[PATCH] kexec: Allow to skip digest calculation for speed
Eric W. Biederman
ebiederm at xmission.com
Thu Feb 1 17:42:39 PST 2018
Jan H. Schönherr <jschoenh at amazon.de> writes:
> Give the administrator the ability to trade kexec safety for kexec speed
> by disabling the digest calculation/verification for regular kexecs.
>
> The behavior of kexec-on-crash is not touched.
The performance of the digest caculation is acceptable on 386s. Or it
was years ago when I tested it on a 386. What is the problem you are
having.
Is there something silly like a cache disable in your configuration?
Eric
> Signed-off-by: Jan H. Schönherr <jschoenh at amazon.de>
> ---
> arch/x86/Kconfig | 12 ++++++++++++
> arch/x86/purgatory/purgatory.c | 9 +++++++++
> kernel/kexec_file.c | 5 +++++
> 3 files changed, 26 insertions(+)
>
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index 20da391b5f32..7b257f655327 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1984,6 +1984,18 @@ config KEXEC_BZIMAGE_VERIFY_SIG
> ---help---
> Enable bzImage signature verification support.
>
> +config KEXEC_SKIP_NONCRASH_DIGEST
> + bool "Disable digest calculation for regular kexec"
> + depends on KEXEC
> + ---help---
> + Disable the calculation and verification of the SHA digest before
> + and during a regular kexec. This speeds up kexec a bit at the cost
> + of a bit of safety.
> +
> + Note, that the digest calculation is still done for a kexec-on-crash.
> +
> + If unsure, say N.
> +
> config CRASH_DUMP
> bool "kernel crash dumps"
> depends on X86_64 || (X86_32 && HIGHMEM)
> diff --git a/arch/x86/purgatory/purgatory.c b/arch/x86/purgatory/purgatory.c
> index 470edad96bb9..2b5189b851b3 100644
> --- a/arch/x86/purgatory/purgatory.c
> +++ b/arch/x86/purgatory/purgatory.c
> @@ -44,6 +44,15 @@ static int verify_sha256_digest(void)
> u8 digest[SHA256_DIGEST_SIZE];
> struct sha256_state sctx;
>
> +#ifdef CONFIG_KEXEC_SKIP_NONCRASH_DIGEST
> + /*
> + * Skip digest verification for non-crash kernels, we trust the
> + * mechanism enough to trade-off the digest for a quicker kexec
> + */
> + if (!purgatory_backup_dest)
> + return 0;
> +#endif
> +
> sha256_init(&sctx);
> end = purgatory_sha_regions + ARRAY_SIZE(purgatory_sha_regions);
>
> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
> index e5bcd94c1efb..ac01b34a7f87 100644
> --- a/kernel/kexec_file.c
> +++ b/kernel/kexec_file.c
> @@ -532,6 +532,11 @@ static int kexec_calculate_store_digests(struct kimage *image)
> struct kexec_sha_region *sha_regions;
> struct purgatory_info *pi = &image->purgatory_info;
>
> +#ifdef CONFIG_KEXEC_SKIP_NONCRASH_DIGEST
> + if (image->type != KEXEC_TYPE_CRASH)
> + return 0;
> +#endif
> +
> zero_buf = __va(page_to_pfn(ZERO_PAGE(0)) << PAGE_SHIFT);
> zero_buf_sz = PAGE_SIZE;
More information about the kexec
mailing list