Removal of the kernel code/data/bss resources does break kexec/kdump

Emrah Demir ed at abdsec.com
Fri Apr 15 08:46:47 PDT 2016


On 2016-04-15 00:41, Kees Cook wrote:
> On Thu, Apr 14, 2016 at 6:02 PM, Linus Torvalds
> <torvalds at linux-foundation.org> wrote:
>> On Thu, Apr 14, 2016 at 1:27 PM, Emrah Demir <ed at abdsec.com> wrote:
>>> On 2016-04-14 13:40, Linus Torvalds wrote:

>> I've pushed out my attempt at fixing things properly. Please check
>> that kexec works - and if kexec ends up reading that file as non-root,
>> I don't know what to say/do.
>> 
>> Here's the three relevant cases:
>> 
>>    cat /proc/iomem
>>    sudo cat /proc/iomem
>>    sudo cat < /proc/iomem
>> 
>> and two of them will now show the resource ranges as just plain
>> zeroes. But yes, it needed extra infrastructure to be able to get this
>> right.
>> 

> 
> Yup, that's why I was saying I was going to try to cook something up
> for -next. It isn't a trivial change. :) Thanks for fixing it up!
> 

file_ns_capable bring some problems. I used capable and now there is no 
problem as far as I tested.

It'is attached.

Note: I couldn't write "Noted-by:, Reported-by:" Could you write them
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-proc-iomem-only-expose-physical-resource-addresses-t.patch
Type: text/x-diff
Size: 1918 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/kexec/attachments/20160415/6793cdb9/attachment.bin>


More information about the kexec mailing list