[RFC][PATCH] Add a sysctl option controlling kexec when MCE occurred
H. Peter Anvin
hpa at zytor.com
Sat Dec 25 13:33:02 EST 2010
On 12/25/2010 09:19 AM, Eric W. Biederman wrote:
>>
>> So, kdump may receive wrong identifier when it starts after MCE
>> occurred, because MCE is reported by memory, cache, and TLB errors
>>
>> In the worst case, kdump will overwrite user data if it recognizes a
>> disk saving user data as a dump disk.
>
> Absurdly unlikely there is a sha256 checksum verified over the
> kdump kernel before it starts booting. If you have very broken
> memory it is possible, but absurdly unlikely that the machine will
> even boot if you are having enough uncorrectable memory errors
> an hour to get past the sha256 checksum and then be corruppt.
>
That wouldn't be the likely scenario (passing a sha256 checksum with the
wrong data due to a random event will never happen for all the computers
on Earth before the Sun destroys the planet). However, in a
failing-memory scenario, the much more likely scenario is that kdump
starts up, verifies the signature, and *then* has corruption causing it
to write to the wrong disk or whatnot. This is inherent in any scheme
that allows writing to hard media after a failure (as opposed to, say,
dumping to the network.)
-hpa
--
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel. I don't speak on their behalf.
More information about the kexec
mailing list