Re: [PATCH 2/2] Save current timestamp part of dmesg while writing oops message to pstore

From: Kees Cook
Date: Mon May 22 2017 - 19:51:24 EST

Next message: Kees Cook: "Re: [kernel-hardening] [PATCH v4 next 0/3] modules: automatic module loading restrictions"
Previous message: Hyunchul Lee: "Re: [PATCH 4/6] ubifs: Maintain a parent pointer"
In reply to: Ankit Kumar: "[PATCH 2/2] Save current timestamp part of dmesg while writing oops message to pstore"
Next in thread: Ankit Kumar: "Re: [PATCH 2/2] Save current timestamp part of dmesg while writing oops message to pstore"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, May 22, 2017 at 3:20 AM, Ankit Kumar <ankit@xxxxxxxxxxxxxxxxxx> wrote:
> Currently on panic or Oops, kernel saves the last few bytes from dmesg
> buffer to nvram. Usually kdump does capture kernel memory and provide
> dmesg logs as well. But in some cases where kdump fails to capture
> vmcore, the dmesg buffer stored in nvram/pstore turns out to be very
> helpful in analyzing root cause.
>
> Present code creates pstore dump file(/sys/fs/pstore/dmesg-***) based on
> timestamp(retrieved from header). Current pstore code creates dump file
> (/sys/fs/pstore/dmesg-***) with that timestamp. Dump file can be analyzed
> based on file creation time and we can make out whether dump file has latest
> data or not.
>
> But when we transfer pstore dump file(/sys/fs/pstore/dmesg-***) to other
> machine or collect file using some utilities(sosreport/supportconfig) then file
> timestamp gets changed and hence by looking at device file (dmesg-***) we won't
> be able to identify whether dump has latest data or not.
>
> Above issue can be fixed if we also have timestamp(dump creation time) as
> initial few bytes while capturing dmesg buffer to pstore dump file
> (/sys/fs/pstore/dmesg-***).
>
>
> This patch enhances pstore write code to also write timestamp as part of data.
>
> Here is sample log of dump file:(/sys/fs/pstore/dmesg-***)
> Oops#1 Part1 [timestamp:1494939359.590463]

While I understand your rationale about possibly losing file timestamp
information in userspace, I think this is a solvable problem on the
collection side. If an additional header is needed, perhaps copy the
dmesg files like this:

for i in dmesg-*; do
(stat --format=%y /sys/fs/pstore/$i; \
cat /sys/fs/pstore/$i) > $collect_dir/$i
done

One of the primary concerns for pstore is the stored dump size, even
to the point of adding compression to the routines to squeeze out
every last bit of space. I'd really rather avoid adding the timestamp
to the stored data like this. It's up to the backends already to
efficiently store this, and it's exposed via the file timestamp, so I
really can't justify adding redundant data.

-Kees

--
Kees Cook
Pixel Security

Next message: Kees Cook: "Re: [kernel-hardening] [PATCH v4 next 0/3] modules: automatic module loading restrictions"
Previous message: Hyunchul Lee: "Re: [PATCH 4/6] ubifs: Maintain a parent pointer"
In reply to: Ankit Kumar: "[PATCH 2/2] Save current timestamp part of dmesg while writing oops message to pstore"
Next in thread: Ankit Kumar: "Re: [PATCH 2/2] Save current timestamp part of dmesg while writing oops message to pstore"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]