swsusp [was Re: Switching Kernels without Rebooting?]

Pavel Machek (pavel@suse.cz)
Fri, 13 Jul 2001 01:21:05 +0200


Hi!

> > That sounds more like a memory dump to disk, and reload after power restored.
> > Either that or possibly a separate power supply for RAM (something like a
> > trickle discharge capacitor; I've read that some capacitors can hold a charge
> > for about 3 days. Whether that would work for a large RAM or not, I have no
> > idea).
>
> It's a suspend to disk. Lots of Laptops can do it and my Toshiba
> Tecra 8100 can do it from the BIOS if I have a magic Windows partition with
> an appropriate suspend file in it (which would be unencrypted, which would
> be unacceptable - so I had to look for a Linux solution for the suspend
> to disk problem).
>
> Check out the swsusp project up at Source Forge
> <http://sourceforge.net/projects/swsusp/>. It allows me to suspend
> into the swap space by hitting Alt-SysRQ-D. Great for changing
> batteries on laptops (and, no, normal suspend does not survive a battery
> change) but also REALLY GREAT for forensic security analysis of compromised
> systems. I hit the console of a compromised system and hit Alt-SysRq-D
> and it flushs the dirty buffers, dumps memory to swap (preserving all
> my "volatiles") and the shuts down. I can snapshot the hard drive and
> then restart the system where it left off for live running analysis. If
> that gets screwed up, I can restore the image again and restart again from
> the same spot again. I've also got all the memory and CPU state in that
> disk image for "in-vitro" analysis by tools like Weitse's "The Coroner's
> Toolkit".
>
> But that doesn't solve ANY of the problems with changing the kernel
> itself. Suspending and restoring the system is the easy part (and swsusp
> still has some problems restoring X Windows). Restoring a system to
> a different kernel is orders of magnitude worse, if not down right
> impossible for all the reasons given over internal structures and
> interfaces.
>
> I would LOVE to have something like swsusp in the main line kernel,
> however, just so I didn't have to convince IT departments to apply this
> custom kernel patch to their production systems BEFORE they get their butts
> kicked by some snott nosed script kiddie. :-/

Patience. swsusp is needed for ACPI S4 support. And I guess ACPI S4 is
good enough reason to push it to Linus.
Pavel

-- 
I'm pavel@ucw.cz. "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents at discuss@linmodems.org
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/