From: Dave Young <dyoung@redhat.com>
To: linux-kernel@vger.kernel.org, kexec@lists.infradead.org
Cc: jwboyer@fedoraproject.org, tytso@mit.edu, ptesarik@suse.cz,
dhowells@redhat.com, ebiederm@xmission.com, vgoyal@redhat.com
Subject: Re: [PATCH 0/3] kexec: refactor CONFIG_KEXEC/CONFIG_KEXEC_FILE Kconfig
Date: Wed, 15 Jul 2015 17:16:07 +0800 [thread overview]
Message-ID: <20150715091607.GB5424@dhcp-128-92.nay.redhat.com> (raw)
In-Reply-To: <20150713021353.282890552@redhat.com>
On 07/13/15 at 10:13am, Dave Young wrote:
> Previously Theodore Ts'o brought up an issue about kexec_load syscall bypassing
> signature verification:
> https://lkml.org/lkml/2015/6/14/280
>
> Because we have two kexec load syscall, one kexec_load, another kexec_file_load,
> the latter one was introduced by Vivek Goyal, it is mainly for supporting UEFI
> secure boot. kexec_file_load verifies kernel signature, but even if with
> CONFIG_KEXEC_VERIFY_SIG=y and CONFIG_KEXEC_FILE=y, kexec-tools still can use
> old syscall and bypass signature verification.
>
> KEXEC_FILE can also be used without UEFI, so kexec can always verify kernel
> signature for security purpose.
>
> The suggestion in above thread is add a new Kconfig option for kexec common
> code, here I use KEXEC_CORE, KEXEC and KEXEC_FILE select KEXEC_CORE so one can
> compile only KEXEC_FILE without old kexec_load syscall.
>
> There's checkpatch warnings and errors, I would like to send furthuer cleanup
> patches after this series. Please let me know if you have other suggestions.
> checkpatch errors are for cases such as assign a value to static variables.
>
> PATCH 3/3 can be sort out from the series if people do not like. It is a
> cleanup for a macro.
Since it is not related to the Kconfig cleanup thus I will drop it in
next update, will send out as a standalone patch later.
Also there's a kexec-tools patch needed for testing KEXEC_FILE only, I forgot
to mention, will take it in cover letter when I repost:
---
kexec/crashdump-elf.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--- kexec-tools.orig/kexec/crashdump-elf.c
+++ kexec-tools/kexec/crashdump-elf.c
@@ -145,11 +145,12 @@ int FUNC(struct kexec_info *info,
count_cpu = nr_cpus;
for (i = 0; count_cpu > 0; i++) {
- if (get_note_info(i, ¬es_addr, ¬es_len) < 0) {
- /* This cpu is not present. Skip it. */
- continue;
- }
+ int ret;
+
+ ret = get_note_info(i, ¬es_addr, ¬es_len);
count_cpu--;
+ if (ret < 0) /* This cpu is not present. Skip it. */
+ continue;
phdr = (PHDR *) bufp;
bufp += sizeof(PHDR);
Thanks
Dave
WARNING: multiple messages have this Message-ID (diff)
From: Dave Young <dyoung@redhat.com>
To: linux-kernel@vger.kernel.org, kexec@lists.infradead.org
Cc: jwboyer@fedoraproject.org, tytso@mit.edu, ptesarik@suse.cz,
dhowells@redhat.com, ebiederm@xmission.com, vgoyal@redhat.com
Subject: Re: [PATCH 0/3] kexec: refactor CONFIG_KEXEC/CONFIG_KEXEC_FILE Kconfig
Date: Wed, 15 Jul 2015 17:16:07 +0800 [thread overview]
Message-ID: <20150715091607.GB5424@dhcp-128-92.nay.redhat.com> (raw)
In-Reply-To: <20150713021353.282890552@redhat.com>
On 07/13/15 at 10:13am, Dave Young wrote:
> Previously Theodore Ts'o brought up an issue about kexec_load syscall bypassing
> signature verification:
> https://lkml.org/lkml/2015/6/14/280
>
> Because we have two kexec load syscall, one kexec_load, another kexec_file_load,
> the latter one was introduced by Vivek Goyal, it is mainly for supporting UEFI
> secure boot. kexec_file_load verifies kernel signature, but even if with
> CONFIG_KEXEC_VERIFY_SIG=y and CONFIG_KEXEC_FILE=y, kexec-tools still can use
> old syscall and bypass signature verification.
>
> KEXEC_FILE can also be used without UEFI, so kexec can always verify kernel
> signature for security purpose.
>
> The suggestion in above thread is add a new Kconfig option for kexec common
> code, here I use KEXEC_CORE, KEXEC and KEXEC_FILE select KEXEC_CORE so one can
> compile only KEXEC_FILE without old kexec_load syscall.
>
> There's checkpatch warnings and errors, I would like to send furthuer cleanup
> patches after this series. Please let me know if you have other suggestions.
> checkpatch errors are for cases such as assign a value to static variables.
>
> PATCH 3/3 can be sort out from the series if people do not like. It is a
> cleanup for a macro.
Since it is not related to the Kconfig cleanup thus I will drop it in
next update, will send out as a standalone patch later.
Also there's a kexec-tools patch needed for testing KEXEC_FILE only, I forgot
to mention, will take it in cover letter when I repost:
---
kexec/crashdump-elf.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--- kexec-tools.orig/kexec/crashdump-elf.c
+++ kexec-tools/kexec/crashdump-elf.c
@@ -145,11 +145,12 @@ int FUNC(struct kexec_info *info,
count_cpu = nr_cpus;
for (i = 0; count_cpu > 0; i++) {
- if (get_note_info(i, ¬es_addr, ¬es_len) < 0) {
- /* This cpu is not present. Skip it. */
- continue;
- }
+ int ret;
+
+ ret = get_note_info(i, ¬es_addr, ¬es_len);
count_cpu--;
+ if (ret < 0) /* This cpu is not present. Skip it. */
+ continue;
phdr = (PHDR *) bufp;
bufp += sizeof(PHDR);
Thanks
Dave
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2015-07-15 9:16 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-13 2:13 [PATCH 0/3] kexec: refactor CONFIG_KEXEC/CONFIG_KEXEC_FILE Kconfig dyoung
2015-07-13 2:13 ` dyoung
2015-07-13 2:13 ` [PATCH 1/3] [PATCH 1/3] kexec: split kexec_file syscall code to kexec_file.c dyoung
2015-07-13 2:13 ` dyoung
2015-07-13 2:13 ` [PATCH 2/3] [PATCH 2/3] kexec: split kexec_load syscall from kexec core code dyoung
2015-07-13 2:13 ` dyoung
2015-07-13 8:55 ` Geert Uytterhoeven
2015-07-13 8:55 ` Geert Uytterhoeven
2015-07-14 8:46 ` Dave Young
2015-07-14 8:46 ` Dave Young
2015-07-14 8:50 ` Geert Uytterhoeven
2015-07-14 8:50 ` Geert Uytterhoeven
2015-07-14 9:11 ` Dave Young
2015-07-14 9:11 ` Dave Young
2015-07-14 9:16 ` Geert Uytterhoeven
2015-07-14 9:16 ` Geert Uytterhoeven
2015-07-14 9:24 ` Dave Young
2015-07-14 9:24 ` Dave Young
2015-07-14 9:47 ` Geert Uytterhoeven
2015-07-14 9:47 ` Geert Uytterhoeven
2015-07-15 1:30 ` Dave Young
2015-07-15 1:30 ` Dave Young
2015-07-13 2:13 ` [PATCH 3/3] [PATCH 3/3] kexec-x86-kdebug-h-drop-useless-macro dyoung
2015-07-13 2:13 ` dyoung
2015-07-15 9:16 ` Dave Young [this message]
2015-07-15 9:16 ` [PATCH 0/3] kexec: refactor CONFIG_KEXEC/CONFIG_KEXEC_FILE Kconfig Dave Young
2015-07-15 9:36 ` Dave Young
2015-07-15 9:36 ` Dave Young
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150715091607.GB5424@dhcp-128-92.nay.redhat.com \
--to=dyoung@redhat.com \
--cc=dhowells@redhat.com \
--cc=ebiederm@xmission.com \
--cc=jwboyer@fedoraproject.org \
--cc=kexec@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ptesarik@suse.cz \
--cc=tytso@mit.edu \
--cc=vgoyal@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.