lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <924f41b2-7779-9c56-9b71-56523756ecdc@oracle.com>
Date:   Wed, 2 Oct 2019 09:24:46 -0400
From:   Boris Ostrovsky <boris.ostrovsky@...cle.com>
To:     Jan Beulich <jbeulich@...e.com>
Cc:     xen-devel@...ts.xenproject.org, linux-kernel@...r.kernel.org,
        james@...gwall.me.uk, Juergen Gross <jgross@...e.com>
Subject: Re: [Xen-devel] [PATCH] x86/xen: Return from panic notifier

On 10/2/19 3:40 AM, Jan Beulich wrote:
> On 01.10.2019 17:16, Boris Ostrovsky wrote:
>> Currently execution of panic() continues until Xen's panic notifier
>> (xen_panic_event()) is called at which point we make a hypercall that
>> never returns.
>>
>> This means that any notifier that is supposed to be called later as
>> well as significant part of panic() code (such as pstore writes from
>> kmsg_dump()) is never executed.
> Back at the time when this was introduced into the XenoLinux tree,
> I think this behavior was intentional for at least DomU-s. I wonder
> whether you wouldn't want your change to further distinguish Dom0
> and DomU behavior.

Do you remember what the reason for that was?

I think having ability to call kmsg_dump() on a panic is a useful thing
to have for domUs as well. Besides, there may be other functionality
added post-notifiers in panic() in the future. Or another notifier may
be registered later with the same lowest priority.

Is there a downside in allowing domUs to fall through panic() all the
way to emergency_restart()?

>
>> There is no reason for xen_panic_event() to be this last point in
>> execution since panic()'s emergency_restart() will call into
>> xen_emergency_restart() from where we can perform our hypercall.
> Did you consider, as an alternative, to lower the notifier's
> priority?

I didn't but that wouldn't help with the original problem that James
reported --- we'd still not get to kmsg_dump() call.


-boris

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ