Hello,
I have been trying (unsuccessfully) to make kdump work for automatic kernel crash analysis and recovery (reboot) on kernel 3.4.5 + grsec. Even with the grsec kernel config options completely disabled the crash kernel is not kexec'd. Also I see there's a limitation to the use of CONFIG_PROC_VMCORE, which is necessary for saving the crash dump, as it's marked as incompatible with GRSEC. Is this fixable on any way? Is there some definitive guide to use kexec based crash analysis tools with grsec or should I just move on to something else?
It's worth noting that the regular kexec load and exec works perfectly, it's the crash kernel that doesn't (it loads but it's not executed on panic).
Thanks,
pablo.
Grsec and kdump
3 posts
• Page 1 of 1
Grsec and kdump
by pablo » Tue Dec 11, 2012 11:03 pm
- pablo
- Posts: 12
- Joined: Tue Dec 11, 2012 10:50 pm
Re: Grsec and kdump
by PaX Team » Wed Dec 12, 2012 11:24 am
i never tried kdump with PaX so it's no wonder if there're problems (although you could at least try a supported kernel version, 3.4 is quite old now 
). if you can tell me a simple way to set up and test kdump (preferably something that works in qemu), i'll take a look.
). if you can tell me a simple way to set up and test kdump (preferably something that works in qemu), i'll take a look.- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
Re: Grsec and kdump
by pablo » Wed Dec 12, 2012 11:42 am
Hi there, I'm kind of constrained on my kernel selection but I'll give a try on the latest nevertheless (and probably backport to 3.4.5, which already sounds incredibly annoying).
I can give you the installation and test steps for Ubuntu 12.04/12.10, not sure if you have some VM like that around.
Anyway:
- It has to be an up2date installation (there has been some fixes from a month ago or so).
- install package linux-crashdump
- on /etc/grub.d/10_linux change the line that says GRUB_CMDLINE_EXTRA="$GRUB_CMDLINE_EXTRA crashkernel=384M-2G:64M,2G-:128M" doing a s/64/128/ (there's some reports that 64M is not enough for a modern ubuntu to run).
- update-grub
- reboot
you can check if the crash kernel was loaded reading /sys/kernel/kexec_crash_loaded (it should say 1)
and force a panic doing "echo c > /proc/sysrq-trigger"
it should take around 1 minute to take a snapshot (if you're in a real terminal you should see the crash kernel booting) and automatically cold reboot. The generated crash dump should be on /var/crash.
The kernel needs CONFIG_KEXEC, CONFIG_CRASH_DUMP, CONFIG_RELOCATABLE, CONFIG_PROC_VMCORE, CONFIG_DEBUG_INFO, CONFIG_HIGHMEM4G/64G.
Thanks!
pablo.
I can give you the installation and test steps for Ubuntu 12.04/12.10, not sure if you have some VM like that around.
Anyway:
- It has to be an up2date installation (there has been some fixes from a month ago or so).
- install package linux-crashdump
- on /etc/grub.d/10_linux change the line that says GRUB_CMDLINE_EXTRA="$GRUB_CMDLINE_EXTRA crashkernel=384M-2G:64M,2G-:128M" doing a s/64/128/ (there's some reports that 64M is not enough for a modern ubuntu to run).
- update-grub
- reboot
you can check if the crash kernel was loaded reading /sys/kernel/kexec_crash_loaded (it should say 1)
and force a panic doing "echo c > /proc/sysrq-trigger"
it should take around 1 minute to take a snapshot (if you're in a real terminal you should see the crash kernel booting) and automatically cold reboot. The generated crash dump should be on /var/crash.
The kernel needs CONFIG_KEXEC, CONFIG_CRASH_DUMP, CONFIG_RELOCATABLE, CONFIG_PROC_VMCORE, CONFIG_DEBUG_INFO, CONFIG_HIGHMEM4G/64G.
Thanks!
pablo.
- pablo
- Posts: 12
- Joined: Tue Dec 11, 2012 10:50 pm
3 posts
• Page 1 of 1