lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: 
 <176962149772.85424.9395505307198316093.stgit@skinsburskii-cloud-desktop.internal.cloudapp.net>
Date: Wed, 28 Jan 2026 17:41:56 +0000
From: Stanislav Kinsburskii <skinsburskii@...ux.microsoft.com>
To: rppt@...nel.org, akpm@...ux-foundation.org, bhe@...hat.com,
 kys@...rosoft.com, haiyangz@...rosoft.com, wei.liu@...nel.org,
 decui@...rosoft.com, longli@...rosoft.com
Cc: kexec@...ts.infradead.org, linux-hyperv@...r.kernel.org,
 linux-kernel@...r.kernel.org
Subject: [PATCH 0/2] kexec: Refuse kernel-unsafe Microsoft Hypervisor
 transitions

When Microsoft Hypervisor is active, the kernel may have memory “deposited”
to the hypervisor. Those pages are no longer safe for the kernel to touch,
and attempting to access them can trigger a GPF. The problem becomes acute
with kexec: the “deposited pages” state does not survive the transition,
and the next kernel has no reliable way to know which pages are still
owned/managed by the hypervisor.

Until there is a proper handoff mechanism to preserve that state across
kexec, the only safe behavior is to refuse kexec whenever there is shared
hypervisor state that cannot survive the transition—most notably deposited
pages, and also cases where VMs are still running.

This series adds the missing kexec integration point needed by MSHV: a
callback at the kexec “freeze” stage so the driver can make the transition
safe (or block it). With this hook, MSHV can refuse kexec while VMs are
running, attempt to withdraw deposited pages when possible (e.g. L1VH
host), and fail the transition if any pages remain deposited.

---

Stanislav Kinsburskii (2):
      kexec: Add permission notifier chain for kexec operations
      mshv: Add kexec blocking support


 drivers/hv/Makefile            |    1 +
 drivers/hv/hv_proc.c           |    4 ++
 drivers/hv/mshv_kexec.c        |   66 ++++++++++++++++++++++++++++++++++++++++
 drivers/hv/mshv_root.h         |   14 ++++++++
 drivers/hv/mshv_root_hv_call.c |    2 +
 drivers/hv/mshv_root_main.c    |    7 ++++
 include/linux/kexec.h          |    6 ++++
 kernel/kexec_core.c            |   24 +++++++++++++++
 8 files changed, 124 insertions(+)
 create mode 100644 drivers/hv/mshv_kexec.c

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ