Received: by 2002:ab2:6309:0:b0:1fb:d597:ff75 with SMTP id s9csp1535140lqt; Sat, 8 Jun 2024 02:15:46 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVvsdzCXvWeGMqmllKzrLNzdMIcAJf4C2MmAv46QDC8h76SkUczWmajz5gMPnAg2KV8BQq5AQFdG7N6mJDFPWbqlzIV/pPiQCdG064r1Q== X-Google-Smtp-Source: AGHT+IG5DmybWUBn6X7ORSwQ4hvBncxDIH3mmSD5oSXstOk/l1cEMr5GwXFMnSWY6HI3YNzbPBJF X-Received: by 2002:a05:6870:8197:b0:250:876d:2a74 with SMTP id 586e51a60fabf-25464d05526mr4795353fac.30.1717838146531; Sat, 08 Jun 2024 02:15:46 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717838146; cv=pass; d=google.com; s=arc-20160816; b=phKCOURU+19CyCNw4thFwQPmFHyMrn39KkL47v91pCwDGlVZRdSQ3DUZNzJBu5ceNw +YXmGihax6jdtDvEHJ8kw0JT6/KloWMELP0sGIQD1YtMNLYlLpv/depKe3OrIjSL8NlD cZbPvbdAHLTCVasKCi5JlipDRhcuaHeM5SLbpkYakgSalLJAG7fBAaUT6OgT2YJAO6pH rDNbim0XH+Q1GOuHQCbpJAKUS4yYAd9Vk4sDh3/Iymk9Gk1+yX3fErGYD1JgMAXt24DZ OY7jWikwzDOmcsE7g8myLg8au/DF6bJjWeHy5KlHtCuIjo5SCQMXoReNnMQe09VDsBpY NUNQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=WFUS1bzJFkvTvptJ/Mxy8EbNVntknGs4rCL2VHYsypI=; fh=TUVSZtQdka7KP+MLzNPZDyBUbfqA0ZWMM9KSR2K5rII=; b=knIk0kbeIz/TE7SRWcTDWLWmrIdmCN+DW5iIsOE/mmavpYSlEd8hSkWj6Dmzm177xq yRFCjYET/5PWZCEc7DUmM4+fF+JyX/jqJpXhGa/OR41KT3v3mbski0xIU9lZI9DZEQQ+ RDzZ8slM0O4JhAia3Z4n4i67OkSeB5UAeCv8sB3ERJVlHylU9u9O5h/A3Ue4WgL1l/tZ HJz9sGPGhix5R2JMlGnC/WKRHMFqhXFEJFBIAq0h7Q4QknWt2+bmg7Mn9n4NPf+/av3C S9jt+65WFcTRsmS2eQ3f7uqqcvv+DlBryScEmlrknaqyaWq/6yNN4sNINTITYdA+dLDz b1eA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=UIYrlXYz; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-206985-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-206985-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id d2e1a72fcca58-70422c300e3si1039577b3a.338.2024.06.08.02.15.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 08 Jun 2024 02:15:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-206985-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=UIYrlXYz; arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org); spf=pass (google.com: domain of linux-kernel+bounces-206985-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-206985-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 3862FB2281B for ; Sat, 8 Jun 2024 09:12:22 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2F90F176FC3; Sat, 8 Jun 2024 09:12:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="UIYrlXYz" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 50799176AB9 for ; Sat, 8 Jun 2024 09:12:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717837927; cv=none; b=bBU7ob+Wk/cDcS8ppVQo7maWoiAONrtgu8B0Kr5qnDMQ8wOx5bnf2yLmtLaKa3oiK7gafZURUSpmbLdo5gaAMYV1fC8oL2jPhAaXm9imPRaO9qdBOIWqKekbXV7DCj+ybVXHZgLwftsTwwvjtT4GhLgz2/7R043/KqBwqlHZVN8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717837927; c=relaxed/simple; bh=PEWh689hlcM34NTXM0E7lxhNvTQv48Khi94eV33CHc0=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=J9APBQoy9xg1sm8iVZuLrBOj49oy0mwcZPs1xyfrKe3W0jQgRJ4VzOTohFHfRUIqXECu/tPckiPIsF5HJjLlvyLmeKKyrkJ5JXXCEgT4VolbZ+E8i6aUjbFWs62Wpr7j+/YhWt672hOD8hB2DFd+iH6ejaXa6V48Sdgkqg0JgNk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=UIYrlXYz; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id DD50BC4AF07; Sat, 8 Jun 2024 09:12:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1717837926; bh=PEWh689hlcM34NTXM0E7lxhNvTQv48Khi94eV33CHc0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=UIYrlXYz8yn2sxe7g5C7C5tbPRrdbybFeelFUwfVBb+7ZJ4ZeHZQiArKJeww7KO3U LwamX1kPtQ0mnjMWBvoPoBkFJXd+J6ac7Z/FWtpHDB6007cv+smcND0TIet14cEwpa fxgoctpduTvIcVZcW1Uv+7q9/Hg9hTCWtnVwJaG8= Date: Sat, 8 Jun 2024 11:12:02 +0200 From: Greg KH To: Coiby Xu Cc: kexec@lists.infradead.org, Ondrej Kozina , Milan Broz , Thomas Staudt , Daniel P =?iso-8859-1?Q?=2E_Berrang=E9?= , Kairui Song , Jan Pazdziora , Pingfan Liu , Baoquan He , Dave Young , linux-kernel@vger.kernel.org, x86@kernel.org, Dave Hansen , Vitaly Kuznetsov , Eric Biederman Subject: Re: [PATCH v5 1/7] kexec_file: allow to place kexec_buf randomly Message-ID: <2024060842-entryway-gurgle-4ae2@gregkh> References: <20240607122622.167228-1-coxu@redhat.com> <20240607122622.167228-2-coxu@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240607122622.167228-2-coxu@redhat.com> On Fri, Jun 07, 2024 at 08:26:11PM +0800, Coiby Xu wrote: > Currently, kexec_buf is placed in order which means for the same > machine, the info in the kexec_buf is always located at the same > position each time the machine is booted. This may cause a risk for > sensitive information like LUKS volume key. Now struct kexec_buf has a > new field random which indicates it's supposed to be placed in a random > position. > > Suggested-by: Jan Pazdziora > Signed-off-by: Coiby Xu > --- > include/linux/kexec.h | 4 ++++ > kernel/kexec_file.c | 21 +++++++++++++++++++++ > 2 files changed, 25 insertions(+) > > diff --git a/include/linux/kexec.h b/include/linux/kexec.h > index f0e9f8eda7a3..c45bfc727737 100644 > --- a/include/linux/kexec.h > +++ b/include/linux/kexec.h > @@ -171,6 +171,7 @@ int kexec_image_post_load_cleanup_default(struct kimage *image); > * @buf_min: The buffer can't be placed below this address. > * @buf_max: The buffer can't be placed above this address. > * @top_down: Allocate from top of memory. > + * @random: Place the buffer at a random position. > */ > struct kexec_buf { > struct kimage *image; > @@ -182,6 +183,9 @@ struct kexec_buf { > unsigned long buf_min; > unsigned long buf_max; > bool top_down; > +#ifdef CONFIG_CRASH_DUMP > + bool random; > +#endif Why is the ifdef needed? > }; > > int kexec_load_purgatory(struct kimage *image, struct kexec_buf *kbuf); > diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c > index 3d64290d24c9..f7538d8f67e0 100644 > --- a/kernel/kexec_file.c > +++ b/kernel/kexec_file.c > @@ -25,6 +25,9 @@ > #include > #include > #include > +#ifdef CONFIG_CRASH_DUMP > +#include > +#endif No ifdef in .c files please. This should not be an issue. > #include > #include > #include "kexec_internal.h" > @@ -437,6 +440,18 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd, > return ret; > } > > +#ifdef CONFIG_CRASH_DUMP > +static unsigned long kexec_random_start(unsigned long start, unsigned long end) > +{ > + unsigned long temp_start; > + unsigned short i; > + > + get_random_bytes(&i, sizeof(unsigned short)); > + temp_start = start + (end - start) / USHRT_MAX * i; > + return temp_start; > +} > +#endif This #ifdef should be handled properly in the .h file. > + > static int locate_mem_hole_top_down(unsigned long start, unsigned long end, > struct kexec_buf *kbuf) > { > @@ -445,6 +460,10 @@ static int locate_mem_hole_top_down(unsigned long start, unsigned long end, > > temp_end = min(end, kbuf->buf_max); > temp_start = temp_end - kbuf->memsz + 1; > +#ifdef CONFIG_CRASH_DUMP > + if (kbuf->random) > + temp_start = kexec_random_start(temp_start, temp_end); > +#endif Same with this. And why do you need the boolean at all, why not just have kexec_random_start() handle this properly for you? thanks, greg k-h