Dan Mick wrote:
> Garrett D'Amore wrote:
>> Nicolas Williams wrote:
>>> Will it be possible to configure a system to do a fast reboot after a
>>> panic? (Also, it might be possible to save less than a full crash dump
>>> and let the system handle the rest of the crash dump after the fast
>>> reboot.)
>>>
>>> Nico
>>>
>> The last I checked, the copy of the crash dump is already done in
>> parallel to normal multi-user boot.
>
> Indeed; 'savecore'.
>
>> I think the dump of physical ram to core has to be done before the
>> reboot (fast or otherwise) in order to prevent loss of data. (The
>> contents of RAM are not guaranteed to be the same after the reboot
>> cycle, even for a fast reboot.)
>
> Actually, yes they are; that's the whole trick of fast reboot, is that
> you write the kernel into memory and then jump to it without going
> thru anything that would potentially clear the memory. That's exactly
> the whole leverage of the fast reboot mechanism.
>
> Saving pieces of the old kernel for later dumping would be trickier,
> but certainly possible; however I'm pretty sure it's not part of the
> current implementation.
One possible concern I think I raised has to do with the fact that
memory may not be cleared. I worry that going from one boot to another,
you could have random bits in memory which you'd rather not expose.
This is especially true if you fast reboot from a BE with one set of
permissions to another one that might have different permissions.
I'd feel a lot better if a "fast zero" of memory could be done, perhaps
conditionally. I realize that this represents both additional
complexity and increased time to boot.... but I believe that a 1-2
second cycle of clearing physical memory would give a much better level
of assurance that data isn't being exposed. Hopefully it would be
possible to do this far more quickly than a typical BIOS POST run. (No
testing of memory requested, just clobber preexisting data is all.)
Hmm. and its not really perfect even then, because you could have stale
user data left out in device space (e.g. in framebuffer memory). Still,
the idea of zeroing memory may not be totally worthless.
-- Garrett
