From: Baoquan He <bhe@redhat.com>
To: Coiby Xu <coxu@redhat.com>
Cc: kexec@lists.infradead.org, "Ondrej Kozina" <okozina@redhat.com>,
"Milan Broz" <gmazyland@gmail.com>,
"Thomas Staudt" <tstaudt@de.ibm.com>,
"Daniel P . Berrangé" <berrange@redhat.com>,
"Kairui Song" <ryncsn@gmail.com>,
"Jan Pazdziora" <jpazdziora@redhat.com>,
"Pingfan Liu" <kernelfans@gmail.com>,
"Dave Young" <dyoung@redhat.com>,
linux-kernel@vger.kernel.org, x86@kernel.org,
"Dave Hansen" <dave.hansen@intel.com>,
"Vitaly Kuznetsov" <vkuznets@redhat.com>,
"Eric Biederman" <ebiederm@xmission.com>
Subject: Re: [PATCH v3 1/7] kexec_file: allow to place kexec_buf randomly
Date: Tue, 21 May 2024 11:13:43 +0800 [thread overview]
Message-ID: <ZkwRZxGw2dWStd1C@MiWiFi-R3L-srv> (raw)
In-Reply-To: <y5ogivx7qbdm6u37t5o6na4jewn6qofzrbibnsneoqlwns63y5@eg62cytuvwql>
On 05/21/24 at 09:58am, Coiby Xu wrote:
> On Mon, May 20, 2024 at 02:16:43PM +0800, Baoquan He wrote:
> > On 04/25/24 at 06:04pm, Coiby Xu wrote:
> > > Currently, kexec_buf is placed in order which means for the same
> > > machine, the info in the kexec_buf is always located at the same
> > > position each time the machine is booted. This may cause a risk for
> > > sensitive information like LUKS volume key. Now struct kexec_buf has a
> > > new field random which indicates it's supposed to be placed in a random
> > > position.
> >
> > Do you want to randomize the key's position for both kdump and kexec
> > rebooting? Assume you only want to do that for kdump. If so, we may need
> > to make that more specific in code.
>
> Thanks for the suggestion! Currently, no one has requested this feature
> for kexec reboot so yes, I only have kdump in mind. But kdump depends
> on kexec thus I'm not sure how we can make it kdump specfic. Do you have
> a further suggestion?
I remember you said kexec reboot doesn't need the key passed from 1st
kernel to 2nd kernel because the 2nd kernel will calculate one during
boot.
kbuf has the information, the similar handling has been in
kernel/kexec_file.c:
#ifdef CONFIG_CRASH_DUMP
if (kbuf->image->type == KEXEC_TYPE_CRASH)
....;
#endif
>
>
> > diff --git a/include/linux/kexec.h b/include/linux/kexec.h
> > index 060835bb82d5..fc1e20d565d5 100644
> > --- a/include/linux/kexec.h
> > +++ b/include/linux/kexec.h
> > @@ -171,6 +171,7 @@ int kexec_image_post_load_cleanup_default(struct kimage *image);
> > * @buf_min: The buffer can't be placed below this address.
> > * @buf_max: The buffer can't be placed above this address.
> > * @top_down: Allocate from top of memory.
> > + * @random: Place the buffer at a random position.
>
> How about a comment here saying this is currently only used by kdump.
No, it's not good. Please don't do this, let code tell it.
By the way, can you rebase this series on the latest v6.9 and resend? I
rebase my code and can't apply your patchset.
next prev parent reply other threads:[~2024-05-21 3:13 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-25 10:04 [PATCH v3 0/7] Support kdump with LUKS encryption by reusing LUKS volume keys Coiby Xu
2024-04-25 10:04 ` [PATCH v3 1/7] kexec_file: allow to place kexec_buf randomly Coiby Xu
2024-05-20 6:16 ` Baoquan He
2024-05-21 1:58 ` Coiby Xu
2024-05-21 3:13 ` Baoquan He [this message]
2024-05-24 7:22 ` Coiby Xu
2024-04-25 10:04 ` [PATCH v3 2/7] crash_dump: make dm crypt keys persist for the kdump kernel Coiby Xu
2024-04-26 13:10 ` kernel test robot
2024-05-21 3:20 ` Baoquan He
2024-05-23 5:34 ` Coiby Xu
2024-04-25 10:04 ` [PATCH v3 3/7] crash_dump: store dm keys in kdump reserved memory Coiby Xu
2024-05-21 3:42 ` Baoquan He
2024-05-24 7:38 ` Coiby Xu
2024-04-25 10:04 ` [PATCH v3 4/7] crash_dump: reuse saved dm crypt keys for CPU/memory hot-plugging Coiby Xu
2024-05-21 3:48 ` Baoquan He
2024-05-24 7:40 ` Coiby Xu
2024-04-25 10:04 ` [PATCH v3 5/7] crash_dump: retrieve dm crypt keys in kdump kernel Coiby Xu
2024-04-25 10:04 ` [PATCH v3 6/7] x86/crash: pass dm crypt keys to " Coiby Xu
2024-04-25 10:04 ` [PATCH v3 7/7] x86/crash: make the page that stores the dm crypt keys inaccessible Coiby Xu
2024-05-21 3:51 ` Baoquan He
2024-05-24 7:43 ` Coiby Xu
2024-05-20 6:18 ` [PATCH v3 0/7] Support kdump with LUKS encryption by reusing LUKS volume keys Baoquan He
2024-05-21 1:43 ` Coiby Xu
2024-05-21 3:19 ` Baoquan He
2024-05-30 9:33 ` Dave Young
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZkwRZxGw2dWStd1C@MiWiFi-R3L-srv \
--to=bhe@redhat.com \
--cc=berrange@redhat.com \
--cc=coxu@redhat.com \
--cc=dave.hansen@intel.com \
--cc=dyoung@redhat.com \
--cc=ebiederm@xmission.com \
--cc=gmazyland@gmail.com \
--cc=jpazdziora@redhat.com \
--cc=kernelfans@gmail.com \
--cc=kexec@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=okozina@redhat.com \
--cc=ryncsn@gmail.com \
--cc=tstaudt@de.ibm.com \
--cc=vkuznets@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox