| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 2 Nov 2021 11:52:27 +0800
From: Coiby Xu <coxu@...hat.com>
To: "Eric W. Biederman" <ebiederm@...ssion.com>
Cc: linux-arm-kernel@...ts.infradead.org,
Dave Young <dyoung@...hat.com>, Will Deacon <will@...nel.org>,
kexec@...ts.infradead.org, open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v3 1/3] kexec: clean up arch_kexec_kernel_verify_sig
Hi Eric,
Does this patch and "[PATCH v3 2/3] kexec, KEYS: make the code in
bzImage64_verify_sig generic" look good you?
On Mon, Oct 18, 2021 at 04:31:35PM +0800, Coiby Xu wrote:
>commit 9ec4ecef0af7790551109283ca039a7c52de343c ("kexec_file,x86,
>powerpc: factor out kexec_file_ops functions" allows implementing
>the arch-specific implementation of kernel image verification
>in kexec_file_ops->verify_sig. Currently, there is no arch-specific
>implementation of arch_kexec_kernel_verify_sig. So clean it up.
>
>Suggested-by: Eric W. Biederman <ebiederm@...ssion.com>
>Signed-off-by: Coiby Xu <coxu@...hat.com>
>---
> include/linux/kexec.h | 4 ----
> kernel/kexec_file.c | 34 +++++++++++++---------------------
> 2 files changed, 13 insertions(+), 25 deletions(-)
>
>diff --git a/include/linux/kexec.h b/include/linux/kexec.h
>index 0c994ae37729..755fed183224 100644
>--- a/include/linux/kexec.h
>+++ b/include/linux/kexec.h
>@@ -196,10 +196,6 @@ int arch_kexec_apply_relocations(struct purgatory_info *pi,
> const Elf_Shdr *relsec,
> const Elf_Shdr *symtab);
> int arch_kimage_file_post_load_cleanup(struct kimage *image);
>-#ifdef CONFIG_KEXEC_SIG
>-int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
>- unsigned long buf_len);
>-#endif
> int arch_kexec_locate_mem_hole(struct kexec_buf *kbuf);
>
> extern int kexec_add_buffer(struct kexec_buf *kbuf);
>diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
>index 33400ff051a8..42b3ac34e4ee 100644
>--- a/kernel/kexec_file.c
>+++ b/kernel/kexec_file.c
>@@ -89,25 +89,6 @@ int __weak arch_kimage_file_post_load_cleanup(struct kimage *image)
> return kexec_image_post_load_cleanup_default(image);
> }
>
>-#ifdef CONFIG_KEXEC_SIG
>-static int kexec_image_verify_sig_default(struct kimage *image, void *buf,
>- unsigned long buf_len)
>-{
>- if (!image->fops || !image->fops->verify_sig) {
>- pr_debug("kernel loader does not support signature verification.\n");
>- return -EKEYREJECTED;
>- }
>-
>- return image->fops->verify_sig(buf, buf_len);
>-}
>-
>-int __weak arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
>- unsigned long buf_len)
>-{
>- return kexec_image_verify_sig_default(image, buf, buf_len);
>-}
>-#endif
>-
> /*
> * arch_kexec_apply_relocations_add - apply relocations of type RELA
> * @pi: Purgatory to be relocated.
>@@ -184,13 +165,24 @@ void kimage_file_post_load_cleanup(struct kimage *image)
> }
>
> #ifdef CONFIG_KEXEC_SIG
>+static int kexec_image_verify_sig(struct kimage *image, void *buf,
>+ unsigned long buf_len)
>+{
>+ if (!image->fops || !image->fops->verify_sig) {
>+ pr_debug("kernel loader does not support signature verification.\n");
>+ return -EKEYREJECTED;
>+ }
>+
>+ return image->fops->verify_sig(buf, buf_len);
>+}
>+
> static int
> kimage_validate_signature(struct kimage *image)
> {
> int ret;
>
>- ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf,
>- image->kernel_buf_len);
>+ ret = kexec_image_verify_sig(image, image->kernel_buf,
>+ image->kernel_buf_len);
> if (ret) {
>
> if (IS_ENABLED(CONFIG_KEXEC_SIG_FORCE)) {
>--
>2.31.1
>
--
Best regards,
Coiby
Powered by blists - more mailing lists