Received: by 2002:a89:d88:0:b0:1fa:5c73:8e2d with SMTP id eb8csp373906lqb; Fri, 24 May 2024 00:26:01 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUWBgjegwlyFXjlle1HpBdtkqWQuvQQdUf5I70h27wJybETfHZ7bRFLHsYa3nOLUbnvRHsY704TuU+VWysBA1qDPko9JPkuhRsaqAR6zQ== X-Google-Smtp-Source: AGHT+IH6ZcaFNFZZd2deaKNOxPTgQTR5s71oWPwVhdq4BeCXJYGZiNqY7HUOwLSgTQsHXrt27I2q X-Received: by 2002:a05:6214:3907:b0:6ab:8e06:f5e5 with SMTP id 6a1803df08f44-6abcd19dcc7mr13653426d6.43.1716535561202; Fri, 24 May 2024 00:26:01 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716535561; cv=pass; d=google.com; s=arc-20160816; b=GZ9Ey5oU8wRR0Q4DvzqbWTWB4Lja0RmZHLmmtH5Tzg+GARtavXWrmQHUMenXbQI19Z tqbqyQDG87528YlTbFrEg50MFbr6PTYVGV2sVwQwGuDQGjsdYEO/sj6ZqxRq6YwzfFws 5gpb3Bv9ekXFYLr5wdrkm347b8bRVkfacJiwKAwy5ltwZrg7jHU0/4AM3VV8nHbP65Mu 6eUb8eLIZvI0SeYenXVZmmd5UPXttYJc3s/rVT9pxhgw94kqG08fTmxiJma5RsQMiW+w tAp1JBXRUXSdpNLIjiX2hEefWpDbyuCpRkhcyXTc7Rv8PlD7ZP05nDSfY5v6RNhxiGwO w2lw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=PzoNctDwu2m6AmJa5cOCmGwkuh/QFbymJSnZ7SGPShc=; fh=pVEbxGPWDX5YfevxsD89nSezmGmfwHazEGL3hCXXWMY=; b=PJxiB2W8+yQXeLa4cFmbmV2bP3hIlclfLdfBf/avwjxcRTqmXx5HxHwSjdn3NEGFqg LI0Qc+EceFL75WH/5WyQkbb5irXUVjoG+wa2QzdQD68Id1hjiCebq7eqEfn5QNGtCkDn EFA2MPXTvPaa2S7pqTUKT8jDpzRA0dSUP8ZhGXT6RxEXLQmBfS3qjq7B3/N5cKRIdYn7 Jx8E1tZ4Ji4R+POlT5nok8adxb82TaS/rqNZmCEz4kRm2oAydEZOzz7O1cojBYXc38Im gQ6iO42rCWkzTGLFdEgqUsN1UmO9b4Uo5w/X75qX1c0jBCrvvx1IpvKlT7O6XiOHNz8k atuQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=dP+TaCAX; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-188395-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-188395-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id 6a1803df08f44-6ac0707e57bsi10223086d6.168.2024.05.24.00.26.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 May 2024 00:26:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-188395-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=dP+TaCAX; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-188395-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-188395-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id DD5111C20F5F for ; Fri, 24 May 2024 07:26:00 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3DF12128807; Fri, 24 May 2024 07:25:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="dP+TaCAX" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C6B21208A1 for ; Fri, 24 May 2024 07:25:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716535553; cv=none; b=rAHOlbxv7122Cf0HNQPHMQFNSknqqjY6pRCP6+ISV0mehMUTu5iVHtbWB4PLF75DzR3ENrN4v8fMisZL3rsdJW0xAS4/7BeNHUyiLJTWE7L0sYCooE09C8cgbyxtEEwL4q5NneBrEnkmJpGbtYRraqVY53l2ewg8pJJTJWNl0ws= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716535553; c=relaxed/simple; bh=DrrjnXApjK+HxHK4YGZUVCcRJ9u8TFMUw+Sedw3rW20=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=SPa/R3rRFS7Z2ylVDNnxpBFb1Xi/a0XBRlrw+AZGK1WzezZx4+7mjWvOn/ndwoiI/m6hw7dxCtomo50WTZPEYNWnz+IYHT26Lt+zVesZnvdJlVtcfNbKEuUeGMT34cjV6IcJnnz6vtTiowHNd7h86383noN/yC9Qu5WWnIfNepc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=dP+TaCAX; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1716535550; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=PzoNctDwu2m6AmJa5cOCmGwkuh/QFbymJSnZ7SGPShc=; b=dP+TaCAXYvkgKM4vntFC7f3Qzpxy/PvvE/sMppFZzzQraptPijRLjoi8YN0bKPHrI5bXyT Cp20/fEZpqtV1vdX2gY9+cRaMddQbmWc9YT6wI7blC0PO8kBDxtV8hSda2fp8R15e76I+3 8agjuYei7Vpyvqxf2OAtuzC4pnh4vxE= Received: from mail-pj1-f71.google.com (mail-pj1-f71.google.com [209.85.216.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-695-5lzUPSedPhG3FRcZpRpd4g-1; Fri, 24 May 2024 03:25:49 -0400 X-MC-Unique: 5lzUPSedPhG3FRcZpRpd4g-1 Received: by mail-pj1-f71.google.com with SMTP id 98e67ed59e1d1-2bf5ba94169so792820a91.0 for ; Fri, 24 May 2024 00:25:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716535548; x=1717140348; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=PzoNctDwu2m6AmJa5cOCmGwkuh/QFbymJSnZ7SGPShc=; b=OghvGuPClEegolNH0d8nMvIzUrdJiWOY8PxMVSz4N393ShLiGXXASucSc3CMiZB5oi 6PjfNJUZ00yCAf3C1d9mChOep4/SL+8DysXGwVxaP0FemptmuqQftSm02oaA75923OjJ lRCqMdUocY+Iy+A4kTFTtEbQ96tX4Imojc+xUjA1hPl1PDYsYItMO57JnE2MEZdSK5BF ORnm4CF9r6r06RmoGLPOT2aE/aorB8aVaPS+kLUQ3GXcL+0W2G8EJVYp/n1Yhcp7Rf8b ZixRFXtzvqSZthglWxCLFry/teO/kG56yJd0IXZiTPNEfKRivh/Ea3qYZz50xzmW5Hql +7Hw== X-Forwarded-Encrypted: i=1; AJvYcCUV2US3W8r0YPdVKMarb3+pFyA1vmH7EzRrSY9GOdlvpqqihF6pjDMaoVTLynz8WmkzreZqzi27/ZjCK/Dhj6+95EtPI5CVshAPZjIt X-Gm-Message-State: AOJu0YzrmmltFtdz5BzovVMFeQ4jQGoLNUvzve84uGcnfF0CNwV0BD6N Rv5hazy0FpECuDIsG2KGD2tbTF3l+Axgzareian5cMvozV++yDoqqFVh/52ekirhpr3TPlITYXf x7stOwWTFflLCFaJkp+M59KfhMcymIir3i7vrOfFR6jpZVXB/ysNrvlQMjOpMpQ== X-Received: by 2002:a17:90b:3110:b0:2bd:d680:3c8a with SMTP id 98e67ed59e1d1-2bf5e139562mr1478934a91.5.1716535547504; Fri, 24 May 2024 00:25:47 -0700 (PDT) X-Received: by 2002:a17:90b:3110:b0:2bd:d680:3c8a with SMTP id 98e67ed59e1d1-2bf5e139562mr1478897a91.5.1716535546660; Fri, 24 May 2024 00:25:46 -0700 (PDT) Received: from localhost ([43.228.180.230]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2bdda14e538sm2655538a91.49.2024.05.24.00.25.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 May 2024 00:25:45 -0700 (PDT) Date: Fri, 24 May 2024 15:22:17 +0800 From: Coiby Xu To: Baoquan He Cc: kexec@lists.infradead.org, Ondrej Kozina , Milan Broz , Thomas Staudt , Daniel P =?utf-8?B?LiBCZXJyYW5nw6k=?= , Kairui Song , Jan Pazdziora , Pingfan Liu , Dave Young , linux-kernel@vger.kernel.org, x86@kernel.org, Dave Hansen , Vitaly Kuznetsov , Eric Biederman Subject: Re: [PATCH v3 1/7] kexec_file: allow to place kexec_buf randomly Message-ID: References: <20240425100434.198925-1-coxu@redhat.com> <20240425100434.198925-2-coxu@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: On Tue, May 21, 2024 at 11:13:43AM +0800, Baoquan He wrote: >On 05/21/24 at 09:58am, Coiby Xu wrote: >> On Mon, May 20, 2024 at 02:16:43PM +0800, Baoquan He wrote: >> > On 04/25/24 at 06:04pm, Coiby Xu wrote: >> > > Currently, kexec_buf is placed in order which means for the same >> > > machine, the info in the kexec_buf is always located at the same >> > > position each time the machine is booted. This may cause a risk for >> > > sensitive information like LUKS volume key. Now struct kexec_buf has a >> > > new field random which indicates it's supposed to be placed in a random >> > > position. >> > >> > Do you want to randomize the key's position for both kdump and kexec >> > rebooting? Assume you only want to do that for kdump. If so, we may need >> > to make that more specific in code. >> >> Thanks for the suggestion! Currently, no one has requested this feature >> for kexec reboot so yes, I only have kdump in mind. But kdump depends >> on kexec thus I'm not sure how we can make it kdump specfic. Do you have >> a further suggestion? > >I remember you said kexec reboot doesn't need the key passed from 1st >kernel to 2nd kernel because the 2nd kernel will calculate one during >boot. > >kbuf has the information, the similar handling has been in >kernel/kexec_file.c: > >#ifdef CONFIG_CRASH_DUMP > if (kbuf->image->type == KEXEC_TYPE_CRASH) > ....; >#endif Thanks for the suggestion! I'll wrap related code inside CONFIG_CRASH_DUMP. > >> > diff --git a/include/linux/kexec.h b/include/linux/kexec.h >> > index 060835bb82d5..fc1e20d565d5 100644 >> > --- a/include/linux/kexec.h >> > +++ b/include/linux/kexec.h >> > @@ -171,6 +171,7 @@ int kexec_image_post_load_cleanup_default(struct kimage *image); >> > * @buf_min: The buffer can't be placed below this address. >> > * @buf_max: The buffer can't be placed above this address. >> > * @top_down: Allocate from top of memory. >> > + * @random: Place the buffer at a random position. >> >> How about a comment here saying this is currently only used by kdump. > >No, it's not good. Please don't do this, let code tell it. > >By the way, can you rebase this series on the latest v6.9 and resend? I >rebase my code and can't apply your patchset. Sure, v4 was sent. -- Best regards, Coiby