| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <04EAB7311EE43145B2D3536183D1A84454A3CD95@GSjpTKYDCembx31.service.hitachi.net>
Date: Thu, 3 Dec 2015 02:01:38 +0000
From: 河合英宏 / KAWAI,HIDEHIRO
<hidehiro.kawai.ez@...achi.com>
To: "'Borislav Petkov'" <bp@...en8.de>
CC: Jonathan Corbet <corbet@....net>,
Peter Zijlstra <peterz@...radead.org>,
Ingo Molnar <mingo@...nel.org>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
"H. Peter Anvin" <hpa@...or.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Thomas Gleixner <tglx@...utronix.de>,
Vivek Goyal <vgoyal@...hat.com>, Baoquan He <bhe@...hat.com>,
"linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
"x86@...nel.org" <x86@...nel.org>,
"kexec@...ts.infradead.org" <kexec@...ts.infradead.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Michal Hocko <mhocko@...nel.org>,
平松雅巳 / HIRAMATU,MASAMI
<masami.hiramatsu.pt@...achi.com>
Subject: RE: [V5 PATCH 3/4] kexec: Fix race between panic() and
crash_kexec() called directly
> On Wed, Dec 02, 2015 at 11:57:38AM +0000, 河合英宏 / KAWAI,HIDEHIRO wrote:
> > We can do so, but I think resetting panic_cpu always would be
> > simpler and safer.
I'll state in detail.
When we call crash_kexec() without entering panic() and return from
it, panic() should be called eventually. But the code paths are
a bit complicated and there are many implementations for each
architecture. So one day, this assumption may be broken; the CPU
doesn't call panic(). Or the CPU may fail to call panic() because
we are already in insane state. It would be nervous, but allowing
another CPU to process panic routines by resetting panic_cpu
is safer approach.
> Well, I think executing code needlessly *especially* at panic time is
> not all that rosy either.
>
> Besides something like this:
>
> static bool kexec_failed;
>
> ...
>
> if (crash_kexec_post_notifiers && !kexec_failed)
> kexec_failed = __crash_kexec(NULL);
>
> is as simple as it gets.
Since this code is executed only once due to panic_cpu,
I think introducing this logic is not much valuable.
Also, current implementation is already quite simple:
panic()
{
...
__crash_kexec(NULL) {
if (mutex_trylock(&kexec_mutex)) {
if (kexec_crash_image) {
/* don't return */
}
}
mutex_unlock(&kexec_mutex)
}
How do you think?
Regards,
--
Hidehiro Kawai
Hitachi, Ltd. Research & Development Group
Powered by blists - more mailing lists