From: ebiederm@xmission.com (Eric W. Biederman)
To: Gerrit Huizenga <gh@us.ibm.com>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>,
Andrew Morton <akpm@osdl.org>,
suparna@in.ibm.com, fastboot@osdl.org, mbligh@aracnet.com,
jbarnes@engr.sgi.com,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [Fastboot] Re: Announce: dumpfs v0.01 - common RAS output API
Date: 29 Jul 2004 18:04:06 -0600 [thread overview]
Message-ID: <m1zn5i2weh.fsf@ebiederm.dsl.xmission.com> (raw)
In-Reply-To: <E1BqJQF-00053v-00@w-gerrit2>
Gerrit Huizenga <gh@us.ibm.com> writes:
> On Thu, 29 Jul 2004 22:20:13 BST, Alan Cox wrote:
> >
> > On Iau, 2004-07-29 at 19:17, Andrew Morton wrote:
> > > Of course, there's an assumption here that the dead kernel doesn't scribble
> > > on pages which were never available to its page allocator. If DMA somehow
> > > goes off and scribbles on the dump kernel we lose.
> >
> > If the new kernel image starts with an SHA hash check including the
> > SHA hash check code that can be pretty robust as a sanity check.
> >
> > > See above. We assume that network RX DMA won't be scribbling in the 16MB
> > > which was pre-reserved. That's reasonable. We _have_ to assume that.
> >
> > Ok
>
> Okay, I may be confused a bit but I *thought* kexec was going to
> load the thin, new kernel (e.g. read from disk operations, which is
> better than write to disk operations from the sick kernel).
/sbin/kexec will load it with sys_kexec_load, before the kernel becomes
sick.
> This concept of having it pre-loaded sounds interesting, protecting
> it from being written on doesn't bother me much, but why *not* read
> it from disk/filesystem and then use the SHA hash in the newly
> loaded & exec'd kernel to make sure that what we loaded was sane?
Exactly. That is where the SHA hash and all of the features will
go in the new ``kernel''. What we are exec is an arbitrary
stand-alone program. I suspect a SHA hash generator and checker
is something we can easily add as a wrapper.
> That sounds simpler than changing the kernel load process around,
> ensuring you have the new kexec'd kernel build and loaded, etc.
> At least it sounds simpler and more in line with using kexec for
> fastboot as well.
The only process that is going to be changed around is where
we store the kernel before we transfer control to it, and when/and
how that transfer of control happens.
The beauty of kexec is all of these fun things become user
problems from the point of the view of the sick kernel so
it does not need to worry about them.
I will be happy to see a SHA patch for /sbin/kexec.
Eric
next prev parent reply other threads:[~2004-07-30 0:08 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-07-22 16:19 Announce: dumpfs v0.01 - common RAS output API Keith Owens
2004-07-26 6:57 ` Andrew Morton
2004-07-28 1:53 ` Eric W. Biederman
2004-07-28 10:54 ` Suparna Bhattacharya
2004-07-28 10:46 ` [Fastboot] " Alan Cox
2004-07-28 14:38 ` Martin J. Bligh
2004-07-28 14:06 ` Alan Cox
2004-07-28 15:21 ` Martin J. Bligh
2004-07-28 15:56 ` Eric W. Biederman
2004-07-28 17:09 ` Andrea Arcangeli
2004-07-28 16:05 ` Eric W. Biederman
2004-07-28 15:42 ` Eric W. Biederman
2004-07-28 15:12 ` Eric W. Biederman
2004-07-28 15:23 ` Martin J. Bligh
2004-07-28 15:53 ` Eric W. Biederman
2004-07-28 16:03 ` Jesse Barnes
2004-07-28 18:00 ` Eric W. Biederman
2004-07-28 18:06 ` Jesse Barnes
2004-07-28 19:42 ` Martin J. Bligh
2004-07-28 19:56 ` [Fastboot] " Alan Cox
2004-07-28 19:44 ` Andrew Morton
2004-07-28 23:11 ` [Fastboot] " Eric W. Biederman
2004-07-28 22:53 ` Alan Cox
2004-07-29 1:12 ` Eric W. Biederman
2004-07-29 14:00 ` Alan Cox
2004-07-29 15:47 ` Eric W. Biederman
2004-07-28 18:21 ` Alan Cox
2004-07-28 19:23 ` Martin J. Bligh
2004-07-28 20:28 ` [Fastboot] " Eric W. Biederman
2004-07-28 20:33 ` Andrew Morton
2004-07-28 19:59 ` Alan Cox
2004-07-28 22:42 ` Andrew Morton
2004-07-28 22:44 ` Jesse Barnes
2004-07-28 23:17 ` Eric W. Biederman
2004-07-28 22:55 ` Alan Cox
2004-07-29 0:22 ` Andrew Morton
2004-07-29 13:57 ` Alan Cox
2004-07-29 18:17 ` Andrew Morton
2004-07-29 21:20 ` Alan Cox
2004-07-29 22:30 ` Gerrit Huizenga
2004-07-30 0:04 ` Eric W. Biederman [this message]
2004-07-29 23:25 ` Alan Cox
2004-07-30 4:07 ` Eric W. Biederman
2004-07-30 12:38 ` Gerrit Huizenga
2004-07-31 13:52 ` Matthias Urlichs
2004-07-30 15:24 ` Olivier Galibert
2004-07-29 1:05 ` Eric W. Biederman
2004-07-29 14:12 ` Martin J. Bligh
2004-07-28 23:44 ` Andrew Morton
2004-07-29 0:58 ` Eric W. Biederman
2004-07-29 1:09 ` Andrew Morton
2004-07-29 1:56 ` Eric W. Biederman
2004-07-29 14:18 ` Martin J. Bligh
2004-07-29 16:01 ` Eric W. Biederman
2004-07-29 16:19 ` Eric W. Biederman
2004-07-29 14:08 ` Martin J. Bligh
2004-07-29 15:52 ` Eric W. Biederman
2004-07-29 16:13 ` Martin J. Bligh
2004-07-29 17:12 ` Matthias Urlichs
-- strict thread matches above, loose matches on Subject: below --
2004-07-30 15:02 Manfred Spraul
2004-07-30 14:42 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1zn5i2weh.fsf@ebiederm.dsl.xmission.com \
--to=ebiederm@xmission.com \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=fastboot@osdl.org \
--cc=gh@us.ibm.com \
--cc=jbarnes@engr.sgi.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mbligh@aracnet.com \
--cc=suparna@in.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.