| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+CK2bC6sZe1qYd4=KjqDY-eUb95RBPK-Us+-PZbvkrVsvS5Cw@mail.gmail.com> Date: Tue, 18 Nov 2025 10:46:35 -0500 From: Pasha Tatashin <pasha.tatashin@...een.com> To: Jason Gunthorpe <jgg@...dia.com> Cc: Mike Rapoport <rppt@...nel.org>, pratyush@...nel.org, jasonmiu@...gle.com, graf@...zon.com, dmatlack@...gle.com, rientjes@...gle.com, corbet@....net, rdunlap@...radead.org, ilpo.jarvinen@...ux.intel.com, kanie@...ux.alibaba.com, ojeda@...nel.org, aliceryhl@...gle.com, masahiroy@...nel.org, akpm@...ux-foundation.org, tj@...nel.org, yoann.congal@...le.fr, mmaurer@...gle.com, roman.gushchin@...ux.dev, chenridong@...wei.com, axboe@...nel.dk, mark.rutland@....com, jannh@...gle.com, vincent.guittot@...aro.org, hannes@...xchg.org, dan.j.williams@...el.com, david@...hat.com, joel.granados@...nel.org, rostedt@...dmis.org, anna.schumaker@...cle.com, song@...nel.org, linux@...ssschuh.net, linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org, linux-mm@...ck.org, gregkh@...uxfoundation.org, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, dave.hansen@...ux.intel.com, x86@...nel.org, hpa@...or.com, rafael@...nel.org, dakr@...nel.org, bartosz.golaszewski@...aro.org, cw00.choi@...sung.com, myungjoo.ham@...sung.com, yesanishhere@...il.com, Jonathan.Cameron@...wei.com, quic_zijuhu@...cinc.com, aleksander.lobakin@...el.com, ira.weiny@...el.com, andriy.shevchenko@...ux.intel.com, leon@...nel.org, lukas@...ner.de, bhelgaas@...gle.com, wagi@...nel.org, djeffery@...hat.com, stuart.w.hayes@...il.com, ptyadav@...zon.de, lennart@...ttering.net, brauner@...nel.org, linux-api@...r.kernel.org, linux-fsdevel@...r.kernel.org, saeedm@...dia.com, ajayachandra@...dia.com, parav@...dia.com, leonro@...dia.com, witu@...dia.com, hughd@...gle.com, skhawaja@...gle.com, chrisl@...nel.org Subject: Re: [PATCH v6 02/20] liveupdate: luo_core: integrate with KHO > > This won't leak data, as /dev/liveupdate is completely disabled, so > > nothing preserved in memory will be recoverable. > > This seems reasonable, but it is still dangerous. > > At the minimum the KHO startup either needs to succeed, panic, or fail > to online most of the memory (ie run from the safe region only) Allowing degrade booting using only scratch memory sounds like a very good compromise. This allows the live-update boot to stay alive as a sort of "crash kernel," particularly since kdump functionality is not available here. However, it would require some work in KHO to enable such a feature. > The above approach works better for things like VFIO or memfd where > you can boot significantly safely. Not sure about iommu though, if > iommu doesn't deserialize properly then it probably corrupts all > memory too. Yes, DMA may corrupt memory if KHO is broken, *but* we are discussing broken LUO recovering, the KHO preserved memory should still stay as preserved but unretriable, so DMA activity should only happen to those regions... Pasha > > Jason
Powered by blists - more mailing lists