From: dyoung@redhat.com To: linux-kernel@vger.kernel.org, kexec@lists.infradead.org Cc: dyoung@redhat.com, ebiederm@xmission.com, vgoyal@redhat.com, ptesarik@suse.cz, tytso@mit.edu, jwboyer@fedoraproject.org, dhowells@redhat.com Subject: [PATCH 0/3] kexec: refactor CONFIG_KEXEC/CONFIG_KEXEC_FILE Kconfig Date: Mon, 13 Jul 2015 10:13:53 +0800 [thread overview] Message-ID: <20150713021353.282890552@redhat.com> (raw) Previously Theodore Ts'o brought up an issue about kexec_load syscall bypassing signature verification: https://lkml.org/lkml/2015/6/14/280 Because we have two kexec load syscall, one kexec_load, another kexec_file_load, the latter one was introduced by Vivek Goyal, it is mainly for supporting UEFI secure boot. kexec_file_load verifies kernel signature, but even if with CONFIG_KEXEC_VERIFY_SIG=y and CONFIG_KEXEC_FILE=y, kexec-tools still can use old syscall and bypass signature verification. KEXEC_FILE can also be used without UEFI, so kexec can always verify kernel signature for security purpose. The suggestion in above thread is add a new Kconfig option for kexec common code, here I use KEXEC_CORE, KEXEC and KEXEC_FILE select KEXEC_CORE so one can compile only KEXEC_FILE without old kexec_load syscall. There's checkpatch warnings and errors, I would like to send furthuer cleanup patches after this series. Please let me know if you have other suggestions. checkpatch errors are for cases such as assign a value to static variables. PATCH 3/3 can be sort out from the series if people do not like. It is a cleanup for a macro. Below is the diffstat of the patches: --- arch/arm/Kconfig | 4 arch/ia64/Kconfig | 4 arch/m68k/Kconfig | 4 arch/mips/Kconfig | 4 arch/powerpc/Kconfig | 4 arch/sh/Kconfig | 4 arch/tile/Kconfig | 4 arch/x86/Kconfig | 6 arch/x86/boot/header.S | 2 arch/x86/include/asm/kdebug.h | 5 arch/x86/kernel/Makefile | 4 arch/x86/kernel/kvmclock.c | 4 arch/x86/kernel/reboot.c | 4 arch/x86/kernel/setup.c | 2 arch/x86/kernel/vmlinux.lds.S | 2 arch/x86/kvm/vmx.c | 8 arch/x86/platform/efi/efi.c | 4 arch/x86/platform/uv/uv_nmi.c | 6 drivers/firmware/efi/Kconfig | 2 drivers/pci/pci-driver.c | 2 include/linux/kexec.h | 12 init/initramfs.c | 4 kernel/Makefile | 2 kernel/events/core.c | 2 kernel/kexec.c | 2633 ------------------------------------------ kernel/kexec_core.c | 1594 +++++++++++++++++++++++++ kernel/kexec_file.c | 1044 ++++++++++++++++ kernel/kexec_internal.h | 22 kernel/ksysfs.c | 6 kernel/printk/printk.c | 2 kernel/reboot.c | 2 kernel/sysctl.c | 2 32 files changed, 2745 insertions(+), 2659 deletions(-) Thanks Dave
WARNING: multiple messages have this Message-ID (diff)
From: dyoung@redhat.com To: linux-kernel@vger.kernel.org, kexec@lists.infradead.org Cc: jwboyer@fedoraproject.org, tytso@mit.edu, ptesarik@suse.cz, dhowells@redhat.com, ebiederm@xmission.com, dyoung@redhat.com, vgoyal@redhat.com Subject: [PATCH 0/3] kexec: refactor CONFIG_KEXEC/CONFIG_KEXEC_FILE Kconfig Date: Mon, 13 Jul 2015 10:13:53 +0800 [thread overview] Message-ID: <20150713021353.282890552@redhat.com> (raw) Previously Theodore Ts'o brought up an issue about kexec_load syscall bypassing signature verification: https://lkml.org/lkml/2015/6/14/280 Because we have two kexec load syscall, one kexec_load, another kexec_file_load, the latter one was introduced by Vivek Goyal, it is mainly for supporting UEFI secure boot. kexec_file_load verifies kernel signature, but even if with CONFIG_KEXEC_VERIFY_SIG=y and CONFIG_KEXEC_FILE=y, kexec-tools still can use old syscall and bypass signature verification. KEXEC_FILE can also be used without UEFI, so kexec can always verify kernel signature for security purpose. The suggestion in above thread is add a new Kconfig option for kexec common code, here I use KEXEC_CORE, KEXEC and KEXEC_FILE select KEXEC_CORE so one can compile only KEXEC_FILE without old kexec_load syscall. There's checkpatch warnings and errors, I would like to send furthuer cleanup patches after this series. Please let me know if you have other suggestions. checkpatch errors are for cases such as assign a value to static variables. PATCH 3/3 can be sort out from the series if people do not like. It is a cleanup for a macro. Below is the diffstat of the patches: --- arch/arm/Kconfig | 4 arch/ia64/Kconfig | 4 arch/m68k/Kconfig | 4 arch/mips/Kconfig | 4 arch/powerpc/Kconfig | 4 arch/sh/Kconfig | 4 arch/tile/Kconfig | 4 arch/x86/Kconfig | 6 arch/x86/boot/header.S | 2 arch/x86/include/asm/kdebug.h | 5 arch/x86/kernel/Makefile | 4 arch/x86/kernel/kvmclock.c | 4 arch/x86/kernel/reboot.c | 4 arch/x86/kernel/setup.c | 2 arch/x86/kernel/vmlinux.lds.S | 2 arch/x86/kvm/vmx.c | 8 arch/x86/platform/efi/efi.c | 4 arch/x86/platform/uv/uv_nmi.c | 6 drivers/firmware/efi/Kconfig | 2 drivers/pci/pci-driver.c | 2 include/linux/kexec.h | 12 init/initramfs.c | 4 kernel/Makefile | 2 kernel/events/core.c | 2 kernel/kexec.c | 2633 ------------------------------------------ kernel/kexec_core.c | 1594 +++++++++++++++++++++++++ kernel/kexec_file.c | 1044 ++++++++++++++++ kernel/kexec_internal.h | 22 kernel/ksysfs.c | 6 kernel/printk/printk.c | 2 kernel/reboot.c | 2 kernel/sysctl.c | 2 32 files changed, 2745 insertions(+), 2659 deletions(-) Thanks Dave _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec
next reply other threads:[~2015-07-13 2:30 UTC|newest] Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top 2015-07-13 2:13 dyoung [this message] 2015-07-13 2:13 ` [PATCH 0/3] kexec: refactor CONFIG_KEXEC/CONFIG_KEXEC_FILE Kconfig dyoung 2015-07-13 2:13 ` [PATCH 1/3] [PATCH 1/3] kexec: split kexec_file syscall code to kexec_file.c dyoung 2015-07-13 2:13 ` dyoung 2015-07-13 2:13 ` [PATCH 2/3] [PATCH 2/3] kexec: split kexec_load syscall from kexec core code dyoung 2015-07-13 2:13 ` dyoung 2015-07-13 8:55 ` Geert Uytterhoeven 2015-07-13 8:55 ` Geert Uytterhoeven 2015-07-14 8:46 ` Dave Young 2015-07-14 8:46 ` Dave Young 2015-07-14 8:50 ` Geert Uytterhoeven 2015-07-14 8:50 ` Geert Uytterhoeven 2015-07-14 9:11 ` Dave Young 2015-07-14 9:11 ` Dave Young 2015-07-14 9:16 ` Geert Uytterhoeven 2015-07-14 9:16 ` Geert Uytterhoeven 2015-07-14 9:24 ` Dave Young 2015-07-14 9:24 ` Dave Young 2015-07-14 9:47 ` Geert Uytterhoeven 2015-07-14 9:47 ` Geert Uytterhoeven 2015-07-15 1:30 ` Dave Young 2015-07-15 1:30 ` Dave Young 2015-07-13 2:13 ` [PATCH 3/3] [PATCH 3/3] kexec-x86-kdebug-h-drop-useless-macro dyoung 2015-07-13 2:13 ` dyoung 2015-07-15 9:16 ` [PATCH 0/3] kexec: refactor CONFIG_KEXEC/CONFIG_KEXEC_FILE Kconfig Dave Young 2015-07-15 9:16 ` Dave Young 2015-07-15 9:36 ` Dave Young 2015-07-15 9:36 ` Dave Young
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20150713021353.282890552@redhat.com \ --to=dyoung@redhat.com \ --cc=dhowells@redhat.com \ --cc=ebiederm@xmission.com \ --cc=jwboyer@fedoraproject.org \ --cc=kexec@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=ptesarik@suse.cz \ --cc=tytso@mit.edu \ --cc=vgoyal@redhat.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.