Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp2701492imi; Mon, 25 Jul 2022 06:10:26 -0700 (PDT) X-Google-Smtp-Source: AGRyM1veyOcvULONmZI6auVIvC4kbzfUIGUzKYr/gMnUvGrvqDHrJ5AURWj/oCQmu/LcPLFc9V/R X-Received: by 2002:a63:2ccd:0:b0:411:54ac:5c7e with SMTP id s196-20020a632ccd000000b0041154ac5c7emr10871588pgs.561.1658754626624; Mon, 25 Jul 2022 06:10:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658754626; cv=none; d=google.com; s=arc-20160816; b=yYqeaQ0//Mm0PWpMh8Mq1v6rdID5KlqYcXV/9uyCr5IenyBx6hwt1oW8VF1/Gc6EEE yQAsZuedQj2T0IlqWPZ5+m9YXr25Oc/tngDpurXAwsHe6D3gx2Hu2JW1vxqO1l7yiv60 OFlycCAmoi9uxiZ44teX+vRXM83sbz9wxeiCVRW7vc3OeXJnJVetEumxNnNyxzBB0Rqo aF1NIeyuPT+BpQI0+4Ec+oDiL4Hbe3ZaIngpw+xOiONB5nvk2jNujacqvto+irj04utd tW183LxbBIT+29eow0bUNslsJ3dqk88t8qPu7D+lXCoGBem207IxdLFSV8XOSArSswCN F7oQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:to:subject:message-id :date:from:in-reply-to:references:mime-version:dkim-signature; bh=ZWMPfRksKaSGd6Z8V59bYl4UC7FJJqcyb7CYW6E6S1M=; b=Xzz3VbfkbB+z0Jf3LlB/gUFn7yc5qKg5rKPwhEh2hgvnVNeSqjWmRvICkogBONJ+Xf h18GnecXmqWa6I7vSGuokotyytg4CnlLpuWWQRyl4hp2r5Rvfo4oKmnIHhRN/+Zo9RzG OyHQltDFyE2e6MK5o6dSVImyblY+8BnO7TISB5H6uS5QVur6Jgo5ZWxxfB8kYrKW3+it M4LX+X0b7Lsa41sE8KBNOmjjsjgdbOJnmCRnY27WtCuiaRyeyPVtfAqATkgUS4d8qnpV 4ctQQlU0M8kZM78/ErcdP2k5n/AeD/+LOseb0EOJf72qI42zN23rXBHuSOTtIrS7lF6Z yYUA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@bytedance-com.20210112.gappssmtp.com header.s=20210112 header.b="V/pFhU01"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bytedance.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w24-20020a639358000000b00419f1400962si13656023pgm.807.2022.07.25.06.10.10; Mon, 25 Jul 2022 06:10:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@bytedance-com.20210112.gappssmtp.com header.s=20210112 header.b="V/pFhU01"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bytedance.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235346AbiGYM4f (ORCPT + 99 others); Mon, 25 Jul 2022 08:56:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59412 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235308AbiGYM4c (ORCPT ); Mon, 25 Jul 2022 08:56:32 -0400 Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5EE86D112 for ; Mon, 25 Jul 2022 05:56:31 -0700 (PDT) Received: by mail-io1-xd2e.google.com with SMTP id o2so722473iof.8 for ; Mon, 25 Jul 2022 05:56:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :content-transfer-encoding; bh=ZWMPfRksKaSGd6Z8V59bYl4UC7FJJqcyb7CYW6E6S1M=; b=V/pFhU0147Aqhv/1kM12N3SqA1zASpBq0TJ+o7uGIFcFaAmihGZp+wJLDEqYCUuW68 +rJqi21cT286VEApqcaHJUDjNR1eQx9YGNjdIldojWxYUyyQv1vqy40y051sG2eijjzW CfC2zG61JpNMZ27EecAkZxJywy6Y7OV6Ts15w7qr8tJy4tXJQM3ghzvWwsLyAQArRDiq nfNfK+wCcTphDLRvutRonxovO3Fw6VTmdNJLWAw0Gv4/+YRb8kqSApiucV+osJH7gLPx 5TXDS8CtC+1HDPZy27t8JSVFTheujd1wDJI174OU5Rpmb1BBm+hShv6JEQQ+qKgeJSV6 0LKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:content-transfer-encoding; bh=ZWMPfRksKaSGd6Z8V59bYl4UC7FJJqcyb7CYW6E6S1M=; b=ORSMgg+/FNYD/Mp2bzqAMddTqZU15M2YaNCKw1epaTE/fwzAWL//HpAIRiE5vPZ8f/ 2PrHW5eBPKNPiRZcStUnhi2BYTsN1VCvn9DO3ZQJE19slPRkj2fgd4d65adw6QoNJLTC 2/sN+jps/KD+2W2kRuD1xfW6nFOvR7E7I2NAGwdhcnNaSwaCccJsLwVyooNclzcnf9nM UY4mzA3pTEIrSyrAMpKHpJAvrk+u4Yu4+DpzFVSIup9WavJiFSDWYnwG139fLAgZD3/X 2wvFO3xAns1N65uA4pKt4m7iOMsXNYz37AAxGenSXvqj86fArA851hiIEogGnxLaKcSc LZPg== X-Gm-Message-State: AJIora/dFPt4DF+6T4UBn2087Bj4FUVy1lTJp8m3/6tc3efdjo0iXRDS xsuSfAywKh4iozQbh73rlP3bDy4y0gD8/bu7DnWmUxq8EvM= X-Received: by 2002:a05:6638:14cd:b0:341:46ad:f3da with SMTP id l13-20020a05663814cd00b0034146adf3damr5114155jak.36.1658753790630; Mon, 25 Jul 2022 05:56:30 -0700 (PDT) MIME-Version: 1.0 References: <20220725083904.56552-1-huangjie.albert@bytedance.com> <20220725083904.56552-3-huangjie.albert@bytedance.com> In-Reply-To: <20220725083904.56552-3-huangjie.albert@bytedance.com> From: =?UTF-8?B?6buE5p2w?= Date: Mon, 25 Jul 2022 20:56:19 +0800 Message-ID: Subject: Fwd: [PATCH 2/4] kexec: add CONFING_KEXEC_PURGATORY_SKIP_SIG To: linux-kernel Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ---------- Forwarded message --------- =E5=8F=91=E4=BB=B6=E4=BA=BA=EF=BC=9A Albert Huang Date: 2022=E5=B9=B47=E6=9C=8825=E6=97=A5=E5=91=A8=E4=B8=80 16:40 Subject: [PATCH 2/4] kexec: add CONFING_KEXEC_PURGATORY_SKIP_SIG To: Cc: huangjie.albert , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , , H. Peter Anvin , Eric Biederman , Masahiro Yamada , Michal Marek , Nick Desaulniers , Kirill A. Shutemov , Brijesh Singh , Michael Roth , Nathan Chancellor , Kuppuswamy Sathyanarayanan , Ard Biesheuvel , Peter Zijlstra , Sean Christopherson , Joerg Roedel , Mark Rutland , Kees Cook , , , From: "huangjie.albert" the verify_sha256_digest may cost 300+ ms in my test environment: bzImage: 53M initramfs:28M We can add a macro to control whether to enable this check. If we can confirm that the data in this will not change, we can turn off the check and get a faster startup. Signed-off-by: huangjie.albert --- arch/x86/Kconfig | 9 +++++++++ arch/x86/purgatory/purgatory.c | 7 +++++++ 2 files changed, 16 insertions(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 52a7f91527fe..adbd3a2bd60f 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2052,6 +2052,15 @@ config KEXEC_BZIMAGE_VERIFY_SIG help Enable bzImage signature verification support. +config KEXEC_PURGATORY_SKIP_SIG + bool "skip kexec purgatory signature verification" + depends on ARCH_HAS_KEXEC_PURGATORY + help + this options makes the kexec purgatory do not signature verifica= tion + which would get hundreds of milliseconds saved during kexec boot. If we can + confirm that the data of each segment loaded by kexec will not change we may + enable this option + config CRASH_DUMP bool "kernel crash dumps" depends on X86_64 || (X86_32 && HIGHMEM) diff --git a/arch/x86/purgatory/purgatory.c b/arch/x86/purgatory/purgatory.= c index 7558139920f8..b3f15774d86d 100644 --- a/arch/x86/purgatory/purgatory.c +++ b/arch/x86/purgatory/purgatory.c @@ -20,6 +20,12 @@ u8 purgatory_sha256_digest[SHA256_DIGEST_SIZE] __section(".kexec-purgatory"); struct kexec_sha_region purgatory_sha_regions[KEXEC_SEGMENT_MAX] __section(".kexec-purgatory"); +#ifdef CONFIG_KEXEC_PURGATORY_SKIP_SIG +static int verify_sha256_digest(void) +{ + return 0; +} +#else static int verify_sha256_digest(void) { struct kexec_sha_region *ptr, *end; @@ -39,6 +45,7 @@ static int verify_sha256_digest(void) return 0; } +#endif void purgatory(void) { -- 2.31.1