lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2b315095-2393-45d5-b0bf-ea9fbecd2607@gmail.com>
Date: Fri, 2 Jan 2026 18:02:39 +0300
From: Usama Arif <usamaarif642@...il.com>
To: Breno Leitao <leitao@...ian.org>, Alexander Graf <graf@...zon.com>,
 Mike Rapoport <rppt@...nel.org>, Pasha Tatashin <pasha.tatashin@...een.com>,
 Pratyush Yadav <pratyush@...nel.org>
Cc: linux-kernel@...r.kernel.org, kexec@...ts.infradead.org,
 linux-mm@...ck.org, rmikey@...a.com, clm@...com, riel@...riel.com,
 kernel-team@...a.com
Subject: Re: [PATCH v2 1/2] kexec: history: track previous kernel version



On 02/01/2026 17:53, Breno Leitao wrote:
> Add CONFIG_KEXEC_HISTORY to store and display the kernel version from
> the previous kexec boot.
> 
> When enabled, the current kernel's release string is saved to the
> "previous-release" property in the KHO device tree before kexec. On
> the next boot, if this property exists, the previous kernel version
> is retrieved and printed during early boot.
> 
> This helps diagnose bugs that only manifest when kexecing from
> specific kernel versions, making it easier to correlate crashes with
> the kernel that initiated the kexec.
> 
> Disabled by default to avoid overhead for users who don't need this
> information.
> 
> Signed-off-by: Breno Leitao <leitao@...ian.org>
> ---
>  kernel/Kconfig.kexec               | 13 +++++++++++++
>  kernel/liveupdate/kexec_handover.c | 29 +++++++++++++++++++++++++++++
>  2 files changed, 42 insertions(+)
> 
> diff --git a/kernel/Kconfig.kexec b/kernel/Kconfig.kexec
> index 15632358bcf7..b770c68a3800 100644
> --- a/kernel/Kconfig.kexec
> +++ b/kernel/Kconfig.kexec
> @@ -94,6 +94,19 @@ config KEXEC_JUMP
>  	  Jump between original kernel and kexeced kernel and invoke
>  	  code in physical address mode via KEXEC
>  
> +config KEXEC_HISTORY
> +	bool "Track kexec kernel history"
> +	depends on KEXEC_HANDOVER
> +	help
> +	  When enabled, the kernel will store its release version in the
> +	  KHO FDT before kexec, and the newly booted kernel will read and
> +	  print this information during early boot.
> +
> +	  This is useful for debugging and auditing to know which kernel
> +	  version performed the kexec that booted the current kernel.
> +
> +	  If unsure, say N.
> +


I think we should make this default if KHO is enabled, i.e. not have a Kconfig
option for this. The cost of storing the char array is negligable.

>  config CRASH_DUMP
>  	bool "kernel crash dumps"
>  	default ARCH_DEFAULT_CRASH_DUMP
> diff --git a/kernel/liveupdate/kexec_handover.c b/kernel/liveupdate/kexec_handover.c
> index 73da00aeaa99..06d99627bb3c 100644
> --- a/kernel/liveupdate/kexec_handover.c
> +++ b/kernel/liveupdate/kexec_handover.c
> @@ -21,6 +21,7 @@
>  #include <linux/page-isolation.h>
>  #include <linux/unaligned.h>
>  #include <linux/vmalloc.h>
> +#include <linux/utsname.h>
>  
>  #include <asm/early_ioremap.h>
>  
> @@ -36,6 +37,7 @@
>  #define KHO_FDT_COMPATIBLE "kho-v1"
>  #define PROP_PRESERVED_MEMORY_MAP "preserved-memory-map"
>  #define PROP_SUB_FDT "fdt"
> +#define PROP_PREVIOUS_RELEASE "previous-release"
>  
>  #define KHO_PAGE_MAGIC 0x4b484f50U /* ASCII for 'KHOP' */
>  
> @@ -1253,6 +1255,9 @@ bool kho_finalized(void)
>  struct kho_in {
>  	phys_addr_t fdt_phys;
>  	phys_addr_t scratch_phys;
> +#ifdef CONFIG_KEXEC_HISTORY
> +	char previous_release[__NEW_UTS_LEN + 1];
> +#endif
>  	struct kho_debugfs dbg;
>  };
>  
> @@ -1332,6 +1337,10 @@ static __init int kho_out_fdt_setup(void)
>  	err |= fdt_property_string(root, "compatible", KHO_FDT_COMPATIBLE);
>  	err |= fdt_property(root, PROP_PRESERVED_MEMORY_MAP, &empty_mem_map,
>  			    sizeof(empty_mem_map));
> +#ifdef CONFIG_KEXEC_HISTORY
> +	err |= fdt_property_string(root, PROP_PREVIOUS_RELEASE,
> +				   init_uts_ns.name.release);
> +#endif
>  	err |= fdt_end_node(root);
>  	err |= fdt_finish(root);
>  
> @@ -1455,6 +1464,25 @@ void __init kho_memory_init(void)
>  	}
>  }
>  
> +#ifdef CONFIG_KEXEC_HISTORY
> +static void __init kho_print_previous_kernel(const void *fdt)
> +{
> +	const char *prev_release;
> +	int len;
> +
> +	prev_release = fdt_getprop(fdt, 0, PROP_PREVIOUS_RELEASE, &len);
> +	if (!prev_release || len <= 0)
> +		return;
> +
> +	strscpy(kho_in.previous_release, prev_release,
> +		sizeof(kho_in.previous_release));
> +	pr_info("This kernel was kexec'ed from kernel release: %s\n",
> +		kho_in.previous_release);

Maybe s/release/version everywhere? It might not be a release, but no strong opinion.

> +}
> +#else
> +static void __init kho_print_previous_kernel(const void *fdt) { }
> +#endif
> +
>  void __init kho_populate(phys_addr_t fdt_phys, u64 fdt_len,
>  			 phys_addr_t scratch_phys, u64 scratch_len)
>  {
> @@ -1527,6 +1555,7 @@ void __init kho_populate(phys_addr_t fdt_phys, u64 fdt_len,
>  	kho_in.scratch_phys = scratch_phys;
>  	kho_scratch_cnt = scratch_cnt;
>  	pr_info("found kexec handover data.\n");
> +	kho_print_previous_kernel(fdt);
>  
>  out:
>  	if (fdt)
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ