[PATCH] kexec: Allow to skip digest calculation for speed

Eric W. Biederman ebiederm at xmission.com
Thu Feb 1 17:42:39 PST 2018


Jan H. Schönherr <jschoenh at amazon.de> writes:

> Give the administrator the ability to trade kexec safety for kexec speed
> by disabling the digest calculation/verification for regular kexecs.
>
> The behavior of kexec-on-crash is not touched.

The performance of the digest caculation is acceptable on 386s.  Or it
was years ago when I tested it on a 386.  What is the problem you are
having.

Is there something silly like a cache disable in your configuration?

Eric

> Signed-off-by: Jan H. Schönherr <jschoenh at amazon.de>
> ---
>  arch/x86/Kconfig               | 12 ++++++++++++
>  arch/x86/purgatory/purgatory.c |  9 +++++++++
>  kernel/kexec_file.c            |  5 +++++
>  3 files changed, 26 insertions(+)
>
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index 20da391b5f32..7b257f655327 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1984,6 +1984,18 @@ config KEXEC_BZIMAGE_VERIFY_SIG
>  	---help---
>  	  Enable bzImage signature verification support.
>  
> +config KEXEC_SKIP_NONCRASH_DIGEST
> +	bool "Disable digest calculation for regular kexec"
> +	depends on KEXEC
> +	---help---
> +	  Disable the calculation and verification of the SHA digest before
> +	  and during a regular kexec. This speeds up kexec a bit at the cost
> +	  of a bit of safety.
> +
> +	  Note, that the digest calculation is still done for a kexec-on-crash.
> +
> +	  If unsure, say N.
> +
>  config CRASH_DUMP
>  	bool "kernel crash dumps"
>  	depends on X86_64 || (X86_32 && HIGHMEM)
> diff --git a/arch/x86/purgatory/purgatory.c b/arch/x86/purgatory/purgatory.c
> index 470edad96bb9..2b5189b851b3 100644
> --- a/arch/x86/purgatory/purgatory.c
> +++ b/arch/x86/purgatory/purgatory.c
> @@ -44,6 +44,15 @@ static int verify_sha256_digest(void)
>  	u8 digest[SHA256_DIGEST_SIZE];
>  	struct sha256_state sctx;
>  
> +#ifdef CONFIG_KEXEC_SKIP_NONCRASH_DIGEST
> +	/*
> +	 * Skip digest verification for non-crash kernels, we trust the
> +	 * mechanism enough to trade-off the digest for a quicker kexec
> +	 */
> +	if (!purgatory_backup_dest)
> +		return 0;
> +#endif
> +
>  	sha256_init(&sctx);
>  	end = purgatory_sha_regions + ARRAY_SIZE(purgatory_sha_regions);
>  
> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
> index e5bcd94c1efb..ac01b34a7f87 100644
> --- a/kernel/kexec_file.c
> +++ b/kernel/kexec_file.c
> @@ -532,6 +532,11 @@ static int kexec_calculate_store_digests(struct kimage *image)
>  	struct kexec_sha_region *sha_regions;
>  	struct purgatory_info *pi = &image->purgatory_info;
>  
> +#ifdef CONFIG_KEXEC_SKIP_NONCRASH_DIGEST
> +	if (image->type != KEXEC_TYPE_CRASH)
> +		return 0;
> +#endif
> +
>  	zero_buf = __va(page_to_pfn(ZERO_PAGE(0)) << PAGE_SHIFT);
>  	zero_buf_sz = PAGE_SIZE;



More information about the kexec mailing list