Red Hat Bugzilla – Bug 1398633
[RFE] Kernel address space layout randomization [KASLR] support (qemu-kvm-rhev)
Last modified: 2018-04-18 04:03:18 EDT
QEMU clone for the implementation of this feature. There's no consensus yet on how this part should be implemented (guest agent, acpi hook that sends this via qemu monitor, virtio-pstore?) +++ This bug was initially created as a clone of Bug #1395248 +++ Patches are ready for most components, but we need a solution virsh dump when KVM guests have KASLR enabled. The discussion upstream appears to be converging to a qemu-guest-agent solution for now: http://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg01618.html +++ This bug was initially created as a clone of Bug #1290840 +++ Description of problem: Kernel Address Space Randomization [KASLR] allows to randomize the physical and virtual address at which the kernel image is decompressed, as a security feature that deters exploit attempts relying on knowledge of the location of kernel internals. The feature has been described in LWN article: https://lwn.net/Articles/569635/ With upstream patchsets of: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e8236c4d9338d52d0f2fcecc0b792ac0542e4ee9 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=da2b6fb990cf782b18952f534ec7323453bc4fc9 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a653f3563c51c7bb7de63d607bef09d3baddaeb8 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5bfce5ef55cbe78ee2ee6e97f2e26a8a582008f3 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6145cfe394a7f138f6b64491c5663f97dba12450 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19259943f0954dcd1817f94776376bf51c6a46d5 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f32360ef6608434a032dc7ad262d45e9693c27f3 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ab3820fd5b2896d66da7bb2a906bc382e63e7bc https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=82fa9637a2ba285bcc7c5050c73010b2c1b3d803 Version-Release number of selected component (if applicable): went upstream in 3.14 Additional info: https://lwn.net/Articles/569635/ --- Additional comment from Baoquan He on 2016-06-22 00:13:24 BRT --- Hi, Currently kernel text mapping separate randomization has been through several rounds. The latest one is v9 to address the last part of actual work as below: https://lkml.org/lkml/2016/5/25/687 Now the status is Ingo has added them into tip-bot tree for testing. Then Thomas Garnier from google raised another aslr realted issue: memory area address randomizatiuon. Ingo accepted the idea, and is reviewing the patchset. [PATCH v7 0/9] x86/mm: memory area address KASLR http://www.gossamer-threads.com/lists/linux/kernel/2467722 It could be merged into v4.8. Just update the progress here for reference. Thanks Baoquan --- Additional comment from Baoquan He on 2016-07-27 23:50:51 BRT --- Separating kernel image virtual address randomization from physical address randomization and extending kernel physical address randomization to be above 4G; Randomize kernel memory regions; Both of these two new features have been merged into Linus's tree. 90397a4 x86/mm: Add memory hotplug support for KASLR memory randomization a95ae27 x86/mm: Enable KASLR for vmalloc memory regions 021182e x86/mm: Enable KASLR for physical mapping memory regions 0483e1f x86/mm: Implement ASLR for kernel memory regions d899a7d x86/mm: Refactor KASLR entropy functions 6daa2ec x86/KASLR: Fix boot crash with certain memory configurations e066cc4 x86/KASLR: Allow randomization below the load address ed9f007 x86/KASLR: Extend kernel image physical address randomization to addresses larger than 4G 8391c73 x86/KASLR: Randomize virtual address separately 11fdf97 x86/KASLR: Clarify identity map interface 65fe935 x86/KASLR, x86/power: Remove x86 hibernation restrictions d2d3462 x86/KASLR: Clarify purpose of each get_random_long() 071a749 x86/KASLR: Add virtual address choosing function 06486d6 x86/KASLR: Return earliest overlap when avoiding regions c401cf1 x86/KASLR: Add 'struct slot_area' to manage random_addr slots 434a6c9 x86/KASLR: Initialize mapping_info every time 3a94707 x86/KASLR: Build identity mappings on demand ed09acd x86/KASLR: Improve comments around the mem_avoid[] logic 549f90d x86/boot: Simplify pointer casting in choose_random_location() 9dc1969 x86/KASLR: Consolidate mem_avoid[] entries 4d2d542 x86/KASLR: Clean up unused code from old 'run_size' and rename it to 'kernel_total_size' 6f9af75 x86/KASLR: Handle kernel relocations above 2G correctly 0f8ede1b x86/KASLR: Warn when KASLR is disabled e8581e3 x86/KASLR: Drop CONFIG_RANDOMIZE_BASE_MAX_OFFSET 4252db1 x86/KASLR: Update description for decompressor worst case size 9016875 x86/KASLR: Rename "random" to "random_addr" 7de828d x86/KASLR: Clarify purpose of kaslr.c 206f25a x86/KASLR: Remove unneeded boot_params argument 9b23874 x86/KASLR: Rename aslr.c to kaslr.c --- Additional comment from Dave Young on 2016-11-10 00:09:55 BRST --- Memo: userspace support status: Kexec/kdump: kernel: ready kexec-tools: ready makedumpfile: patches are ready. will be in makedumpfile 1.6.1 crash: ready Systemtap: Per systemtap maintainer, it is ready Kpatch: Kpatch team can do it after kernel backport, opened a bug Crash: kdump is ready virsh dump is not ready dyoung: opened an upstream thread: http://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg01618.html So we need monitor and wait for virsh dump in qemu upstream before enabling the kernel kaslr. --- Additional comment from Ademar Reis on 2016-11-25 10:22:54 BRST --- The upstream discussion appears to have converged around the idea that an initial implementation could be made via the guest-agent. The guest-agent part shold be relatively trivial to implement, so maybe could be implemented by the same developer working on the libvirt feature. --- Additional comment from Daniel Berrange on 2016-11-25 10:26:27 BRST --- FYI, from libvirt POV, I am *not* in favour of using guest agent for it - IMHO there should be a mechanism to feed this data back to the host via the core platform without requiring running special processes - perhaps something in an ACPI hook that can be exposed via the monitor, so that it is available from the very moment the kernel boots and configures KASLR, instead of only some arbitrary time later.
*** Bug 1447210 has been marked as a duplicate of this bug. ***
Hi Nini, This may help you: https://lists.gnu.org/archive/html/qemu-devel/2017-09/msg02657.html. Thanks for Marc-Andre's point. BR/ Guo, Zhiyi
(In reply to Guo, Zhiyi from comment #6) Zhiyi, Get it. Thanks for the info.
*** Bug 1507740 has been marked as a duplicate of this bug. ***
Fix included in qemu-kvm-rhev-2.10.0-10.el7
test result: version: host kernel: kernel-3.10.0-799.el7.x86_64 guest kernel: kernel-3.10.0-799.el7.x86_64 qemu: qemu-kvm-rhev-2.10.0-10.el7 step: 1.boot guest: /usr/libexec/qemu-kvm \ -m 1024 \ -smp 1 \ -vnc :0 \ -name guest=test5-4,debug-threads=on \ -boot menu=on \ -device virtio-scsi-pci,bus=pci.0,addr=0x5,id=scsi0 \ -drive file=/home/image/rhel75-64-virtio-scsi.raw,format=raw,if=none,id=drive-scsi0-0-0-0 \ -device scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0,bootindex=1 \ -device virtio-net-pci,mac=9a:70:71:72:74:73,id=idIBZSw2,vectors=4,netdev=idHrhHM9,bus=pci.0,addr=06,bootindex=2 \ -netdev tap,id=idHrhHM9,vhost=on \ -device vmcoreinfo \ -monitor stdio -qmp tcp:0:4444,server 2. #{ "execute": "qmp_capabilities" } {"return": {}} {"execute": "dump-guest-memory", "arguments": { "paging": false, "protocol": "file:/home/dump.normal"}} {"timestamp": {"seconds": 1512108151, "microseconds": 843955}, "event": "STOP"} {"timestamp": {"seconds": 1512108152, "microseconds": 651379}, "event": "DUMP_COMPLETED", "data": {"result": {"total": 1090715648, "status": "completed", "completed": 1090715648}}} {"timestamp": {"seconds": 1512108152, "microseconds": 651782}, "event": "RESUME"} {"return": {}} #{"execute":"query-dump-guest-memory-capability"} #{"return": {"formats": ["elf", "kdump-zlib", "kdump-lzo", "kdump-snappy"]}} {"execute": "dump-guest-memory", "arguments": { "paging": false, "protocol": "file:/home/dump.elf", "format": "elf"}} {"timestamp": {"seconds": 1512108185, "microseconds": 241082}, "event": "STOP"} {"timestamp": {"seconds": 1512108186, "microseconds": 92823}, "event": "DUMP_COMPLETED", "data": {"result": {"total": 1090715648, "status": "completed", "completed": 1090715648}}} {"timestamp": {"seconds": 1512108186, "microseconds": 93191}, "event": "RESUME"} {"return": {}} #{"execute": "dump-guest-memory", "arguments": { "paging": false, "protocol": "file:/home/dump.zlib", "format": "kdump-zlib"}} {"timestamp": {"seconds": 1512108229, "microseconds": 170590}, "event": "STOP"} {"timestamp": {"seconds": 1512108245, "microseconds": 361914}, "event": "DUMP_COMPLETED", "data": {"result": {"total": 1090715648, "status": "completed", "completed": 1090715648}}} {"timestamp": {"seconds": 1512108245, "microseconds": 362320}, "event": "RESUME"} {"return": {}} #{"execute": "dump-guest-memory", "arguments": { "paging": false, "protocol": "file:/home/dump.lzo", "format": "kdump-lzo"}} {"timestamp": {"seconds": 1512108615, "microseconds": 399338}, "event": "STOP"} {"timestamp": {"seconds": 1512108617, "microseconds": 648353}, "event": "DUMP_COMPLETED", "data": {"result": {"total": 1090715648, "status": "completed", "completed": 1090715648}}} {"timestamp": {"seconds": 1512108617, "microseconds": 648749}, "event": "RESUME"} {"return": {}} 3.result: 3.1 crash: crash /usr/lib/debug/lib/modules/3.10.0-799.el7.x86_64/vmlinux dump.elf crash 7.2.0-1.el7 Copyright (C) 2002-2017 Red Hat, Inc. Copyright (C) 2004, 2005, 2006, 2010 IBM Corporation Copyright (C) 1999-2006 Hewlett-Packard Co Copyright (C) 2005, 2006, 2011, 2012 Fujitsu Limited Copyright (C) 2006, 2007 VA Linux Systems Japan K.K. Copyright (C) 2005, 2011 NEC Corporation Copyright (C) 1999, 2002, 2007 Silicon Graphics, Inc. Copyright (C) 1999, 2000, 2001, 2002 Mission Critical Linux, Inc. This program is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Enter "help copying" to see the conditions. This program has absolutely no warranty. Enter "help warranty" for details. WARNING: cannot determine physical base address: defaulting to 0 GNU gdb (GDB) 7.6 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-unknown-linux-gnu"... WARNING: failed to init kexec backup region WARNING: cannot read linux_banner string crash: /usr/lib/debug/lib/modules/3.10.0-799.el7.x86_64/vmlinux and dump.elf do not match! Usage: crash [OPTION]... NAMELIST MEMORY-IMAGE[@ADDRESS] (dumpfile form) crash [OPTION]... [NAMELIST] (live system form) Enter "crash -h" for details. 3.2 gdb use dump-guest-memory.py gdb /var/core.2043-0-0-11-1512111124-hp-z420-01.qe.lab.eng.nay.redhat.com-qemu-kvm (gdb) source /usr/share/qemu-kvm/dump-guest-memory.py (gdb) set height 0 (gdb) dump-guest-memory /home/vmcore1 X86_64 guest RAM blocks: target_start target_end host_addr message count ---------------- ---------------- ---------------- ------- ----- 0000000000000000 00000000000a0000 00007f04e5200000 added 1 00000000000a0000 00000000000b0000 00007f04e3c00000 added 2 00000000000c0000 00000000000ca000 00007f04e52c0000 added 3 00000000000ca000 00000000000cd000 00007f04e52ca000 joined 3 00000000000cd000 00000000000e8000 00007f04e52cd000 joined 3 00000000000e8000 00000000000f0000 00007f04e52e8000 joined 3 00000000000f0000 0000000000100000 00007f04e52f0000 joined 3 0000000000100000 0000000040000000 00007f04e5300000 joined 3 00000000fd000000 00000000fe000000 00007f04e3c00000 added 4 00000000fffc0000 0000000100000000 00007f04e5000000 added 5 Python Exception <class 'gdb.error'> No symbol "vmcoreinfo_find" in current context.: Error occurred in Python command: No symbol "vmcoreinfo_find" in current context. (gdb) but crash can work when guest kernel add "nokaslr".
(In reply to cliao from comment #14) > test result: > > version: > host kernel: kernel-3.10.0-799.el7.x86_64 > guest kernel: kernel-3.10.0-799.el7.x86_64 > qemu: qemu-kvm-rhev-2.10.0-10.el7 > > step: > 1.boot guest: > /usr/libexec/qemu-kvm \ > -m 1024 \ > -smp 1 \ > -vnc :0 \ > -name guest=test5-4,debug-threads=on \ > -boot menu=on \ > -device virtio-scsi-pci,bus=pci.0,addr=0x5,id=scsi0 \ > -drive > file=/home/image/rhel75-64-virtio-scsi.raw,format=raw,if=none,id=drive-scsi0- > 0-0-0 \ > -device > scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0, > id=scsi0-0-0-0,bootindex=1 \ > -device > virtio-net-pci,mac=9a:70:71:72:74:73,id=idIBZSw2,vectors=4,netdev=idHrhHM9, > bus=pci.0,addr=06,bootindex=2 \ > -netdev tap,id=idHrhHM9,vhost=on \ > -device vmcoreinfo \ > -monitor stdio -qmp tcp:0:4444,server > > > 2. > #{ "execute": "qmp_capabilities" } > {"return": {}} > {"execute": "dump-guest-memory", "arguments": { "paging": false, "protocol": > "file:/home/dump.normal"}} > {"timestamp": {"seconds": 1512108151, "microseconds": 843955}, "event": > "STOP"} > {"timestamp": {"seconds": 1512108152, "microseconds": 651379}, "event": > "DUMP_COMPLETED", "data": {"result": {"total": 1090715648, "status": > "completed", "completed": 1090715648}}} > {"timestamp": {"seconds": 1512108152, "microseconds": 651782}, "event": > "RESUME"} > {"return": {}} > #{"execute":"query-dump-guest-memory-capability"} > #{"return": {"formats": ["elf", "kdump-zlib", "kdump-lzo", "kdump-snappy"]}} > {"execute": "dump-guest-memory", "arguments": { "paging": false, "protocol": > "file:/home/dump.elf", "format": "elf"}} > {"timestamp": {"seconds": 1512108185, "microseconds": 241082}, "event": > "STOP"} > {"timestamp": {"seconds": 1512108186, "microseconds": 92823}, "event": > "DUMP_COMPLETED", "data": {"result": {"total": 1090715648, "status": > "completed", "completed": 1090715648}}} > {"timestamp": {"seconds": 1512108186, "microseconds": 93191}, "event": > "RESUME"} > {"return": {}} > #{"execute": "dump-guest-memory", "arguments": { "paging": false, > "protocol": "file:/home/dump.zlib", "format": "kdump-zlib"}} > {"timestamp": {"seconds": 1512108229, "microseconds": 170590}, "event": > "STOP"} > {"timestamp": {"seconds": 1512108245, "microseconds": 361914}, "event": > "DUMP_COMPLETED", "data": {"result": {"total": 1090715648, "status": > "completed", "completed": 1090715648}}} > {"timestamp": {"seconds": 1512108245, "microseconds": 362320}, "event": > "RESUME"} > {"return": {}} > #{"execute": "dump-guest-memory", "arguments": { "paging": false, > "protocol": "file:/home/dump.lzo", "format": "kdump-lzo"}} > {"timestamp": {"seconds": 1512108615, "microseconds": 399338}, "event": > "STOP"} > {"timestamp": {"seconds": 1512108617, "microseconds": 648353}, "event": > "DUMP_COMPLETED", "data": {"result": {"total": 1090715648, "status": > "completed", "completed": 1090715648}}} > {"timestamp": {"seconds": 1512108617, "microseconds": 648749}, "event": > "RESUME"} > {"return": {}} > > 3.result: > 3.1 crash: > crash /usr/lib/debug/lib/modules/3.10.0-799.el7.x86_64/vmlinux dump.elf > > crash 7.2.0-1.el7 > Copyright (C) 2002-2017 Red Hat, Inc. > Copyright (C) 2004, 2005, 2006, 2010 IBM Corporation > Copyright (C) 1999-2006 Hewlett-Packard Co > Copyright (C) 2005, 2006, 2011, 2012 Fujitsu Limited > Copyright (C) 2006, 2007 VA Linux Systems Japan K.K. > Copyright (C) 2005, 2011 NEC Corporation > Copyright (C) 1999, 2002, 2007 Silicon Graphics, Inc. > Copyright (C) 1999, 2000, 2001, 2002 Mission Critical Linux, Inc. > This program is free software, covered by the GNU General Public License, > and you are welcome to change it and/or distribute copies of it under > certain conditions. Enter "help copying" to see the conditions. > This program has absolutely no warranty. Enter "help warranty" for details. > > WARNING: cannot determine physical base address: defaulting to 0 > > GNU gdb (GDB) 7.6 > Copyright (C) 2013 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > and "show warranty" for details. > This GDB was configured as "x86_64-unknown-linux-gnu"... > > WARNING: failed to init kexec backup region > WARNING: cannot read linux_banner string > crash: /usr/lib/debug/lib/modules/3.10.0-799.el7.x86_64/vmlinux and dump.elf > do not match! This also depends on kernel support, bug 1493125. > > Usage: > > crash [OPTION]... NAMELIST MEMORY-IMAGE[@ADDRESS] (dumpfile form) > crash [OPTION]... [NAMELIST] (live system form) > > Enter "crash -h" for details. > > 3.2 gdb use dump-guest-memory.py > gdb > /var/core.2043-0-0-11-1512111124-hp-z420-01.qe.lab.eng.nay.redhat.com-qemu- > kvm > (gdb) source /usr/share/qemu-kvm/dump-guest-memory.py > (gdb) set height 0 > (gdb) dump-guest-memory /home/vmcore1 X86_64 > guest RAM blocks: > target_start target_end host_addr message count > ---------------- ---------------- ---------------- ------- ----- > 0000000000000000 00000000000a0000 00007f04e5200000 added 1 > 00000000000a0000 00000000000b0000 00007f04e3c00000 added 2 > 00000000000c0000 00000000000ca000 00007f04e52c0000 added 3 > 00000000000ca000 00000000000cd000 00007f04e52ca000 joined 3 > 00000000000cd000 00000000000e8000 00007f04e52cd000 joined 3 > 00000000000e8000 00000000000f0000 00007f04e52e8000 joined 3 > 00000000000f0000 0000000000100000 00007f04e52f0000 joined 3 > 0000000000100000 0000000040000000 00007f04e5300000 joined 3 > 00000000fd000000 00000000fe000000 00007f04e3c00000 added 4 > 00000000fffc0000 0000000100000000 00007f04e5000000 added 5 > Python Exception <class 'gdb.error'> No symbol "vmcoreinfo_find" in current > context.: > Error occurred in Python command: No symbol "vmcoreinfo_find" in current > context. > (gdb) > > Good catch, I sent a patch on qemu ML for that: [PATCH] dump-guest-memory.py: fix No symbol "vmcoreinfo_find"
Fix included in qemu-kvm-rhev-2.10.0-12.el7
test result: host kernel: kernel-3.10.0-799.el7.x86_64 guest kernel: kernel-3.10.0-799.el7.x86_64 qemu: qemu-kvm-rhev-2.10.0-12.el7 steps: gdb use dump-guest-memory.py gdb core.14130-0-0-11-1513045734-hp-z220-01.qe.lab.eng.nay.redhat.com-qemu-kvm (gdb) source /usr/share/qemu-kvm/dump-guest-memory.py (gdb) set height 0 (gdb) dump-guest-memory /tmp/vmcore X86_64 guest RAM blocks: target_start target_end host_addr message count ---------------- ---------------- ---------------- ------- ----- 0000000000000000 00000000000a0000 00007f7935800000 added 1 00000000000a0000 00000000000b0000 00007f7934200000 added 2 00000000000c0000 00000000000ca000 00007f79358c0000 added 3 00000000000ca000 00000000000cd000 00007f79358ca000 joined 3 00000000000cd000 00000000000e8000 00007f79358cd000 joined 3 00000000000e8000 00000000000f0000 00007f79358e8000 joined 3 00000000000f0000 0000000000100000 00007f79358f0000 joined 3 0000000000100000 0000000080000000 00007f7935900000 joined 3 00000000fd000000 00000000fe000000 00007f7934200000 added 4 00000000fffc0000 0000000100000000 00007f7935600000 added 5 Python Exception <class 'gdb.error'> You can't do that without a process to debug.: Error occurred in Python command: You can't do that without a process to debug. (gdb) q
hi Marcandre: I can not get the vmcore file when use dump-guest-memory.py. BTW, since kernel not support KASLR. If I will wait for kernel bug fix then verify qemu-kvm-rhev thanks, cliao
sent: [PATCH] dump-guest-memory.py: fix "You can't do that without a process to debug" for upstream, we will need to backport it.
Fix included in qemu-kvm-rhev-2.10.0-17.el7
Fix included in qemu-kvm-rhev-2.10.0-18.el7
gdb can use dump-guest-memory.py now. versions: qemu : qemu-kvm-rhev-2.10.0-18.el7 kernel: kernel-3.10.0-830.el7.x86_64 steps: 1.gdb core.20385 ...... (gdb) source /usr/share/qemu-kvm/dump-guest-memory.py (gdb) set height 0 (gdb) dump-guest-memory /home/vmcore X86_64 guest RAM blocks: target_start target_end host_addr message count ---------------- ---------------- ---------------- ------- ----- 0000000000000000 00000000000a0000 00007fa2b2a00000 added 1 00000000000a0000 00000000000b0000 00007fa2b1400000 added 2 00000000000c0000 00000000000ca000 00007fa2b2ac0000 added 3 00000000000ca000 00000000000cd000 00007fa2b2aca000 joined 3 00000000000cd000 00000000000e8000 00007fa2b2acd000 joined 3 00000000000e8000 00000000000f0000 00007fa2b2ae8000 joined 3 00000000000f0000 0000000000100000 00007fa2b2af0000 joined 3 0000000000100000 00000000c0000000 00007fa2b2b00000 joined 3 00000000fd000000 00000000fe000000 00007fa2b1400000 added 4 00000000fffc0000 0000000100000000 00007fa2b2800000 added 5 0000000100000000 0000000140000000 00007fa372a00000 added 6 dumping range at 00007fa2b2a00000 for length 00000000000a0000 dumping range at 00007fa2b1400000 for length 0000000000010000 dumping range at 00007fa2b2ac0000 for length 00000000bff40000 dumping range at 00007fa2b1400000 for length 0000000001000000 dumping range at 00007fa2b2800000 for length 0000000000040000 dumping range at 00007fa372a00000 for length 0000000040000000 (gdb) q
Fix included in qemu-kvm-rhev-2.10.0-20.el7
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:1104