public inbox for kexec@lists.infradead.org
 help / color / mirror / Atom feed
From: "Ahmed S. Darwish" <darwish.07@gmail.com>
To: Vivek Goyal <vgoyal@redhat.com>
Cc: X86-ML <x86@kernel.org>, KEXEC-ML <kexec@lists.infradead.org>,
	Haren Myneni <hbabu@us.ibm.com>,
	Simon Horman <horms@verge.net.au>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@elte.hu>
Subject: Re: Saveoops: Making Kexec purgatory position-independent?
Date: Sun, 27 Feb 2011 17:43:46 +0200	[thread overview]
Message-ID: <20110227154346.GA18300@laptop> (raw)
In-Reply-To: <20110227141600.GA27699@redhat.com>

On Sun, Feb 27, 2011 at 09:16:00AM -0500, Vivek Goyal wrote:
> On Sun, Feb 27, 2011 at 03:24:09PM +0200, Ahmed S. Darwish wrote:
> > 
> > This is in fact my plan. Using Syslinux, I loaded 'purgatory.ro' to RAM
> > thinking that it will still be needed. Re-checking the purgatory code
> > now after reading above note, it seems it does 5 important points:
> > 
> >    a) reset the VGA (if instructed)
> >    b) reset the PIC to legacy mode (if instructed)
> >    c) check the overall integrity of the second kernel image (SHA-2)
> >    d) setup the environment for second kernel entry (switch back to
> >       32-bit protected mode in x86-64, reset registers, etc)
> >    e) saves the first 640K in a backup region
> > 
> > So (a) and (b) can be done elsewhere if needed; (c) isn't needed cause
> > if the bootloader corrupts images, we have bigger problems;
> 
> First kernel boot itself could corrupt the second kernel?
> 

Indeed; that didn't pass my mind though. Linus was also quite nervous
of writing to disk upon panic, so some validity guarantee of the second
kernel image will be asked for.

That means, I guess, that the purgatory will still be needed. Eric, any
thoughts?

> Secondly, Once you are booted sucessfully, I guess same can be used for
> regular kernel crash without reloading the kdump kernel (For poeple who are
> looking to capture just logs). If yes, it will be good to check integrity
> of second kernel image.
> 

Didn't understand the above paragraph, but in all cases, it seems that
checking the second kernel integrity will be quite important.

Maybe we'll also need to check the integrity of the integrator :)

> Is bootloader going to set up the kernels in such a way that second kernel
> boot is not going to overwrite the first kernel's memory? Otherwise how
> do we make sure that second kernel does not overwrite the oops/logs
> information you are trying to save.
> 

There will be some sort of protection for the logs area, yes. How such
communication between the two kernels will occur, I don't know. For now,
I'm focused on loading and booting the second kernel.

> On a side note, does UEFI provide some functionality where first kernel
> can save some limited amount of buffer and retrieve it back when a new
> kernel is booting. I might be completely into weedes here. This is just
> based on discussion with somebody long back who mentioned that UEFI
> might allow us to save kernel oops and the retrieve it back when fresh
> kernel is booting.
> 

I have zero contact with EFI, though there's some sort of ACPI-interfaced
nonvolatile RAM in modern high-end x86 servers.

> Do two kernels boot from mutually exclusive locations or you will continue
> to copy new kernel at some low meory address and boot from there? Copying
> will again lead to issue of how not to overwrite or concept of backup
> region. For not copying we need to make sure what the highest address
> kernel can boot from and also letting first kernel know not to overwrite
> second kernel.
> 

Yes, I'll need to utilize the boot protocol for this, making sure the
first kernel mark the second one's loaded image (and its purgatory) as
reserved.

> Above are just some random thoughts without going into details of the
> proposal.

Appreciated! I need all input possible at this stage.

> Thanks
> Vivek
> 

thanks,

-- 
Darwish
http://darwish.07.googlepages.com

_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

  reply	other threads:[~2011-02-27 15:43 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-02-26 16:20 Saveoops: Making Kexec purgatory position-independent? Ahmed S. Darwish
2011-02-26 21:38 ` H. Peter Anvin
2011-02-27  0:57   ` Eric W. Biederman
2011-02-27  1:15     ` H. Peter Anvin
2011-02-27 13:24     ` Ahmed S. Darwish
2011-02-27 14:16       ` Vivek Goyal
2011-02-27 15:43         ` Ahmed S. Darwish [this message]
2011-02-27 18:32       ` Eric W. Biederman
2011-02-28  1:38     ` Simon Horman
2011-02-28  1:39     ` H. Peter Anvin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20110227154346.GA18300@laptop \
    --to=darwish.07@gmail.com \
    --cc=ebiederm@xmission.com \
    --cc=hbabu@us.ibm.com \
    --cc=horms@verge.net.au \
    --cc=hpa@zytor.com \
    --cc=kexec@lists.infradead.org \
    --cc=mingo@elte.hu \
    --cc=vgoyal@redhat.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox