Received-SPF: pass (google.com: domain of linux-kernel+bounces-188395-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Date: Fri, 24 May 2024 15:22:17 +0800
From: Coiby Xu <coxu@redhat.com>
To: Baoquan He <bhe@redhat.com>
Cc: kexec@lists.infradead.org, Ondrej Kozina <okozina@redhat.com>, 
	Milan Broz <gmazyland@gmail.com>, Thomas Staudt <tstaudt@de.ibm.com>, 
	Daniel P =?utf-8?B?LiBCZXJyYW5nw6k=?= <berrange@redhat.com>, Kairui Song <ryncsn@gmail.com>, 
	Jan Pazdziora <jpazdziora@redhat.com>, Pingfan Liu <kernelfans@gmail.com>, 
	Dave Young <dyoung@redhat.com>, linux-kernel@vger.kernel.org, x86@kernel.org, 
	Dave Hansen <dave.hansen@intel.com>, Vitaly Kuznetsov <vkuznets@redhat.com>, 
	Eric Biederman <ebiederm@xmission.com>
Subject: Re: [PATCH v3 1/7] kexec_file: allow to place kexec_buf randomly
Message-ID: <nfe3elcoihbt2g55upa3y5r3bfapngh6yudicyhjqcjczzgswo@cb6h4fl5vi6p>
References: <20240425100434.198925-1-coxu@redhat.com>
 <20240425100434.198925-2-coxu@redhat.com>
 <ZkrqkzJlW2RZkmH9@MiWiFi-R3L-srv>
 <y5ogivx7qbdm6u37t5o6na4jewn6qofzrbibnsneoqlwns63y5@eg62cytuvwql>
 <ZkwRZxGw2dWStd1C@MiWiFi-R3L-srv>
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
In-Reply-To: <ZkwRZxGw2dWStd1C@MiWiFi-R3L-srv>

On Tue, May 21, 2024 at 11:13:43AM +0800, Baoquan He wrote:
>On 05/21/24 at 09:58am, Coiby Xu wrote:
>> On Mon, May 20, 2024 at 02:16:43PM +0800, Baoquan He wrote:
>> > On 04/25/24 at 06:04pm, Coiby Xu wrote:
>> > > Currently, kexec_buf is placed in order which means for the same
>> > > machine, the info in the kexec_buf is always located at the same
>> > > position each time the machine is booted. This may cause a risk for
>> > > sensitive information like LUKS volume key. Now struct kexec_buf has a
>> > > new field random which indicates it's supposed to be placed in a random
>> > > position.
>> >
>> > Do you want to randomize the key's position for both kdump and kexec
>> > rebooting? Assume you only want to do that for kdump. If so, we may need
>> > to make that more specific in code.
>>
>> Thanks for the suggestion! Currently, no one has requested this feature
>> for kexec reboot so yes, I only have kdump in mind. But kdump depends
>> on kexec thus I'm not sure how we can make it kdump specfic. Do you have
>> a further suggestion?
>
>I remember you said kexec reboot doesn't need the key passed from 1st
>kernel to 2nd kernel because the 2nd kernel will calculate one during
>boot.
>
>kbuf has the information, the similar handling has been in
>kernel/kexec_file.c:
>
>#ifdef CONFIG_CRASH_DUMP
>        if (kbuf->image->type == KEXEC_TYPE_CRASH)
>                ....;
>#endif

Thanks for the suggestion! I'll wrap related code inside
CONFIG_CRASH_DUMP.

>
>> > diff --git a/include/linux/kexec.h b/include/linux/kexec.h
>> > index 060835bb82d5..fc1e20d565d5 100644
>> > --- a/include/linux/kexec.h
>> > +++ b/include/linux/kexec.h
>> > @@ -171,6 +171,7 @@ int kexec_image_post_load_cleanup_default(struct kimage *image);
>> >  * @buf_min:	The buffer can't be placed below this address.
>> >  * @buf_max:	The buffer can't be placed above this address.
>> >  * @top_down:	Allocate from top of memory.
>> > + * @random:	Place the buffer at a random position.
>>
>> How about a comment here saying this is currently only used by kdump.
>
>No, it's not good. Please don't do this, let code tell it.
>
>By the way, can you rebase this series on the latest v6.9 and resend? I
>rebase my code and can't apply your patchset.

Sure, v4 was sent.


-- 
Best regards,
Coiby