lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <josgeh3zd55a5sjmclidj53v7hoekzvb63ah45aocvgwh6ajxk@rnzjabyqkojz>
Date: Mon, 5 Jan 2026 02:47:39 -0800
From: Breno Leitao <leitao@...ian.org>
To: Pratyush Yadav <pratyush@...nel.org>
Cc: Alexander Graf <graf@...zon.com>, Mike Rapoport <rppt@...nel.org>, 
	Pasha Tatashin <pasha.tatashin@...een.com>, linux-kernel@...r.kernel.org, kexec@...ts.infradead.org, 
	linux-mm@...ck.org, usamaarif642@...il.com, rmikey@...a.com, clm@...com, 
	riel@...riel.com, kernel-team@...a.com
Subject: Re: [PATCH v2 1/2] kexec: history: track previous kernel version

Hello Pratyush,

On Fri, Jan 02, 2026 at 09:17:27PM +0100, Pratyush Yadav wrote:
> > Subject: [PATCH v2 1/2] kexec: history: track previous kernel version
> 
> Nit: please use the prefix "kho: " for KHO patches.

ack.

> On Fri, Jan 02 2026, Breno Leitao wrote:
> > Add CONFIG_KEXEC_HISTORY to store and display the kernel version from
> > the previous kexec boot.
> >
> > When enabled, the current kernel's release string is saved to the
> > "previous-release" property in the KHO device tree before kexec. On
> > the next boot, if this property exists, the previous kernel version
> > is retrieved and printed during early boot.
> >
> > This helps diagnose bugs that only manifest when kexecing from
> > specific kernel versions, making it easier to correlate crashes with
> > the kernel that initiated the kexec.
> 
> Why can't you use journalctl to figure out which kernel was running
> previously?

This is a good question, this is why this doesn't work for me:

1) in some cases you cannot rely on systemd infrastructure.
   - This is very common when you have linux as the boot loader, which
     basically boot linux (UEFI -> Bootloader/linux -> kexec -> target linux)
   - In these cases, the bootloader doesn't have write access to the
     filesyste/journal
   - This is becoming more and more common. For instance, at Meta, Linux
     is the default bootloader.

2) in some of the bugs I've listed earlier, the machine doesn't even get
   to userspace before the crash. For instance, in the bug fixed by
   commit 77d48d39e991 ("efistub/tpm: Use ACPI reclaim memory for event
   log to avoid corruption"), the kernel was not reach userspace/init,
   thus, it would not be possible to run journalctl.

Thanks for the review,
--breno

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ