From: Matthew Garrett <mjg59@srcf.ucam.org>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: keir@xen.org, Kees Cook <keescook@chromium.org>,
Richard Weinberger <richard.weinberger@gmail.com>,
Richard Weinberger <richard@nod.at>,
Daniel Kiper <daniel.kiper@oracle.com>,
kexec@lists.infradead.org, LKML <linux-kernel@vger.kernel.org>,
xen-devel@lists.xen.org, hbabu@us.ibm.com,
david.vrabel@citrix.com, jbeulich@suse.com,
"H. Peter Anvin" <hpa@linux.intel.com>,
Vivek Goyal <vgoyal@redhat.com>
Subject: Re: kexec: Clearing registers just before jumping into purgatory
Date: Fri, 11 Oct 2013 21:50:16 +0100 [thread overview]
Message-ID: <20131011205016.GA5656@srcf.ucam.org> (raw)
In-Reply-To: <87ob6va670.fsf@tw-ebiederman.twitter.com>
On Fri, Oct 11, 2013 at 01:44:19PM -0700, Eric W. Biederman wrote:
> Matthew Garrett <mjg59@srcf.ucam.org> writes:
> > No, I manually look up some addresses from /proc/kallsyms and then
> > modify them in the second kernel.
>
> An interesting approach I think most of the rest of us would have just
> built a module, or rebuilt our kernels.
Well yeah, but my kernel refuses to load unsigned modules, so.
> Now if this is a backwards argument to remove that silly code path it
> totally fails because now we know the code has not bit-rotted and
> that there are active users.
No, it's not any argument of the kind.
> If you are still pushing the signed-boot agenda I eagerly await your
> patches to make all of this work in a sensible way with signed binaries.
Vivek's working on a separate kexec system call for that, as we agreed
with Linus at LPC.
--
Matthew Garrett | mjg59@srcf.ucam.org
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
WARNING: multiple messages have this Message-ID (diff)
From: Matthew Garrett <mjg59@srcf.ucam.org>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Richard Weinberger <richard@nod.at>,
Richard Weinberger <richard.weinberger@gmail.com>,
Vivek Goyal <vgoyal@redhat.com>,
Daniel Kiper <daniel.kiper@oracle.com>,
hbabu@us.ibm.com, "H. Peter Anvin" <hpa@linux.intel.com>,
Kees Cook <keescook@chromium.org>,
kexec@lists.infradead.org, LKML <linux-kernel@vger.kernel.org>,
david.vrabel@citrix.com, jbeulich@suse.com, keir@xen.org,
xen-devel@lists.xen.org
Subject: Re: kexec: Clearing registers just before jumping into purgatory
Date: Fri, 11 Oct 2013 21:50:16 +0100 [thread overview]
Message-ID: <20131011205016.GA5656@srcf.ucam.org> (raw)
In-Reply-To: <87ob6va670.fsf@tw-ebiederman.twitter.com>
On Fri, Oct 11, 2013 at 01:44:19PM -0700, Eric W. Biederman wrote:
> Matthew Garrett <mjg59@srcf.ucam.org> writes:
> > No, I manually look up some addresses from /proc/kallsyms and then
> > modify them in the second kernel.
>
> An interesting approach I think most of the rest of us would have just
> built a module, or rebuilt our kernels.
Well yeah, but my kernel refuses to load unsigned modules, so.
> Now if this is a backwards argument to remove that silly code path it
> totally fails because now we know the code has not bit-rotted and
> that there are active users.
No, it's not any argument of the kind.
> If you are still pushing the signed-boot agenda I eagerly await your
> patches to make all of this work in a sensible way with signed binaries.
Vivek's working on a separate kexec system call for that, as we agreed
with Linus at LPC.
--
Matthew Garrett | mjg59@srcf.ucam.org
next prev parent reply other threads:[~2013-10-11 20:51 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-11 9:28 kexec: Clearing registers just before jumping into purgatory Daniel Kiper
2013-10-11 9:28 ` Daniel Kiper
2013-10-11 10:08 ` Eric W. Biederman
2013-10-11 10:08 ` Eric W. Biederman
2013-10-11 11:04 ` Daniel Kiper
2013-10-11 11:04 ` Daniel Kiper
2013-10-11 12:52 ` Vivek Goyal
2013-10-11 12:52 ` Vivek Goyal
2013-10-11 12:52 ` Vivek Goyal
2013-10-11 15:37 ` Matthew Garrett
2013-10-11 15:37 ` Matthew Garrett
2013-10-11 15:37 ` Matthew Garrett
2013-10-11 15:44 ` Vivek Goyal
2013-10-11 15:44 ` Vivek Goyal
2013-10-11 15:48 ` Matthew Garrett
2013-10-11 15:48 ` Matthew Garrett
2013-10-11 16:33 ` Richard Weinberger
2013-10-11 16:33 ` Richard Weinberger
2013-10-11 16:39 ` Matthew Garrett
2013-10-11 16:39 ` Matthew Garrett
2013-10-11 16:39 ` Matthew Garrett
2013-10-11 16:42 ` Richard Weinberger
2013-10-11 16:42 ` Richard Weinberger
2013-10-11 16:44 ` Matthew Garrett
2013-10-11 16:44 ` Matthew Garrett
2013-10-11 16:47 ` Richard Weinberger
2013-10-11 16:47 ` Richard Weinberger
2013-10-11 16:47 ` Richard Weinberger
2013-10-11 16:55 ` Matthew Garrett
2013-10-11 16:55 ` Matthew Garrett
2013-10-11 16:59 ` Richard Weinberger
2013-10-11 16:59 ` Richard Weinberger
2013-10-11 16:59 ` Richard Weinberger
2013-10-11 17:01 ` Matthew Garrett
2013-10-11 17:01 ` Matthew Garrett
2013-10-11 17:01 ` Matthew Garrett
2013-10-11 20:44 ` Eric W. Biederman
2013-10-11 20:44 ` Eric W. Biederman
2013-10-11 20:44 ` Eric W. Biederman
2013-10-11 20:50 ` Matthew Garrett
2013-10-11 20:50 ` Matthew Garrett [this message]
2013-10-11 20:50 ` Matthew Garrett
2013-10-11 16:55 ` Matthew Garrett
2013-10-11 16:53 ` Vivek Goyal
2013-10-11 16:53 ` Vivek Goyal
2013-10-11 16:53 ` Vivek Goyal
2013-10-11 16:56 ` Matthew Garrett
2013-10-11 16:56 ` Matthew Garrett
2013-10-11 16:56 ` Matthew Garrett
2013-10-11 16:44 ` Matthew Garrett
2013-10-11 16:42 ` Richard Weinberger
2013-10-11 16:33 ` Richard Weinberger
2013-10-11 15:48 ` Matthew Garrett
2013-10-11 15:44 ` Vivek Goyal
2013-10-11 22:15 ` Eric W. Biederman
2013-10-11 22:15 ` Eric W. Biederman
2013-10-11 22:15 ` Eric W. Biederman
2013-10-14 18:24 ` Daniel Kiper
2013-10-14 18:24 ` Daniel Kiper
2013-10-14 18:24 ` Daniel Kiper
2013-10-11 11:04 ` Daniel Kiper
2013-10-11 10:08 ` Eric W. Biederman
-- strict thread matches above, loose matches on Subject: below --
2013-10-11 9:28 Daniel Kiper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131011205016.GA5656@srcf.ucam.org \
--to=mjg59@srcf.ucam.org \
--cc=daniel.kiper@oracle.com \
--cc=david.vrabel@citrix.com \
--cc=ebiederm@xmission.com \
--cc=hbabu@us.ibm.com \
--cc=hpa@linux.intel.com \
--cc=jbeulich@suse.com \
--cc=keescook@chromium.org \
--cc=keir@xen.org \
--cc=kexec@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=richard.weinberger@gmail.com \
--cc=richard@nod.at \
--cc=vgoyal@redhat.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.