| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Jul 2013 13:09:13 -0600 From: Stephen Warren <swarren@...dotorg.org> To: "Eric W. Biederman" <ebiederm@...ssion.com> CC: Simon Horman <horms@...ge.net.au>, Andrew Morton <akpm@...ux-foundation.org>, Stephen Warren <swarren@...dia.com>, kexec@...ts.infradead.org, linux-kernel@...r.kernel.org, ARM kernel mailing list <linux-arm-kernel@...ts.infradead.org>, Will Deacon <will.deacon@....com>, Russell King <linux@....linux.org.uk> Subject: Re: [PATCH] kexec: return error of machine_kexec() fails On 07/10/2013 08:36 AM, Eric W. Biederman wrote: > Simon Horman <horms@...ge.net.au> writes: > >> From: Stephen Warren <swarren@...dia.com> >> >> Prior to commit 3ab8352 "kexec jump", if machine_kexec() returned, >> sys_reboot() would return -EINVAL. This patch restores this behaviour >> for the non-KEXEC_JUMP case, where machine_kexec() is not expected to >> return. >> >> This situation can occur on ARM, where kexec requires disabling all but >> one CPU using CPU hotplug. However, if hotplug isn't supported by the >> particular HW the kernel is running on, then kexec cannot succeed. > > Ugh. This reasoning is nonsense. Prior to the kexec jump work > machine_kexec could never return and so could never return -EINVAL. Well, any function /can/ return. Perhaps there was some undocumented requirement that machine_kexec() was not allowed to return? I did test it, and everything appears to work fine if it does return, aside from the error code. > It is not ok to have an image loaded that we can not kexec. kexec_load > should fail not machine_shutdown or machine_kexec. Hmm. I suppose one option is to enhance ARM's machine_kexec_prepare(), which is called from kexec_load(), and have that fail unless either the current HW is non-SMP, or full CPU HW/driver hotplug/PM support is available, so that it's guaranteed that machine_shutdown() will be able to fully disable all but one CPU. Would that be acceptable? Other alternatives would be: a) Force the user to disable (hot unplug) the CPUs themselves before calling kexec_load(). This seems rather onerous, and could be defeated by replugging them between kexec_load() and kernel_kexec(). b) Actually modifying kexec_load() to disable the CPUs, at the point where it's legal for it to fail. However, I suspect some use-cases call kexec_load() a long time before kernel_kexec(), so this would end up disabling SMP way too early. > ARM needs to get it's act together and stop modifying the generic code > to deal with it's broken multi-cpu architecture. A standardized in-CPU mechanism for disabling CPUs as part of the ARM architecture would be nice. However, even if that appears today, it's not going to help all the already extant systems that don't have it. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists