[PATCH 0/6] kexec: A new system call to allow in kernel loading

Michael Holzheu holzheu at linux.vnet.ibm.com
Mon Nov 25 05:04:28 EST 2013

On Fri, 22 Nov 2013 05:34:03 -0800
ebiederm at xmission.com (Eric W. Biederman) wrote:

> Vivek Goyal <vgoyal at redhat.com> writes:

> >> There is also a huge missing piece of this in that your purgatory is not
> >> checking a hash of the loaded image before jumping too it.  Without that
> >> this is a huge regression at least for the kexec on panic case.  We
> >> absolutely need to check that the kernel sitting around in memory has
> >> not been corrupted before we let it run very far.
> >
> > Agreed. This should not be hard. It is just a matter of calcualting
> > digest of segments. I will store it in kimge and verify digest again
> > before passing control to control page. Will fix it in next version.
> Nak.  The verification needs to happen in purgatory. 
> The verification needs to happen in code whose runtime environment is
> does not depend on random parts of the kernel.  Anything else is a
> regression in maintainability and reliability.

Hello Vivek,

Just to be sure that you have not forgotten the following s390 detail:

On s390 we first call purgatory with parameter "0" for doing the
checksum test. If this fails, we can have as backup solution our
traditional stand-alone dump. In case tha checksum test was ok,
we call purgatory a second time with parameter "1" which then
starts kdump.

Could you please ensure that this mechanism also works after
your rework.

Best Regards,

More information about the kexec mailing list