lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240304111127.GAZeWsX3gBabiwrrVV@fat_crate.local>
Date: Mon, 4 Mar 2024 12:11:27 +0100
From: Borislav Petkov <bp@...en8.de>
To: Baoquan He <bhe@...hat.com>
Cc: X86 ML <x86@...nel.org>, LKML <linux-kernel@...r.kernel.org>,
	dyoung@...hat.com
Subject: Re: [RFC PATCH 1/2] Revert "x86/kexec/64: Prevent kexec from 5-level
 paging to a 4-level only kernel"

On Mon, Mar 04, 2024 at 06:51:26PM +0800, Baoquan He wrote:
> It's not true. Customer may want to try to load a different kernel if

"may want" is one of those hypothetical things which we don't do. If we
have to support everything a customer *may* want, then the kernel will
be a madness.

Also, you do realize that the kernel doesn't care about "customers",
right?

And the question is, how *sensible* is such a use case?

In my experience, not at all. You simply take the same kernel or a very
similar one and kexec it.

> they have taken many testings and trust that kdump kernel, or for
> debugging.

Yes, and those kernels will have 5level too. Practically, distros must
enable 5level support in their kernels in order to support modern hw.

> The similar for kexec reboot into 2nd kernel. We don't enforce
> kexec/kdump to work on the same kernel as the 1st kernel. With the
> fail and message, user can take measure to avoid that. it's better the
> failure is encountered when failing to jump to kexec/kdump kernel.

I can't parse that example.

Btw, kexec tools don't use those XLF_5LEVEL* flags bits either. Which
basically means we don't really need them.

> I remmeber we have use case where customer used kdump kernel different
> than the 1st kernel. While I don't remember why.

See above.

And that customer can still use the old distro kernels which have those
flags.

The point here is, going forward, 5level becomes ubiquitous and will be
even more tightly integrated in the kernel so that it'll become just
another default feature which is either there or not.

So the distinction is going away and the flags can go too.

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ