lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <2bbc3804-9bbc-885b-e6b4-fe830b33fe51@linux.microsoft.com>
Date:   Thu, 5 Nov 2020 13:54:16 -0800
From:   Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
To:     Rob Herring <robh@...nel.org>
Cc:     Mimi Zohar <zohar@...ux.ibm.com>,
        Thiago Jung Bauermann <bauerman@...ux.ibm.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        James Morse <james.morse@....com>,
        Catalin Marinas <catalin.marinas@....com>,
        Sasha Levin <sashal@...nel.org>, Will Deacon <will@...nel.org>,
        Michael Ellerman <mpe@...erman.id.au>,
        Benjamin Herrenschmidt <benh@...nel.crashing.org>,
        Paul Mackerras <paulus@...ba.org>,
        Frank Rowand <frowand.list@...il.com>,
        vincenzo.frascino@....com, Mark Rutland <mark.rutland@....com>,
        dmitry.kasatkin@...il.com, James Morris <jmorris@...ei.org>,
        "Serge E. Hallyn" <serge@...lyn.com>,
        Pavel Tatashin <pasha.tatashin@...een.com>,
        Allison Randal <allison@...utok.net>,
        Kate Stewart <kstewart@...uxfoundation.org>,
        "AKASHI, Takahiro" <takahiro.akashi@...aro.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Masahiro Yamada <masahiroy@...nel.org>,
        Bhupesh Sharma <bhsharma@...hat.com>,
        Matthias Brugger <mbrugger@...e.com>,
        Hsin-Yi Wang <hsinyi@...omium.org>, tao.li@...o.com,
        Christophe Leroy <christophe.leroy@....fr>,
        linux-integrity@...r.kernel.org,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        devicetree@...r.kernel.org,
        Prakhar Srivastava <prsriva@...ux.microsoft.com>,
        balajib@...ux.microsoft.com
Subject: Re: [PATCH v8 1/4] powerpc: Refactor kexec functions to move arch
 independent code to drivers/of

On 11/5/20 6:38 AM, Rob Herring wrote:

> On Wed, Nov 4, 2020 at 6:46 PM Lakshmi Ramasubramanian
> <nramas@...ux.microsoft.com> wrote:
>>
>> On 11/4/20 2:28 PM, Rob Herring wrote:
>>
>> Hi Rob,
>>
>> Thanks for reviewing the patch.
>>
>>> On Fri, Oct 30, 2020 at 10:44:26AM -0700, Lakshmi Ramasubramanian wrote:
>>>> The functions remove_ima_buffer() and delete_fdt_mem_rsv() that handle
>>>> carrying forward the IMA measurement logs on kexec for powerpc do not
>>>> have architecture specific code, but they are currently defined for
>>>> powerpc only.
>>>>
>>>> remove_ima_buffer() and delete_fdt_mem_rsv() are used to remove
>>>> the IMA log entry from the device tree and free the memory reserved
>>>> for the log. These functions need to be defined even if the current
>>>> kernel does not support carrying forward IMA log across kexec since
>>>> the previous kernel could have supported that and therefore the current
>>>> kernel needs to free the allocation.
>>>>
>>>> Rename remove_ima_buffer() to remove_ima_kexec_buffer().
>>>> Define remove_ima_kexec_buffer() and delete_fdt_mem_rsv() in
>>>> drivers/of/fdt.c. A later patch in this series will use these functions
>>>> to free the allocation, if any, made by the previous kernel for ARM64.
>>>>
>>>> Define FDT_PROP_IMA_KEXEC_BUFFER for the chosen node, namely
>>>> "linux,ima-kexec-buffer", that is added to the DTB to hold
>>>> the address and the size of the memory reserved to carry
>>>> the IMA measurement log.
>>>>
>>>> Co-developed-by: Prakhar Srivastava <prsriva@...ux.microsoft.com>
>>>> Signed-off-by: Prakhar Srivastava <prsriva@...ux.microsoft.com>
>>>> Signed-off-by: Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
>>>> Reported-by: kernel test robot <lkp@...el.com> error: kernel/kexec_file_fdt.c:30: undefined reference to `fdt_num_mem_rsv'
>>>
>>> This should be added for a commit fixing the reported problem. 0-day
>>> didn't report what this patch implements.
>> I'll remove that in the updated patch I'll post.
>>
>>>
>>>> ---
>>>>    arch/powerpc/include/asm/ima.h   |  10 +--
>>>>    arch/powerpc/include/asm/kexec.h |   1 -
>>>>    arch/powerpc/kexec/file_load.c   |  33 +---------
>>>>    arch/powerpc/kexec/ima.c         |  55 +++-------------
>>>>    drivers/of/fdt.c                 | 110 +++++++++++++++++++++++++++++++
>>>>    include/linux/kexec.h            |  24 +++++++
>>>>    include/linux/libfdt.h           |   3 +
>>>>    7 files changed, 149 insertions(+), 87 deletions(-)
>>>>
>>>> diff --git a/arch/powerpc/include/asm/ima.h b/arch/powerpc/include/asm/ima.h
>>>> index ead488cf3981..6355a85a3289 100644
>>>> --- a/arch/powerpc/include/asm/ima.h
>>>> +++ b/arch/powerpc/include/asm/ima.h
>>>> @@ -2,17 +2,13 @@
>>>>    #ifndef _ASM_POWERPC_IMA_H
>>>>    #define _ASM_POWERPC_IMA_H
>>>>
>>>> +#include <linux/kexec.h>
>>>> +
>>>>    struct kimage;
>>>>
>>>>    int ima_get_kexec_buffer(void **addr, size_t *size);
>>>>    int ima_free_kexec_buffer(void);
>>>>
>>>> -#ifdef CONFIG_IMA
>>>> -void remove_ima_buffer(void *fdt, int chosen_node);
>>>> -#else
>>>> -static inline void remove_ima_buffer(void *fdt, int chosen_node) {}
>>>> -#endif
>>>> -
>>>>    #ifdef CONFIG_IMA_KEXEC
>>>>    int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
>>>>                             size_t size);
>>>> @@ -22,7 +18,7 @@ int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node);
>>>>    static inline int setup_ima_buffer(const struct kimage *image, void *fdt,
>>>>                                  int chosen_node)
>>>>    {
>>>> -    remove_ima_buffer(fdt, chosen_node);
>>>> +    remove_ima_kexec_buffer(fdt, chosen_node);
>>>>       return 0;
>>>>    }
>>>>    #endif /* CONFIG_IMA_KEXEC */
>>>> diff --git a/arch/powerpc/include/asm/kexec.h b/arch/powerpc/include/asm/kexec.h
>>>> index 55d6ede30c19..7c223031ecdd 100644
>>>> --- a/arch/powerpc/include/asm/kexec.h
>>>> +++ b/arch/powerpc/include/asm/kexec.h
>>>> @@ -126,7 +126,6 @@ int setup_purgatory(struct kimage *image, const void *slave_code,
>>>>    int setup_new_fdt(const struct kimage *image, void *fdt,
>>>>                 unsigned long initrd_load_addr, unsigned long initrd_len,
>>>>                 const char *cmdline);
>>>> -int delete_fdt_mem_rsv(void *fdt, unsigned long start, unsigned long size);
>>>>
>>>>    #ifdef CONFIG_PPC64
>>>>    struct kexec_buf;
>>>> diff --git a/arch/powerpc/kexec/file_load.c b/arch/powerpc/kexec/file_load.c
>>>> index 9a232bc36c8f..7a17655c530e 100644
>>>> --- a/arch/powerpc/kexec/file_load.c
>>>> +++ b/arch/powerpc/kexec/file_load.c
>>>> @@ -18,6 +18,7 @@
>>>>    #include <linux/kexec.h>
>>>>    #include <linux/of_fdt.h>
>>>>    #include <linux/libfdt.h>
>>>> +#include <linux/kexec.h>
>>>>    #include <asm/setup.h>
>>>>    #include <asm/ima.h>
>>>>
>>>> @@ -109,38 +110,6 @@ int setup_purgatory(struct kimage *image, const void *slave_code,
>>>>       return 0;
>>>>    }
>>>>
>>>> -/**
>>>> - * delete_fdt_mem_rsv - delete memory reservation with given address and size
>>>> - *
>>>> - * Return: 0 on success, or negative errno on error.
>>>> - */
>>>> -int delete_fdt_mem_rsv(void *fdt, unsigned long start, unsigned long size)
>>>> -{
>>>> -    int i, ret, num_rsvs = fdt_num_mem_rsv(fdt);
>>>> -
>>>> -    for (i = 0; i < num_rsvs; i++) {
>>>> -            uint64_t rsv_start, rsv_size;
>>>> -
>>>> -            ret = fdt_get_mem_rsv(fdt, i, &rsv_start, &rsv_size);
>>>> -            if (ret) {
>>>> -                    pr_err("Malformed device tree.\n");
>>>> -                    return -EINVAL;
>>>> -            }
>>>> -
>>>> -            if (rsv_start == start && rsv_size == size) {
>>>> -                    ret = fdt_del_mem_rsv(fdt, i);
>>>> -                    if (ret) {
>>>> -                            pr_err("Error deleting device tree reservation.\n");
>>>> -                            return -EINVAL;
>>>> -                    }
>>>> -
>>>> -                    return 0;
>>>> -            }
>>>> -    }
>>>> -
>>>> -    return -ENOENT;
>>>> -}
>>>> -
>>>>    /*
>>>>     * setup_new_fdt - modify /chosen and memory reservation for the next kernel
>>>>     * @image:         kexec image being loaded.
>>>> diff --git a/arch/powerpc/kexec/ima.c b/arch/powerpc/kexec/ima.c
>>>> index 720e50e490b6..2b790230ea15 100644
>>>> --- a/arch/powerpc/kexec/ima.c
>>>> +++ b/arch/powerpc/kexec/ima.c
>>>> @@ -11,6 +11,8 @@
>>>>    #include <linux/of.h>
>>>>    #include <linux/memblock.h>
>>>>    #include <linux/libfdt.h>
>>>> +#include <linux/ima.h>
>>>> +#include <asm/ima.h>
>>>>
>>>>    static int get_addr_size_cells(int *addr_cells, int *size_cells)
>>>>    {
>>>> @@ -28,24 +30,6 @@ static int get_addr_size_cells(int *addr_cells, int *size_cells)
>>>>       return 0;
>>>>    }
>>>>
>>>> -static int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr,
>>>> -                           size_t *size)
>>>> -{
>>>> -    int ret, addr_cells, size_cells;
>>>> -
>>>> -    ret = get_addr_size_cells(&addr_cells, &size_cells);
>>>> -    if (ret)
>>>> -            return ret;
>>>> -
>>>> -    if (len < 4 * (addr_cells + size_cells))
>>>> -            return -ENOENT;
>>>> -
>>>> -    *addr = of_read_number(prop, addr_cells);
>>>> -    *size = of_read_number(prop + 4 * addr_cells, size_cells);
>>>> -
>>>> -    return 0;
>>>> -}
>>>> -
>>>>    /**
>>>>     * ima_get_kexec_buffer - get IMA buffer from the previous kernel
>>>>     * @addr:  On successful return, set to point to the buffer contents.
>>>> @@ -100,37 +84,14 @@ int ima_free_kexec_buffer(void)
>>>>
>>>>    }
>>>>
>>>> -/**
>>>> - * remove_ima_buffer - remove the IMA buffer property and reservation from @fdt
>>>> - *
>>>> - * The IMA measurement buffer is of no use to a subsequent kernel, so we always
>>>> - * remove it from the device tree.
>>>> - */
>>>> -void remove_ima_buffer(void *fdt, int chosen_node)
>>>> -{
>>>> -    int ret, len;
>>>> -    unsigned long addr;
>>>> -    size_t size;
>>>> -    const void *prop;
>>>> -
>>>> -    prop = fdt_getprop(fdt, chosen_node, "linux,ima-kexec-buffer", &len);
>>>> -    if (!prop)
>>>> -            return;
>>>> -
>>>> -    ret = do_get_kexec_buffer(prop, len, &addr, &size);
>>>> -    fdt_delprop(fdt, chosen_node, "linux,ima-kexec-buffer");
>>>> -    if (ret)
>>>> -            return;
>>>> -
>>>> -    ret = delete_fdt_mem_rsv(fdt, addr, size);
>>>> -    if (!ret)
>>>> -            pr_debug("Removed old IMA buffer reservation.\n");
>>>> -}
>>>> -
>>>>    #ifdef CONFIG_IMA_KEXEC
>>>>    /**
>>>>     * arch_ima_add_kexec_buffer - do arch-specific steps to add the IMA buffer
>>>>     *
>>>> + * @image: kimage struct to set IMA buffer data
>>>> + * @load_addr: Starting address where IMA buffer is loaded at
>>>> + * @size: Number of bytes in the IMA buffer
>>>> + *
>>>>     * Architectures should use this function to pass on the IMA buffer
>>>>     * information to the next kernel.
>>>>     *
>>>> @@ -179,7 +140,7 @@ int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
>>>>       int ret, addr_cells, size_cells, entry_size;
>>>>       u8 value[16];
>>>>
>>>> -    remove_ima_buffer(fdt, chosen_node);
>>>> +    remove_ima_kexec_buffer(fdt, chosen_node);
>>>>       if (!image->arch.ima_buffer_size)
>>>>               return 0;
>>>>
>>>> @@ -201,7 +162,7 @@ int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
>>>>       if (ret)
>>>>               return ret;
>>>>
>>>> -    ret = fdt_setprop(fdt, chosen_node, "linux,ima-kexec-buffer", value,
>>>> +    ret = fdt_setprop(fdt, chosen_node, FDT_PROP_IMA_KEXEC_BUFFER, value,
>>>>                         entry_size);
>>>>       if (ret < 0)
>>>>               return -EINVAL;
>>>> diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
>>>> index 4602e467ca8b..d2e6f8ce0e42 100644
>>>> --- a/drivers/of/fdt.c
>>>> +++ b/drivers/of/fdt.c
>>>> @@ -25,6 +25,7 @@
>>>>    #include <linux/serial_core.h>
>>>>    #include <linux/sysfs.h>
>>>>    #include <linux/random.h>
>>>> +#include <linux/kexec.h>
>>>>
>>>>    #include <asm/setup.h>  /* for COMMAND_LINE_SIZE */
>>>>    #include <asm/page.h>
>>>> @@ -1289,4 +1290,113 @@ static int __init of_fdt_raw_init(void)
>>>>    late_initcall(of_fdt_raw_init);
>>>>    #endif
>>>>
>>>> +#ifdef CONFIG_HAVE_IMA_KEXEC
>>>
>>> Can we avoid #ifdef and use IS_ENABLED() within the functions?
>> I can use IS_ENABLED() or move the functions to another C file and
>> conditionally build based on the CONFIG.
>>
>>>
>>>> +/**
>>>> + * do_get_kexec_buffer - Get address and size of IMA kexec buffer
>>>> + *
>>>> + * @prop: IMA kexec buffer node in the device tree
>>>> + * @len: Size of the given device tree node property
>>>> + * @addr: Return address of the node
>>>> + * @size: Return size of the node
>>>> + */
>>>> +int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr,
>>>> +                    size_t *size)
>>>> +{
>>>> +    int addr_cells, size_cells;
>>>> +    struct device_node *root;
>>>> +
>>>> +    root = of_find_node_by_path("/");
>>>
>>> The code in fdt.c operates on flat trees. This is an unflattened tree.
>>
>> Would it be better if I move these functions to a new C file under
>> "drivers/of"?
>>
>>>
>>>> +    if (!root)
>>>> +            return -EINVAL;
>>>> +
>>>> +    addr_cells = of_n_addr_cells(root);
>>>> +    size_cells = of_n_size_cells(root);
>>>> +
>>>> +    of_node_put(root);
>>>> +
>>>> +    if (len < 4 * (addr_cells + size_cells))
>>>> +            return -ENOENT;
>>>> +
>>>> +    *addr = of_read_number(prop, addr_cells);
>>>> +    *size = of_read_number(prop + 4 * addr_cells, size_cells);
>>>
>>> There's nothing in this function specific to 'kexec buffer'.
>>>
>>> This interface is kind of broken. 'prop' could come from anywhere in
>>> the tree, but we always read the root address and size cells. Those only
>>> apply to immediate child node properties. And anything other than
>>> immediate root child nodes, there needs to be address translation.
>>>
>>
>> I moved this function from arch/powerpc/kexec/ima.c to here so that it
>> can be shared by ARM64 as well. Below is one of the usage of
>> do_get_kexec_buffer().
>>
>>           prop = of_get_property(of_chosen, "linux,ima-kexec-buffer", &len);
>>           if (!prop)
>>                   return -ENOENT;
>>
>>           ret = do_get_kexec_buffer(prop, len, &tmp_addr, &tmp_size);
>>
>> Is there a way to detect if the 'prop' is an immediate root child node
>> or not so that we can handle it appropriately in this interface function?
> 
> Just don't split up the function.
ok

> 
>>>> +
>>>> +    return 0;
>>>> +}
>>>> +
>>>> +/**
>>>> + * remove_ima_kexec_buffer - remove the IMA buffer property and
>>>> + *                       reservation from @fdt
>>>
>>> IIRC, kerneldoc requires this to be one line.
>> I'll upate.
>>
>>>
>>>> + *
>>>> + * @fdt: Flattened Device Tree to update
>>>> + * @chosen_node: Offset to the chosen node in the device tree
>>>> + *
>>>> + * The IMA measurement buffer is of no use to a subsequent kernel,
>>>> + * so we always remove it from the device tree.
>>>> + */
>>>> +void remove_ima_kexec_buffer(void *fdt, int chosen_node)
>>>> +{
>>>
>>> Can't this go in some common kexec code?
>>
>> I'd considered moving this to "kernel", but Thiago suggested
>> "drivers/of" is a better place. If you have suggestions for a better
>> place, please let me know.
> 
> Humm, I guess drivers/of/ is fine, but it should be its own file.
> Also, there's nothing arch specific about handling bootargs, initrd,
> etc., so create a common function to handle all that. You can probably
> include allocating and copying the new fdt as part of that. Powerpc
> does kmalloc and arm64 does vmalloc for the new fdt. Is that a
> necessary difference?
> 

Agreed - I also think there's nothing arch specific about handling 
bootargs, initrd, etc. But refactoring the code that handles the above 
would be a much bigger change.

Would it be fine if we do it in two or more steps (to minimize 
regression risks)?

  #1 - move minimal functions/code to add support for ima buffer on 
kexec for ARM64 (addressed in this patch series)

  #2+ - refactor further to move more arch independent code to common 
functions in the next set of patche series.

> Then the IMA handling can all be private to the new file?
> 
>>
>> Note that this function needs to be available even when CONFIG_IMA is
>> not enabled. So I can't move it to "security/integrity/ima".
>>
>>>> +    int ret, len;
>>>> +    unsigned long addr;
>>>> +    size_t size;
>>>> +    const void *prop;
>>>> +
>>>> +    prop = fdt_getprop(fdt, chosen_node, FDT_PROP_IMA_KEXEC_BUFFER, &len);
>>>> +    if (!prop) {
>>>> +            pr_debug("Unable to find the ima kexec buffer node\n");
>>>> +            return;
>>>> +    }
>>>> +
>>>> +    ret = do_get_kexec_buffer(prop, len, &addr, &size);
>>>> +    fdt_delprop(fdt, chosen_node, FDT_PROP_IMA_KEXEC_BUFFER);
>>>> +    if (ret) {
>>>> +            pr_err("Unable to delete the ima kexec buffer node\n");
>>>> +            return;
>>>> +    }
>>>> +
>>>> +    ret = delete_fdt_mem_rsv(fdt, addr, size);
>>>> +    if (!ret)
>>>> +            pr_debug("Removed old IMA buffer reservation.\n");
>>>> +}
>>>> +#endif /* CONFIG_HAVE_IMA_KEXEC */
>>>> +
>>>> +#ifdef CONFIG_KEXEC_FILE
>>>> +/**
>>>> + * delete_fdt_mem_rsv - delete memory reservation with given address and size
>>>> + *
>>>> + * @fdt: Flattened Device Tree to update
>>>> + * @start: Starting address of the reservation to delete
>>>> + * @size: Size of the reservation to delete
>>>> + *
>>>> + * Return: 0 on success, or negative errno on error.
>>>> + */
>>>> +int delete_fdt_mem_rsv(void *fdt, unsigned long start, unsigned long size)
>>>> +{
>>>> +    int i, ret, num_rsvs = fdt_num_mem_rsv(fdt);
>>>> +
>>>> +    for (i = 0; i < num_rsvs; i++) {
>>>> +            uint64_t rsv_start, rsv_size;
>>>> +
>>>> +            ret = fdt_get_mem_rsv(fdt, i, &rsv_start, &rsv_size);
>>>> +            if (ret) {
>>>> +                    pr_err("Malformed device tree.\n");
>>>> +                    return -EINVAL;
>>>> +            }
>>>> +
>>>> +            if (rsv_start == start && rsv_size == size) {
>>>> +                    ret = fdt_del_mem_rsv(fdt, i);
>>>> +                    if (ret) {
>>>> +                            pr_err("Error deleting device tree reservation.\n");
>>>> +                            return -EINVAL;
>>>> +                    }
>>>> +
>>>> +                    pr_debug("Freed reserved memory at %lu of size %lu\n",
>>>> +                             start, size);
>>>> +                    return 0;
>>>> +            }
>>>> +    }
>>>> +
>>>> +    return -ENOENT;
>>>> +}
>>>> +#endif /* CONFIG_KEXEC_FILE */
>>>> +
>>>>    #endif /* CONFIG_OF_EARLY_FLATTREE */
>>>> diff --git a/include/linux/kexec.h b/include/linux/kexec.h
>>>> index 9e93bef52968..6c6c6791a7ba 100644
>>>> --- a/include/linux/kexec.h
>>>> +++ b/include/linux/kexec.h
>>>> @@ -407,6 +407,30 @@ static inline int kexec_crash_loaded(void) { return 0; }
>>>>    #define kexec_in_progress false
>>>>    #endif /* CONFIG_KEXEC_CORE */
>>>>
>>>> +#if defined(CONFIG_OF_EARLY_FLATTREE) && defined(CONFIG_HAVE_IMA_KEXEC)
>>>
>>> CONFIG_OF_EARLY_FLATTREE is wrong because that's all early boot (i.e.
>>> init section) functions.
>>>
>>> If these functions are implemented in fdt.c, then this is the wrong
>>> header. But it's the implementation that should move.
>>
>> If you think defining these functions in "drivers/of" is okay, I'll move
>> them to a new C file in OF.
>>
>> Would CONFIG_OF_FLATTREE be a better one to enable these ima kexec
>> functions? "of_" and "fdt_" are the functions called by these ima kexec
>> functions.
> 
> Yes.
Thanks - I will use CONFIG_OF_FLATTREE to handle this change.

> 
>>
>>>
>>>> +extern void remove_ima_kexec_buffer(void *fdt, int chosen_node);
>>>> +extern int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr,
>>>> +                           size_t *size);
>>>> +#else
>>>> +static inline void remove_ima_kexec_buffer(void *fdt, int chosen_node) {}
>>>> +static inline int do_get_kexec_buffer(const void *prop, int len,
>>>> +                                  unsigned long *addr, size_t *size)
>>>> +{
>>>> +    return -EOPNOTSUPP;
>>>> +}
>>>> +#endif /* CONFIG_OF_EARLY_FLATTREE && CONFIG_HAVE_IMA_KEXEC */
>>>> +
>>>> +#if defined(CONFIG_OF_EARLY_FLATTREE) && defined(CONFIG_KEXEC_FILE)
>>>> +extern int delete_fdt_mem_rsv(void *fdt, unsigned long start,
>>>> +                          unsigned long size);
>>>> +#else
>>>> +static inline int delete_fdt_mem_rsv(void *fdt, unsigned long start,
>>>> +                                 unsigned long size)
>>>> +{
>>>> +    return 0;
>>>> +}
>>>> +#endif /* CONFIG_OF_EARLY_FLATTREE && CONFIG_KEXEC_FILE */
>>>> +
>>>>    #endif /* !defined(__ASSEBMLY__) */
>>>>
>>>>    #endif /* LINUX_KEXEC_H */
>>>> diff --git a/include/linux/libfdt.h b/include/linux/libfdt.h
>>>> index 90ed4ebfa692..75fb40aa013b 100644
>>>> --- a/include/linux/libfdt.h
>>>> +++ b/include/linux/libfdt.h
>>>> @@ -5,4 +5,7 @@
>>>>    #include <linux/libfdt_env.h>
>>>>    #include "../../scripts/dtc/libfdt/libfdt.h"
>>>>
>>>> +/* Common device tree properties */
>>>> +#define FDT_PROP_IMA_KEXEC_BUFFER   "linux,ima-kexec-buffer"
>>>
>>> This is not part of libfdt. We generally don't do defines for DT
>>> strings.
>> Should I create a new header file for this or would you suggest using an
>> existing one?
> 
> I'm suggesting no define at all. The string is already descriptive, so
> what do you gain with the define name? Nothing.
> 

Sure - I will remove the #define and use "linux,ima-kexec-buffer" directly.

  -lakshmi


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ