From patchwork Sun Jun 15 20:02:25 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?0JTQsNC90LjQu9C+INCg0YPRgdC40L0=?= X-Patchwork-Id: 896862 Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7A1251E834F for ; Sun, 15 Jun 2025 20:02:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.47 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750017760; cv=none; b=aCEf2q6KiNxS0dsT57ue73L2U+G2WbnEhPjTx9m6UDbaEZEVcpzlczuJu/hNkWWlY6nkLeEVH72PmQBLtd1cKDyeEOSHdhno3HSyJKHdODBu90KK5iQHAbPR46GFimSFxDv+NEwzjrkJBP/CF/keH4sEfjYaLmmpIc/t1CMeoqg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750017760; c=relaxed/simple; bh=p73Ttp3KB+6GhpgelsLopTo1HUCxBS/1IS3NRBE0h28=; h=MIME-Version:From:Date:Message-ID:Subject:To:Content-Type; b=KmmYVcWVJ8lOzW6jduZNZ+IhxjBH12jLfl0Zix9TonP4YfMHqZyu8Ypi9kRSDPRBvP9DFg94zO32WYn/pZ0ytmdxYGnZlRIvw/dLfOUuUHcBRDM8+p0DbuSDm2wxIBOesnlYPIuq+j1O4TO15J09RwAAZbL+A6t56xKJSJBrezY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=eTI08JDr; arc=none smtp.client-ip=209.85.216.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="eTI08JDr" Received: by mail-pj1-f47.google.com with SMTP id 98e67ed59e1d1-3137c20213cso4671806a91.3 for ; Sun, 15 Jun 2025 13:02:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1750017757; x=1750622557; darn=vger.kernel.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=7T/uAfhPUgFJJWiA14L3BM5NtD24Ge/So83gJOG144U=; b=eTI08JDrCBwVQT9PyJKFXi5UrUWmwt1EDJ0lgpGZ/cu4rymzUHaAifzeWTqmrZFeB5 470X7tPUKCzcDJXThTcMRLv4WMWNZkxYyy5OvtGIHhOJ0nBdYgT0Dg/aaDUV4Cc9/XC+ xVBXBu0likANbpaPmq5+D+Xa6SJ2Z7AR9dlFdpdGvtuww1wnbE8yCp6JvS0kay5RzXxi 9+V4r9VBW+zzhb5JGpsLSje6pCD1cgtp1P1xWPwDQk/Rvv/WOrDLeRYQJKt9gSwHVEuX Ak6N7y0RZsLxxXVVjpS33yt25QJtVyBjYDcF8qpcyt0LJ9yfNTANaie0Z9BcWR2daIEU zxSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750017757; x=1750622557; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=7T/uAfhPUgFJJWiA14L3BM5NtD24Ge/So83gJOG144U=; b=TuiJ8JJUEWPLKEfQqsJJp489bwwOOnRj+Vdb/Ckq7CgcM4B61Y2R1KaiiEcwNzIydQ rdiBoscXQlmSMkpb7N1VD3PKxIyqbdEXxfUMSv9vLC1WkAkeoICLrGwjUM35L/yhrwwX XnGDd64+ZR1GoKdgmbTe8VtZUEyJxDzOqfHSwLF2Q0zR/ZxLVpBzCE0fQ92+FkPXd7GT HV0Yh5e4PqR3ghf+oUFKJLD+Q0xgytKtL9wDNz4k36mWuXAr1PcDqkk21FHagLjFk+Zo 8bPcvMsmU6ATgAaB6G4wSw3BjC+AjaHAy4CGlHDqxOlaA8VzYlX/BG6mKJz3WUtr4/m8 uc0A== X-Gm-Message-State: AOJu0Yz0QguigGSPwvkHI2DzxXHw3IP5PUAsHzkJJuL+URx8W1B2C7wl vBavZfgkk65Tn/78riir6+bs7haajFq0osb5tdS9h3ZlMGIyRKGwKN0k4etILj/elo055Y2+ave wq2RIYGEF5pcNayPTUe4qUYPYz75RWbaLf1/5zVU= X-Gm-Gg: ASbGncv/2X9kziNV54+f2RX9sbqn/4K1g0FICkX9vliuSEDkZPdWgU3pIKFSHJW9Do4 95Yk5OWd9imCrUNNRY4AUsRh4VOm7sU3IQlsM7hOpXk3cAw6T2Ug5ntCw30kC1bc77pP2z5Dx+N q+qM1kPqrnLQVMSHyH6JPZRhqWhl+u4v5XSiLKQchO X-Google-Smtp-Source: AGHT+IHjyP4wqUjgM44aAYhlJJdrbXG2spTFN7iEQmixJZHYPvyq1TzeKUdLP/dW/usTdgT+z4FKS2TDRdp/sFc6wJg= X-Received: by 2002:a17:90b:38d1:b0:313:d79e:1f48 with SMTP id 98e67ed59e1d1-313f1cd5fd7mr12071076a91.16.1750017757387; Sun, 15 Jun 2025 13:02:37 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-pm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: =?utf-8?b?0JTQsNC90LjQu9C+INCg0YPRgdC40L0=?= Date: Sun, 15 Jun 2025 23:02:25 +0300 X-Gm-Features: AX0GCFsNxW2Jo-3g_FzPcylkeppDZjQ34gmsNmV3UxmYqhipgCv38rveq3HTNQ4 Message-ID: Subject: [PATCH 0/1] x86/power: Enhanced hibernation support with integrity checking To: linux-pm@vger.kernel.org >From 93c34aff2919db119b3eb13d4b87bea2c36bac13 Mon Sep 17 00:00:00 2001 From: VoltagedDebunked Date: Sun, 15 Jun 2025 20:33:37 +0300 Subject: [PATCH 0/1] x86/power: Enhanced hibernation support with integrity checking This patch enhances the x86 hibernation subsystem with improved reliability, security, and hardware compatibility features. PROBLEM: The current hibernation implementation lacks robust integrity verification, comprehensive hardware state preservation, and advanced error handling. This can result in hibernation failures on modern systems and potential security vulnerabilities from corrupted hibernation images. SOLUTION: This patch introduces several key enhancements: - Cryptographic integrity verification using SHA-256 hashing to detect hibernation image corruption or tampering - Extended CPU state preservation including critical MSRs and APIC registers for improved compatibility across diverse hardware configurations - Hardware compatibility validation to prevent resume attempts on systems with changed CPU features or configurations - Enhanced error handling with retry mechanisms and comprehensive diagnostics - Security hardening including code protection and tamper detection - Detailed logging and monitoring capabilities for debugging and analysis TESTING: The enhanced hibernation implementation has been thoroughly tested: - Successfully completed basic hibernation/resume cycles - Passed stress testing with multiple hibernation cycles under I/O load - Verified integrity checking correctly prevents corrupted image resume - Confirmed compatibility detection across different hardware configurations - Validated on x86_64 systems with various CPU and memory configurations The implementation maintains full backward compatibility while providing significant improvements in reliability and security over the existing hibernation subsystem. VoltagedDebunked (1): x86/power: Enhanced hibernation support with integrity checking arch/x86/power/hibernate.c | 700 ++++++++++++++++++++++++++++++++++++- 1 file changed, 689 insertions(+), 11 deletions(-) -- 2.49.0