Bug 1555268 - [RFE] Kernel address space layout randomization [KASLR] support
Summary: [RFE] Kernel address space layout randomization [KASLR] support
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ovirt-4.2.3
: ---
Assignee: Michal Skrivanek
QA Contact: Israel Pinto
Depends On: 1555276 1290840 1395248 1398633 1411490 1424943 1493125 1519748
Blocks: 1288169 1298243 1317091 1522983 1469590 1568461 1568736
TreeView+ depends on / blocked
Reported: 2018-03-14 11:14 UTC by Jaroslav Suchanek
Modified: 2019-05-16 13:10 UTC (History)
44 users (show)

Fixed In Version: rhv-4.2.3-2
Doc Type: Enhancement
Doc Text:
Previously, Red Hat Enterprise Linux kernels had kernel address space layout randomization enabled by default. This feature prevented trouble-shooting and analysis of the guest's memory dumps. In the current feature, "vmcoreinfo" is enabled for all Linux guests. It allows a compatible kernel to export the debugging information so that the memory image can be analyzed.
Clone Of: 1395248
: 1568461 1568736 (view as bug list)
Last Closed: 2018-05-15 17:48:31 UTC
oVirt Team: Virt
Target Upstream Version:
ipinto: testing_plan_complete+

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2018:1488 0 None None None 2018-05-15 17:50:38 UTC
oVirt gerrit 90056 0 master MERGED core: add EnableKASLRDump vdc_option 2020-06-01 00:15:22 UTC
oVirt gerrit 90378 0 ovirt-engine-4.2 MERGED core: add EnableKASLRDump vdc_option 2020-06-01 00:15:24 UTC

Description Jaroslav Suchanek 2018-03-14 11:14:59 UTC
+++ This bug was initially created as a clone of Bug #1395248 +++

Patches are ready for most components, but we need a solution virsh dump when KVM guests have KASLR enabled.

The discussion upstream appears to be converging to a qemu-guest-agent solution for now: http://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg01618.html

+++ This bug was initially created as a clone of Bug #1290840 +++

Description of problem:
Kernel Address Space Randomization [KASLR] allows to randomize the physical and virtual address at which the kernel image is decompressed, as a security feature that deters exploit attempts relying on knowledge of the location of kernel internals. 

The feature has been described in LWN article:

With upstream patchsets of:









Version-Release number of selected component (if applicable):
went upstream in 3.14

Additional info:


--- Additional comment from Jaroslav Suchanek on 2017-11-22 15:16:58 CET ---

Fixed upstream:

commit 7e4177a35bae49a53b04940be04418daaa988734
Author:     Marc-André Lureau <marcandre.lureau@redhat.com>
AuthorDate: Thu Nov 16 17:49:38 2017 +0100
Commit:     Martin Kletzander <mkletzan@redhat.com>
CommitDate: Sat Nov 18 10:45:10 2017 +0100

    qemu: add vmcoreinfo support
    Starting from qemu 2.11, the `-device vmcoreinfo` will create a fw_cfg
    entry for a guest to store dump details, necessary to process kernel
    dump with KASLR enabled and providing additional kernel details.
    In essence, it is similar to -fw_cfg name=etc/vmcoreinfo,file=X but in
    this case it is not backed by a file, but collected by QEMU itself.
    Since the device is a singleton and shouldn't use additional hardware
    resources, it is presented as a <feature> element in the libvirt
    domain XML.
    The device is arm/x86 only for now (targets that support fw_cfg+dma).
    Related to:
    Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Comment 1 Dan Kenigsberg 2018-03-14 11:21:21 UTC
Starting RHV-4.2, libvirt domxml is built centrally by Engine.
Suggesting to fix this for GA.

Comment 2 Michal Skrivanek 2018-03-15 07:49:25 UTC
do we use virsh dump anywhere? in logcollector perhaps?

Comment 4 Raz Tamir 2018-04-27 10:09:44 UTC

Can you please ack or nack this?

Comment 5 Dan Kenigsberg 2018-04-29 15:00:26 UTC
(In reply to Michal Skrivanek from comment #2)
> do we use virsh dump anywhere? in logcollector perhaps?

virsh is not mentioned in ovirt-log-collector, nor its vdsm plugin.

Comment 6 Michal Skrivanek 2018-04-29 17:02:55 UTC
adding back needinfo on ipinto

this is already present in latest build

Comment 7 Israel Pinto 2018-05-01 11:13:39 UTC
Verify with:
Software Version:


Comment 11 errata-xmlrpc 2018-05-15 17:48:31 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Comment 12 Franta Kust 2019-05-16 13:06:28 UTC
BZ<2>Jira Resync

Note You need to log in before you can comment on or make changes to this bug.