| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251118161526.GD90703@nvidia.com> Date: Tue, 18 Nov 2025 12:15:26 -0400 From: Jason Gunthorpe <jgg@...dia.com> To: Pasha Tatashin <pasha.tatashin@...een.com> Cc: Mike Rapoport <rppt@...nel.org>, pratyush@...nel.org, jasonmiu@...gle.com, graf@...zon.com, dmatlack@...gle.com, rientjes@...gle.com, corbet@....net, rdunlap@...radead.org, ilpo.jarvinen@...ux.intel.com, kanie@...ux.alibaba.com, ojeda@...nel.org, aliceryhl@...gle.com, masahiroy@...nel.org, akpm@...ux-foundation.org, tj@...nel.org, yoann.congal@...le.fr, mmaurer@...gle.com, roman.gushchin@...ux.dev, chenridong@...wei.com, axboe@...nel.dk, mark.rutland@....com, jannh@...gle.com, vincent.guittot@...aro.org, hannes@...xchg.org, dan.j.williams@...el.com, david@...hat.com, joel.granados@...nel.org, rostedt@...dmis.org, anna.schumaker@...cle.com, song@...nel.org, linux@...ssschuh.net, linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org, linux-mm@...ck.org, gregkh@...uxfoundation.org, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, dave.hansen@...ux.intel.com, x86@...nel.org, hpa@...or.com, rafael@...nel.org, dakr@...nel.org, bartosz.golaszewski@...aro.org, cw00.choi@...sung.com, myungjoo.ham@...sung.com, yesanishhere@...il.com, Jonathan.Cameron@...wei.com, quic_zijuhu@...cinc.com, aleksander.lobakin@...el.com, ira.weiny@...el.com, andriy.shevchenko@...ux.intel.com, leon@...nel.org, lukas@...ner.de, bhelgaas@...gle.com, wagi@...nel.org, djeffery@...hat.com, stuart.w.hayes@...il.com, ptyadav@...zon.de, lennart@...ttering.net, brauner@...nel.org, linux-api@...r.kernel.org, linux-fsdevel@...r.kernel.org, saeedm@...dia.com, ajayachandra@...dia.com, parav@...dia.com, leonro@...dia.com, witu@...dia.com, hughd@...gle.com, skhawaja@...gle.com, chrisl@...nel.org Subject: Re: [PATCH v6 02/20] liveupdate: luo_core: integrate with KHO On Tue, Nov 18, 2025 at 10:46:35AM -0500, Pasha Tatashin wrote: > > > This won't leak data, as /dev/liveupdate is completely disabled, so > > > nothing preserved in memory will be recoverable. > > > > This seems reasonable, but it is still dangerous. > > > > At the minimum the KHO startup either needs to succeed, panic, or fail > > to online most of the memory (ie run from the safe region only) > > Allowing degrade booting using only scratch memory sounds like a very > good compromise. This allows the live-update boot to stay alive as a > sort of "crash kernel," particularly since kdump functionality is not > available here. However, it would require some work in KHO to enable > such a feature. > > > The above approach works better for things like VFIO or memfd where > > you can boot significantly safely. Not sure about iommu though, if > > iommu doesn't deserialize properly then it probably corrupts all > > memory too. > > Yes, DMA may corrupt memory if KHO is broken, *but* we are discussing > broken LUO recovering, the KHO preserved memory should still stay as > preserved but unretriable, so DMA activity should only happen to those > regions... If the iommu is not preserved then normal iommu boot will possibly set the translation the identiy and it will scribble over random memory. You can't rely on the translation being present and only reaching kho preserved memroy if the iommu can't restore itself. Jason
Powered by blists - more mailing lists