Red Hat Bugzilla – Bug 1555268
[RFE] Kernel address space layout randomization [KASLR] support
Last modified: 2018-05-15 13:50:39 EDT
+++ This bug was initially created as a clone of Bug #1395248 +++ Patches are ready for most components, but we need a solution virsh dump when KVM guests have KASLR enabled. The discussion upstream appears to be converging to a qemu-guest-agent solution for now: http://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg01618.html +++ This bug was initially created as a clone of Bug #1290840 +++ Description of problem: Kernel Address Space Randomization [KASLR] allows to randomize the physical and virtual address at which the kernel image is decompressed, as a security feature that deters exploit attempts relying on knowledge of the location of kernel internals. The feature has been described in LWN article: https://lwn.net/Articles/569635/ With upstream patchsets of: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e8236c4d9338d52d0f2fcecc0b792ac0542e4ee9 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=da2b6fb990cf782b18952f534ec7323453bc4fc9 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a653f3563c51c7bb7de63d607bef09d3baddaeb8 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5bfce5ef55cbe78ee2ee6e97f2e26a8a582008f3 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6145cfe394a7f138f6b64491c5663f97dba12450 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19259943f0954dcd1817f94776376bf51c6a46d5 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f32360ef6608434a032dc7ad262d45e9693c27f3 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ab3820fd5b2896d66da7bb2a906bc382e63e7bc https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=82fa9637a2ba285bcc7c5050c73010b2c1b3d803 Version-Release number of selected component (if applicable): went upstream in 3.14 Additional info: https://lwn.net/Articles/569635/ --- Additional comment from Jaroslav Suchanek on 2017-11-22 15:16:58 CET --- Fixed upstream: commit 7e4177a35bae49a53b04940be04418daaa988734 Author: Marc-André Lureau <marcandre.lureau@redhat.com> AuthorDate: Thu Nov 16 17:49:38 2017 +0100 Commit: Martin Kletzander <mkletzan@redhat.com> CommitDate: Sat Nov 18 10:45:10 2017 +0100 qemu: add vmcoreinfo support Starting from qemu 2.11, the `-device vmcoreinfo` will create a fw_cfg entry for a guest to store dump details, necessary to process kernel dump with KASLR enabled and providing additional kernel details. In essence, it is similar to -fw_cfg name=etc/vmcoreinfo,file=X but in this case it is not backed by a file, but collected by QEMU itself. Since the device is a singleton and shouldn't use additional hardware resources, it is presented as a <feature> element in the libvirt domain XML. The device is arm/x86 only for now (targets that support fw_cfg+dma). Related to: https://bugzilla.redhat.com/show_bug.cgi?id=1395248 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Starting RHV-4.2, libvirt domxml is built centrally by Engine. Suggesting to fix this for GA.
do we use virsh dump anywhere? in logcollector perhaps?
Israel, Can you please ack or nack this?
(In reply to Michal Skrivanek from comment #2) > do we use virsh dump anywhere? in logcollector perhaps? virsh is not mentioned in ovirt-log-collector, nor its vdsm plugin.
adding back needinfo on ipinto this is already present in latest build
Verify with: Software Version:4.2.3.3-0.1.el7 https://polarion.engineering.redhat.com/polarion/#/project/RHEVM3/testrun?id=1-1&tab=records&result=passed
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:1488