lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <2vxz5x94hv18.fsf@kernel.org>
Date: Wed, 14 Jan 2026 19:08:19 +0000
From: Pratyush Yadav <pratyush@...nel.org>
To: Breno Leitao <leitao@...ian.org>
Cc: Pratyush Yadav <pratyush@...nel.org>,  Alexander Graf <graf@...zon.com>,
  Mike Rapoport <rppt@...nel.org>,  Pasha Tatashin
 <pasha.tatashin@...een.com>,  linux-kernel@...r.kernel.org,
  kexec@...ts.infradead.org,  linux-mm@...ck.org,  usamaarif642@...il.com,
  rmikey@...a.com,  clm@...com,  riel@...riel.com,  kernel-team@...a.com
Subject: Re: [PATCH v2 1/2] kexec: history: track previous kernel version

On Mon, Jan 05 2026, Breno Leitao wrote:

> Hello Pratyush,
>
> On Fri, Jan 02, 2026 at 09:17:27PM +0100, Pratyush Yadav wrote:
>> > Subject: [PATCH v2 1/2] kexec: history: track previous kernel version
>> 
>> Nit: please use the prefix "kho: " for KHO patches.
>
> ack.
>
>> On Fri, Jan 02 2026, Breno Leitao wrote:
>> > Add CONFIG_KEXEC_HISTORY to store and display the kernel version from
>> > the previous kexec boot.
>> >
>> > When enabled, the current kernel's release string is saved to the
>> > "previous-release" property in the KHO device tree before kexec. On
>> > the next boot, if this property exists, the previous kernel version
>> > is retrieved and printed during early boot.
>> >
>> > This helps diagnose bugs that only manifest when kexecing from
>> > specific kernel versions, making it easier to correlate crashes with
>> > the kernel that initiated the kexec.
>> 
>> Why can't you use journalctl to figure out which kernel was running
>> previously?
>
> This is a good question, this is why this doesn't work for me:
>
> 1) in some cases you cannot rely on systemd infrastructure.
>    - This is very common when you have linux as the boot loader, which
>      basically boot linux (UEFI -> Bootloader/linux -> kexec -> target linux)
>    - In these cases, the bootloader doesn't have write access to the
>      filesyste/journal
>    - This is becoming more and more common. For instance, at Meta, Linux
>      is the default bootloader.
>
> 2) in some of the bugs I've listed earlier, the machine doesn't even get
>    to userspace before the crash. For instance, in the bug fixed by
>    commit 77d48d39e991 ("efistub/tpm: Use ACPI reclaim memory for event
>    log to avoid corruption"), the kernel was not reach userspace/init,
>    thus, it would not be possible to run journalctl.

Ideally, you should have external ways to track the kernel history of
each machine in your fleet.

But I can see that it might not always exist so I can understand the use
case.

I have some comments on the implementation though. I'll reply on the
latest posting.

-- 
Regards,
Pratyush Yadav

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ