseconds": 843955}, "event":
> "STOP"}
> {"timestamp": {"seconds": 1512108152, "microseconds": 651379}, "event":
> "DUMP_COMPLETED", "data": {"result": {"total": 1090715648, "status":
> "completed", "completed": 1090715648}}}
> {"timestamp": {"seconds": 1512108152, "microseconds": 651782}, "event":
> "RESUME"}
> {"return": {}}
> #{"execute":"query-dump-guest-memory-capability"}
> #{"return": {"formats": ["elf", "kdump-zlib", "kdump-lzo", "kdump-snappy"]}}
> {"execute": "dump-guest-memory", "arguments": { "paging": false, "protocol":
> "file:/home/dump.elf", "format": "elf"}}
> {"timestamp": {"seconds": 1512108185, "microseconds": 241082}, "event":
> "STOP"}
> {"timestamp": {"seconds": 1512108186, "microseconds": 92823}, "event":
> "DUMP_COMPLETED", "data": {"result": {"total": 1090715648, "status":
> "completed", "completed": 1090715648}}}
> {"timestamp": {"seconds": 1512108186, "microseconds": 93191}, "event":
> "RESUME"}
> {"return": {}}
> #{"execute": "dump-guest-memory", "arguments": { "paging": false,
> "protocol": "file:/home/dump.zlib", "format": "kdump-zlib"}}
> {"timestamp": {"seconds": 1512108229, "microseconds": 170590}, "event":
> "STOP"}
> {"timestamp": {"seconds": 1512108245, "microseconds": 361914}, "event":
> "DUMP_COMPLETED", "data": {"result": {"total": 1090715648, "status":
> "completed", "completed": 1090715648}}}
> {"timestamp": {"seconds": 1512108245, "microseconds": 362320}, "event":
> "RESUME"}
> {"return": {}}
> #{"execute": "dump-guest-memory", "arguments": { "paging": false,
> "protocol": "file:/home/dump.lzo", "format": "kdump-lzo"}}
> {"timestamp": {"seconds": 1512108615, "microseconds": 399338}, "event":
> "STOP"}
> {"timestamp": {"seconds": 1512108617, "microseconds": 648353}, "event":
> "DUMP_COMPLETED", "data": {"result": {"total": 1090715648, "status":
> "completed", "completed": 1090715648}}}
> {"timestamp": {"seconds": 1512108617, "microseconds": 648749}, "event":
> "RESUME"}
> {"return": {}}
> 
> 3.result:
> 3.1 crash:
> crash /usr/lib/debug/lib/modules/3.10.0-799.el7.x86_64/vmlinux dump.elf 
> 
> crash 7.2.0-1.el7
> Copyright (C) 2002-2017  Red Hat, Inc.
> Copyright (C) 2004, 2005, 2006, 2010  IBM Corporation
> Copyright (C) 1999-2006  Hewlett-Packard Co
> Copyright (C) 2005, 2006, 2011, 2012  Fujitsu Limited
> Copyright (C) 2006, 2007  VA Linux Systems Japan K.K.
> Copyright (C) 2005, 2011  NEC Corporation
> Copyright (C) 1999, 2002, 2007  Silicon Graphics, Inc.
> Copyright (C) 1999, 2000, 2001, 2002  Mission Critical Linux, Inc.
> This program is free software, covered by the GNU General Public License,
> and you are welcome to change it and/or distribute copies of it under
> certain conditions.  Enter "help copying" to see the conditions.
> This program has absolutely no warranty.  Enter "help warranty" for details.
>  
> WARNING: cannot determine physical base address: defaulting to 0
> 
> GNU gdb (GDB) 7.6
> Copyright (C) 2013 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-unknown-linux-gnu"...
> 
> WARNING: failed to init kexec backup region
> WARNING: cannot read linux_banner string
> crash: /usr/lib/debug/lib/modules/3.10.0-799.el7.x86_64/vmlinux and dump.elf
> do not match!

This also depends on kernel support, bug 1493125.

> 
> Usage:
> 
>   crash [OPTION]... NAMELIST MEMORY-IMAGE[@ADDRESS]	(dumpfile form)
>   crash [OPTION]... [NAMELIST]             		(live system form)
> 
> Enter "crash -h" for details.
> 
> 3.2 gdb use dump-guest-memory.py
>  gdb
> /var/core.2043-0-0-11-1512111124-hp-z420-01.qe.lab.eng.nay.redhat.com-qemu-
> kvm
> (gdb) source /usr/share/qemu-kvm/dump-guest-memory.py
> (gdb) set height 0
> (gdb) dump-guest-memory /home/vmcore1 X86_64
> guest RAM blocks:
> target_start     target_end       host_addr        message count
> ---------------- ---------------- ---------------- ------- -----
> 0000000000000000 00000000000a0000 00007f04e5200000 added       1
> 00000000000a0000 00000000000b0000 00007f04e3c00000 added       2
> 00000000000c0000 00000000000ca000 00007f04e52c0000 added       3
> 00000000000ca000 00000000000cd000 00007f04e52ca000 joined      3
> 00000000000cd000 00000000000e8000 00007f04e52cd000 joined      3
> 00000000000e8000 00000000000f0000 00007f04e52e8000 joined      3
> 00000000000f0000 0000000000100000 00007f04e52f0000 joined      3
> 0000000000100000 0000000040000000 00007f04e5300000 joined      3
> 00000000fd000000 00000000fe000000 00007f04e3c00000 added       4
> 00000000fffc0000 0000000100000000 00007f04e5000000 added       5
> Python Exception <class 'gdb.error'> No symbol "vmcoreinfo_find" in current
> context.: 
> Error occurred in Python command: No symbol "vmcoreinfo_find" in current
> context.
> (gdb)
> 
>

Good catch, I sent a patch on qemu ML for that:
[PATCH] dump-guest-memory.py: fix No symbol "vmcoreinfo_find"

Comment 17 Miroslav Rezanina 2017-12-11 09:44:24 UTC

Fix included in qemu-kvm-rhev-2.10.0-12.el7

Comment 18 cliao 2017-12-12 02:46:03 UTC

test result:
host kernel: kernel-3.10.0-799.el7.x86_64
guest kernel: kernel-3.10.0-799.el7.x86_64
qemu: qemu-kvm-rhev-2.10.0-12.el7

steps:
gdb use dump-guest-memory.py
 gdb core.14130-0-0-11-1513045734-hp-z220-01.qe.lab.eng.nay.redhat.com-qemu-kvm 
(gdb) source /usr/share/qemu-kvm/dump-guest-memory.py
(gdb)  set height 0
(gdb)  dump-guest-memory /tmp/vmcore X86_64
guest RAM blocks:
target_start     target_end       host_addr        message count
---------------- ---------------- ---------------- ------- -----
0000000000000000 00000000000a0000 00007f7935800000 added       1
00000000000a0000 00000000000b0000 00007f7934200000 added       2
00000000000c0000 00000000000ca000 00007f79358c0000 added       3
00000000000ca000 00000000000cd000 00007f79358ca000 joined      3
00000000000cd000 00000000000e8000 00007f79358cd000 joined      3
00000000000e8000 00000000000f0000 00007f79358e8000 joined      3
00000000000f0000 0000000000100000 00007f79358f0000 joined      3
0000000000100000 0000000080000000 00007f7935900000 joined      3
00000000fd000000 00000000fe000000 00007f7934200000 added       4
00000000fffc0000 0000000100000000 00007f7935600000 added       5
Python Exception <class 'gdb.error'> You can't do that without a process to debug.: 
Error occurred in Python command: You can't do that without a process to debug.
(gdb) q

Comment 19 cliao 2017-12-12 10:04:00 UTC

hi Marcandre:

   I can not get the vmcore file when use dump-guest-memory.py.
   
   BTW, since kernel not support KASLR. If I will wait for kernel bug fix then verify qemu-kvm-rhev

thanks,
cliao

Comment 21 Marc-Andre Lureau 2017-12-12 16:36:33 UTC

sent:

[PATCH] dump-guest-memory.py: fix "You can't do that without a process to debug"

for upstream, we will need to backport it.

Comment 25 Miroslav Rezanina 2018-01-16 13:42:18 UTC

Fix included in qemu-kvm-rhev-2.10.0-17.el7

Comment 30 Miroslav Rezanina 2018-01-23 12:57:59 UTC

Fix included in qemu-kvm-rhev-2.10.0-18.el7

Comment 32 cliao 2018-01-24 02:39:48 UTC

gdb can use dump-guest-memory.py now.

versions:
qemu : qemu-kvm-rhev-2.10.0-18.el7
kernel: kernel-3.10.0-830.el7.x86_64

steps:
1.gdb core.20385 
......
(gdb) source /usr/share/qemu-kvm/dump-guest-memory.py
(gdb) set height 0
(gdb) dump-guest-memory /home/vmcore X86_64
guest RAM blocks:
target_start     target_end       host_addr        message count
---------------- ---------------- ---------------- ------- -----
0000000000000000 00000000000a0000 00007fa2b2a00000 added       1
00000000000a0000 00000000000b0000 00007fa2b1400000 added       2
00000000000c0000 00000000000ca000 00007fa2b2ac0000 added       3
00000000000ca000 00000000000cd000 00007fa2b2aca000 joined      3
00000000000cd000 00000000000e8000 00007fa2b2acd000 joined      3
00000000000e8000 00000000000f0000 00007fa2b2ae8000 joined      3
00000000000f0000 0000000000100000 00007fa2b2af0000 joined      3
0000000000100000 00000000c0000000 00007fa2b2b00000 joined      3
00000000fd000000 00000000fe000000 00007fa2b1400000 added       4
00000000fffc0000 0000000100000000 00007fa2b2800000 added       5
0000000100000000 0000000140000000 00007fa372a00000 added       6
dumping range at 00007fa2b2a00000 for length 00000000000a0000
dumping range at 00007fa2b1400000 for length 0000000000010000
dumping range at 00007fa2b2ac0000 for length 00000000bff40000
dumping range at 00007fa2b1400000 for length 0000000001000000
dumping range at 00007fa2b2800000 for length 0000000000040000
dumping range at 00007fa372a00000 for length 0000000040000000
(gdb) q

Comment 38 Miroslav Rezanina 2018-02-07 13:29:51 UTC

Fix included in qemu-kvm-rhev-2.10.0-20.el7

Comment 43 errata-xmlrpc 2018-04-11 00:12:33 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:1104