[PATCH] kexec: Allow to skip digest calculation for speed

Jan H. Schönherr jschoenh at amazon.de
Thu Feb 1 15:11:16 PST 2018 

Give the administrator the ability to trade kexec safety for kexec speed
by disabling the digest calculation/verification for regular kexecs.

The behavior of kexec-on-crash is not touched.

Signed-off-by: Jan H. Schönherr <jschoenh at amazon.de>
---
 arch/x86/Kconfig               | 12 ++++++++++++
 arch/x86/purgatory/purgatory.c |  9 +++++++++
 kernel/kexec_file.c            |  5 +++++
 3 files changed, 26 insertions(+)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 20da391b5f32..7b257f655327 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1984,6 +1984,18 @@ config KEXEC_BZIMAGE_VERIFY_SIG
 	---help---
 	  Enable bzImage signature verification support.
 
+config KEXEC_SKIP_NONCRASH_DIGEST
+	bool "Disable digest calculation for regular kexec"
+	depends on KEXEC
+	---help---
+	  Disable the calculation and verification of the SHA digest before
+	  and during a regular kexec. This speeds up kexec a bit at the cost
+	  of a bit of safety.
+
+	  Note, that the digest calculation is still done for a kexec-on-crash.
+
+	  If unsure, say N.
+
 config CRASH_DUMP
 	bool "kernel crash dumps"
 	depends on X86_64 || (X86_32 && HIGHMEM)
diff --git a/arch/x86/purgatory/purgatory.c b/arch/x86/purgatory/purgatory.c
index 470edad96bb9..2b5189b851b3 100644
--- a/arch/x86/purgatory/purgatory.c
+++ b/arch/x86/purgatory/purgatory.c
@@ -44,6 +44,15 @@ static int verify_sha256_digest(void)
 	u8 digest[SHA256_DIGEST_SIZE];
 	struct sha256_state sctx;
 
+#ifdef CONFIG_KEXEC_SKIP_NONCRASH_DIGEST
+	/*
+	 * Skip digest verification for non-crash kernels, we trust the
+	 * mechanism enough to trade-off the digest for a quicker kexec
+	 */
+	if (!purgatory_backup_dest)
+		return 0;
+#endif
+
 	sha256_init(&sctx);
 	end = purgatory_sha_regions + ARRAY_SIZE(purgatory_sha_regions);
 
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index e5bcd94c1efb..ac01b34a7f87 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -532,6 +532,11 @@ static int kexec_calculate_store_digests(struct kimage *image)
 	struct kexec_sha_region *sha_regions;
 	struct purgatory_info *pi = &image->purgatory_info;
 
+#ifdef CONFIG_KEXEC_SKIP_NONCRASH_DIGEST
+	if (image->type != KEXEC_TYPE_CRASH)
+		return 0;
+#endif
+
 	zero_buf = __va(page_to_pfn(ZERO_PAGE(0)) << PAGE_SHIFT);
 	zero_buf_sz = PAGE_SIZE;
 
-- 
2.9.3.1.gcba166c.dirty

More information about the kexec mailing list