lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 8 Dec 2007 23:50:33 +0100
From:	"Rafael J. Wysocki" <rjw@...k.pl>
To:	bbpetkov@...oo.de
Cc:	Pavel Machek <pavel@...e.cz>, linux-kernel@...r.kernel.org
Subject: Re: [RFC] swap image signature check upon resume

On Saturday, 8 of December 2007, Borislav Petkov wrote:
> On Fri, Dec 07, 2007 at 09:19:09PM +0100, Rafael J. Wysocki wrote:
> 
> ...
> 
> > > > Well, there's a patchset in the current mainline that allows you to use
> > > > arbitrary (sufficiently new) kernel to load the image and then restore the
> > > > image kernel.  So, you can hibernate 2.6.24-rc3 and use 2.6.24-rc2 to restore
> > > > it, for example.
> > > > 
> > > > I'm going to do that for i386 too.
> > > right, this is d307c4a8e826c44f9633bd3f7e60d0491e7d885a (Hibernation: Arbitrary
> > > boot kernel support - generic code), i should've seen that. What's the status of
> > > those bits, from a quick scan it seems they need some rewiring (Kconfig, e.g.
> > > CONFIG_ARCH_HIBERNATION_HEADER etc..) and arch-specific save and restore
> > > functions?
> > 
> > No, this code is fully functional. :-)
> > 
> > The arch save and restore functions are in arch/x86/kernel/suspend_64.c .
> > 
> > As I said, i386 is not yet supported.
> 
> nice, holler if you need a tester when you have some prototypes ready. By the way,
> what do you do when the suspend image header mismatches and it is unsafe to continue booting?

If the image header doesn't match, we don't load it and return an error code,
which usually results in the boot kernel continuing to boot.

> Also, there's a freakishly long comment in suspend_64.c, might wanna shorten it:

Ah, OK.

I'll take your patch for 2.6.25, thanks.


> Signed-off-by: Borislav Petkov <bbpetkov@...oo.de>
> 
> diff --git a/arch/x86/kernel/suspend_64.c b/arch/x86/kernel/suspend_64.c
> index db284ef..0a23e5f 100644
> --- a/arch/x86/kernel/suspend_64.c
> +++ b/arch/x86/kernel/suspend_64.c
> @@ -118,7 +118,12 @@ void fix_processor_context(void)
>  	int cpu = smp_processor_id();
>  	struct tss_struct *t = &per_cpu(init_tss, cpu);
>  
> -	set_tss_desc(cpu,t);	/* This just modifies memory; should not be necessary. But... This is necessary, because 386 hardware has concept of busy TSS or some similar stupidity. */
> +	/*
> +	 * This just modifies memory; should not be necessary. But... This
> +	 * is necessary, because 386 hardware has concept of busy TSS or some
> +	 * similar stupidity.
> +	 */
> +	set_tss_desc(cpu,t);
>  
>  	cpu_gdt(cpu)[GDT_ENTRY_TSS].type = 9;
>  
> @@ -138,7 +143,6 @@ void fix_processor_context(void)
>                  loaddebug(&current->thread, 6);
>                  loaddebug(&current->thread, 7);
>  	}
> -
>  }
>  
>  #ifdef CONFIG_HIBERNATION
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ