| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <y5ogivx7qbdm6u37t5o6na4jewn6qofzrbibnsneoqlwns63y5@eg62cytuvwql> Date: Tue, 21 May 2024 09:58:36 +0800 From: Coiby Xu <coxu@...hat.com> To: Baoquan He <bhe@...hat.com> Cc: kexec@...ts.infradead.org, Ondrej Kozina <okozina@...hat.com>, Milan Broz <gmazyland@...il.com>, Thomas Staudt <tstaudt@...ibm.com>, Daniel P . Berrangé <berrange@...hat.com>, Kairui Song <ryncsn@...il.com>, Jan Pazdziora <jpazdziora@...hat.com>, Pingfan Liu <kernelfans@...il.com>, Dave Young <dyoung@...hat.com>, linux-kernel@...r.kernel.org, x86@...nel.org, Dave Hansen <dave.hansen@...el.com>, Vitaly Kuznetsov <vkuznets@...hat.com>, Eric Biederman <ebiederm@...ssion.com> Subject: Re: [PATCH v3 1/7] kexec_file: allow to place kexec_buf randomly On Mon, May 20, 2024 at 02:16:43PM +0800, Baoquan He wrote: >On 04/25/24 at 06:04pm, Coiby Xu wrote: >> Currently, kexec_buf is placed in order which means for the same >> machine, the info in the kexec_buf is always located at the same >> position each time the machine is booted. This may cause a risk for >> sensitive information like LUKS volume key. Now struct kexec_buf has a >> new field random which indicates it's supposed to be placed in a random >> position. > >Do you want to randomize the key's position for both kdump and kexec >rebooting? Assume you only want to do that for kdump. If so, we may need >to make that more specific in code. Thanks for the suggestion! Currently, no one has requested this feature for kexec reboot so yes, I only have kdump in mind. But kdump depends on kexec thus I'm not sure how we can make it kdump specfic. Do you have a further suggestion? >diff --git a/include/linux/kexec.h b/include/linux/kexec.h >index 060835bb82d5..fc1e20d565d5 100644 >--- a/include/linux/kexec.h >+++ b/include/linux/kexec.h >@@ -171,6 +171,7 @@ int kexec_image_post_load_cleanup_default(struct kimage *image); > * @buf_min: The buffer can't be placed below this address. > * @buf_max: The buffer can't be placed above this address. > * @top_down: Allocate from top of memory. >+ * @random: Place the buffer at a random position. How about a comment here saying this is currently only used by kdump. -- Best regards, Coiby
Powered by blists - more mailing lists