| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YJQOmxx1EMUqNpNn@google.com>
Date: Thu, 6 May 2021 15:43:23 +0000
From: Sean Christopherson <seanjc@...gle.com>
To: Joerg Roedel <joro@...tes.org>
Cc: Eric Biederman <ebiederm@...ssion.com>, x86@...nel.org,
kexec@...ts.infradead.org, Joerg Roedel <jroedel@...e.de>,
stable@...r.kernel.org, hpa@...or.com,
Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Peter Zijlstra <peterz@...radead.org>,
Jiri Slaby <jslaby@...e.cz>,
Dan Williams <dan.j.williams@...el.com>,
Tom Lendacky <thomas.lendacky@....com>,
Juergen Gross <jgross@...e.com>,
Kees Cook <keescook@...omium.org>,
David Rientjes <rientjes@...gle.com>,
Cfir Cohen <cfir@...gle.com>,
Erdem Aktas <erdemaktas@...gle.com>,
Masami Hiramatsu <mhiramat@...nel.org>,
Mike Stunes <mstunes@...are.com>,
Martin Radev <martin.b.radev@...il.com>,
Arvind Sankar <nivedita@...m.mit.edu>,
linux-coco@...ts.linux.dev, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org, virtualization@...ts.linux-foundation.org
Subject: Re: [PATCH 1/2] kexec: Allow architecture code to opt-out at runtime
On Thu, May 06, 2021, Joerg Roedel wrote:
> From: Joerg Roedel <jroedel@...e.de>
>
> Allow a runtime opt-out of kexec support for architecture code in case
> the kernel is running in an environment where kexec is not properly
> supported yet.
>
> This will be used on x86 when the kernel is running as an SEV-ES
> guest. SEV-ES guests need special handling for kexec to hand over all
> CPUs to the new kernel. This requires special hypervisor support and
> handling code in the guest which is not yet implemented.
>
> Cc: stable@...r.kernel.org # v5.10+
> Signed-off-by: Joerg Roedel <jroedel@...e.de>
> ---
> kernel/kexec.c | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> diff --git a/kernel/kexec.c b/kernel/kexec.c
> index c82c6c06f051..d03134160458 100644
> --- a/kernel/kexec.c
> +++ b/kernel/kexec.c
> @@ -195,11 +195,25 @@ static int do_kexec_load(unsigned long entry, unsigned long nr_segments,
> * that to happen you need to do that yourself.
> */
>
> +bool __weak arch_kexec_supported(void)
> +{
> + return true;
> +}
> +
> static inline int kexec_load_check(unsigned long nr_segments,
> unsigned long flags)
> {
> int result;
>
> + /*
> + * The architecture may support kexec in general, but the kernel could
> + * run in an environment where it is not (yet) possible to execute a new
> + * kernel. Allow the architecture code to opt-out of kexec support when
> + * it is running in such an environment.
> + */
> + if (!arch_kexec_supported())
> + return -ENOSYS;
This misses kexec_file_load. Also, is a new hook really needed? E.g. the
SEV-ES check be shoved into machine_kexec_prepare(). The downside is that we'd
do a fair amount of work before detecting failure, but that doesn't seem hugely
problematic.
> +
> /* We only trust the superuser with rebooting the system. */
> if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
> return -EPERM;
> --
> 2.31.1
>
Powered by blists - more mailing lists