lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170908025421.GE17186@linaro.org>
Date:   Fri, 8 Sep 2017 11:54:22 +0900
From:   AKASHI Takahiro <takahiro.akashi@...aro.org>
To:     Dave Young <dyoung@...hat.com>
Cc:     Mark Rutland <mark.rutland@....com>, catalin.marinas@....com,
        will.deacon@....com, bauerman@...ux.vnet.ibm.com,
        dhowells@...hat.com, vgoyal@...hat.com,
        herbert@...dor.apana.org.au, davem@...emloft.net,
        akpm@...ux-foundation.org, mpe@...erman.id.au, bhe@...hat.com,
        arnd@...db.de, ard.biesheuvel@...aro.org,
        kexec@...ts.infradead.org, linux-kernel@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH 14/14] arm64: kexec_file: add vmlinux format support

On Fri, Aug 25, 2017 at 02:13:53PM +0800, Dave Young wrote:
> On 08/25/17 at 11:03am, AKASHI Takahiro wrote:
> > On Thu, Aug 24, 2017 at 06:30:50PM +0100, Mark Rutland wrote:
> > > On Thu, Aug 24, 2017 at 05:18:11PM +0900, AKASHI Takahiro wrote:
> > > > The first PT_LOAD segment, which is assumed to be "text" code, in vmlinux
> > > > will be loaded at the offset of TEXT_OFFSET from the begining of system
> > > > memory. The other PT_LOAD segments are placed relative to the first one.
> > > 
> > > I really don't like assuming things about the vmlinux ELF file.
> > 
> > If so, vmlinux is not an appropriate format for loading.
> > 
> > > > Regarding kernel verification, since there is no standard way to contain
> > > > a signature within elf binary, we follow PowerPC's (not yet upstreamed)
> > > > approach, that is, appending a signature right after the kernel binary
> > > > itself like module signing.
> > > 
> > > I also *really* don't like this. It's a bizarre in-band mechanism,
> > > without explcit information. It's not a nice ABI.
> > > 
> > > If we can load an Image, why do we need to be able to load a vmlinux?
> > 
> > Well, kexec-tools does. I don't know why Geoff wanted to support vmlinux.
> > I'm just trying to support what kexec-tools does support.
> 
> We only add things when it is really necessary, kexec-tools
> functionalities should have some historic reasons.

Geoff had been working on kexec since old kernels (3.14 or 15?).

> If only for doing kexec-tools has done I would say just not to do it.

Sure

-Takahiro AKASHI

> Thanks
> Dave

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ