Re: [PATCH v2 0/1] Accept unaccepted kexec segments' destination addresses

> On Thu, Feb 13, 2025 at 07:55:15AM -0800, Dave Hansen wrote: >> On 1/13/25 06:59, Eric W. Biederman wrote: >> ... >> > I have a new objection. I believe ``unaccepted memory'' and especially >> > lazily initialized ``unaccepted memory'' is an information leak that >> > could defeat the purpose of

Re: [PATCH v8 5/7] ima: kexec: move IMA log copy from kexec load to execute

Hi steven, kernel test robot noticed the following build errors: [auto build test ERROR on linus/master] [also build test ERROR on v6.14-rc3 next-20250219] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as

Re: [PATCH v8 2/7] kexec: define functions to map and unmap segments

Hi steven, kernel test robot noticed the following build warnings: [auto build test WARNING on linus/master] [also build test WARNING on v6.14-rc3 next-20250219] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--bas

Re: [PATCH v2 1/1] kexec_core: Accept unaccepted kexec segments' destination addresses

On 12/13/24 01:54, Yan Zhao wrote: > Accept the destination addresses during the kexec load, immediately after > they pass sanity checks. This ensures the code is located in a common place > shared by both the kexec_load and kexec_file_load system calls. So, we've got an end-user-visible bug. Eric

Re: [PATCH v2 0/1] Accept unaccepted kexec segments' destination addresses

> > It sounds like you're advocating for the "slow guest boot" option. > > Kirill, can you remind us how fast a guest boots to the shell for > > modestly-sized (say 256GB) memory with "accept_memory=eager" versus > > "accept_memory=lazy"? IIRC, it was a pretty remarkable difference. > > I only have

Re: [PATCH v8 7/7] ima: measure kexec load and exec events as critical data

On 2/19/2025 8:23 AM, Stefan Berger wrote: On 2/18/25 5:55 PM, steven chen wrote: The amount of memory allocated at kexec load, even with the extra memory allocated, might not be large enough for the entire measurement list.  The indeterminate interval between kexec 'load' and 'execute' could

Re: [PATCH v8 5/7] ima: kexec: move IMA log copy from kexec load to execute

On 2/19/2025 7:57 AM, Stefan Berger wrote: On 2/18/25 5:55 PM, steven chen wrote: ima_dump_measurement_list() is called during kexec 'load', which may result in loss of IMA measurements during kexec soft reboot.  It needs ... due to missed measurements that only occurred after kexec 'load'.

Re: [PATCH v8 4/7] ima: kexec: define functions to copy IMA log at soft boot

On 2/19/2025 7:37 AM, Stefan Berger wrote: On 2/18/25 5:54 PM, steven chen wrote: IMA log is copied to the new Kernel during kexec 'load' using The IMA log is currently copied to the new kernel ... ima_dump_measurement_list().  The log copy at kexec 'load' may result in loss of IMA measur

Re: [PATCH v12 00/19] x86: Trenchboot secure dynamic launch Linux kernel support

On 12/19/24 11:41 AM, Ross Philipson wrote: The larger focus of the TrenchBoot project (https://github.com/TrenchBoot) is to enhance the boot security and integrity in a unified manner. The first area of focus has been on the Trusted Computing Group's Dynamic Launch for establishing a hardware Ro

Re: [RFC] kexec: Use bpf to allow kexec to load PE format boot image

Hi Pingfan, sorry for the late reply. On Thu, 6 Feb 2025 14:03:40 +0800 Pingfan Liu wrote: > Hi Philipp, > > Thanks for your feedback. Please see my answers below. > > I'm also reaching out to the BPF maintainers with two concerns: how to > ensure the integrity of BPF programs and whether int

Re: [PATCH v8 7/7] ima: measure kexec load and exec events as critical data

On 2/18/25 5:55 PM, steven chen wrote: The amount of memory allocated at kexec load, even with the extra memory allocated, might not be large enough for the entire measurement list. The indeterminate interval between kexec 'load' and 'execute' could exacerbate this problem. Define two new IM

Re: [PATCH v8 5/7] ima: kexec: move IMA log copy from kexec load to execute

On 2/18/25 5:55 PM, steven chen wrote: ima_dump_measurement_list() is called during kexec 'load', which may result in loss of IMA measurements during kexec soft reboot. It needs ... due to missed measurements that only occurred after kexec 'load'. Therefore, this function needs to be ...

Re: [PATCH v8 4/7] ima: kexec: define functions to copy IMA log at soft boot

On 2/18/25 5:54 PM, steven chen wrote: IMA log is copied to the new Kernel during kexec 'load' using The IMA log is currently copied to the new kernel ... ima_dump_measurement_list(). The log copy at kexec 'load' may result in loss of IMA measurements during kexec soft reboot. It needs

Re: [PATCH v4 00/14] kexec: introduce Kexec HandOver (KHO)

On 19.02.25 13:49, Dave Young wrote: On Wed, 19 Feb 2025 at 15:32, Mike Rapoport wrote: On Mon, Feb 17, 2025 at 11:19:45AM +0800, RuiRui Yang wrote: On Thu, 6 Feb 2025 at 21:34, Mike Rapoport wrote: == Limitations == Currently KHO is only implemented for file based kexec. The kernel inter

Re: [Hypervisor Live Update] Notes from February 10, 2025

On Tue, Feb 18, 2025 at 08:04:47PM -0800, David Rientjes wrote: > - the future of guestmemfs and what it becomes, including alignment so >prototyping can be done IMHO we need a generic FDBOX sort of filesystem and the ability to put guestmemfd, memfd and hugetlbfs (fd) into it. This would co

Re: [PATCH v4 00/14] kexec: introduce Kexec HandOver (KHO)

On Wed, 19 Feb 2025 at 15:32, Mike Rapoport wrote: > > On Mon, Feb 17, 2025 at 11:19:45AM +0800, RuiRui Yang wrote: > > On Thu, 6 Feb 2025 at 21:34, Mike Rapoport wrote: > > > == Limitations == > > > > > > Currently KHO is only implemented for file based kexec. The kernel > > > interfaces in the