From: dyoung@redhat.com
To: linux-kernel@vger.kernel.org, kexec@lists.infradead.org
Cc: jwboyer@fedoraproject.org, tytso@mit.edu, ptesarik@suse.cz,
dhowells@redhat.com, geert@linux-m68k.org, ebiederm@xmission.com,
akpm@linux-foundation.org, dyoung@redhat.com, vgoyal@redhat.com
Subject: [PATCH V2 0/2] kexec: refactor CONFIG_KEXEC/CONFIG_KEXEC_FILE Kconfig
Date: Mon, 20 Jul 2015 16:37:13 +0800 [thread overview]
Message-ID: <20150720083713.528114272@redhat.com> (raw)
Previously Theodore Ts'o brought up an issue about kexec_load syscall bypassing
signature verification:
https://lkml.org/lkml/2015/6/14/280
Because we have two kexec load syscall, one kexec_load, another kexec_file_load,
the latter one was introduced by Vivek Goyal, it is mainly for supporting UEFI
secure boot. kexec_file_load verifies kernel signature, but even if with
CONFIG_KEXEC_VERIFY_SIG=y and CONFIG_KEXEC_FILE=y, kexec-tools still can use
old syscall and bypass signature verification.
KEXEC_FILE can also be used without UEFI, so kexec can always verify kernel
signature for security purpose.
The suggestion in above thread is add a new Kconfig option for kexec common
code, here I use KEXEC_CORE, KEXEC and KEXEC_FILE select KEXEC_CORE so one can
compile only KEXEC_FILE without old kexec_load syscall.
There's checkpatch warnings and errors, I would like to send furthuer cleanup
patches after this series. Please let me know if you have other suggestions.
checkpatch errors are for cases such as assign a value to static variables.
Changes to V1:
* drop patch 3/3 which is not belonging to this series
* move KEXEC_CORE to generic arch/Kconfig, arch KEXEC selects KEXEC_CORE
* add KEXEC_CORE in s390 arch.
Tested kexec_load only, kexec_file_load only, kexec and kexec_file_load built in cases in x86. For kexec_file_load, tested signed and un-signed kernel.
Tested kexec_load in powerpc64 arch.
Build tested arm arch.
For kexec_file_load, if you do not specify "-s" in kexec-tools, kexec load
will hang, though "-s" is mandatory for kexec_file_load, kexec should still
fail out instead of hanging there, here is a fix in kexec-tools:
--- kexec-tools.orig/kexec/crashdump-elf.c
+++ kexec-tools/kexec/crashdump-elf.c
@@ -145,11 +145,12 @@ int FUNC(struct kexec_info *info,
count_cpu = nr_cpus;
for (i = 0; count_cpu > 0; i++) {
- if (get_note_info(i, ¬es_addr, ¬es_len) < 0) {
- /* This cpu is not present. Skip it. */
- continue;
- }
+ int ret;
+
+ ret = get_note_info(i, ¬es_addr, ¬es_len);
count_cpu--;
+ if (ret < 0) /* This cpu is not present. Skip it. */
+ continue;
phdr = (PHDR *) bufp;
bufp += sizeof(PHDR);
Below is the diffstat of the patche series:
--
arch/Kconfig | 3
arch/arm/Kconfig | 1
arch/ia64/Kconfig | 1
arch/m68k/Kconfig | 1
arch/mips/Kconfig | 1
arch/powerpc/Kconfig | 1
arch/s390/Kconfig | 1
arch/sh/Kconfig | 1
arch/tile/Kconfig | 1
arch/x86/Kconfig | 3
arch/x86/boot/header.S | 2
arch/x86/include/asm/kdebug.h | 2
arch/x86/kernel/Makefile | 4
arch/x86/kernel/kvmclock.c | 4
arch/x86/kernel/reboot.c | 4
arch/x86/kernel/setup.c | 2
arch/x86/kernel/vmlinux.lds.S | 2
arch/x86/kvm/vmx.c | 8
arch/x86/platform/efi/efi.c | 4
arch/x86/platform/uv/uv_nmi.c | 6
drivers/firmware/efi/Kconfig | 2
drivers/pci/pci-driver.c | 2
include/linux/kexec.h | 12
init/initramfs.c | 4
kernel/Makefile | 2
kernel/events/core.c | 2
kernel/kexec.c | 2633 ------------------------------------------
kernel/kexec_core.c | 1594 +++++++++++++++++++++++++
kernel/kexec_file.c | 1044 ++++++++++++++++
kernel/kexec_internal.h | 22
kernel/ksysfs.c | 6
kernel/printk/printk.c | 2
kernel/reboot.c | 2
kernel/sysctl.c | 2
34 files changed, 2725 insertions(+), 2656 deletions(-)
--
Thanks
Dave
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
WARNING: multiple messages have this Message-ID (diff)
From: dyoung@redhat.com
To: linux-kernel@vger.kernel.org, kexec@lists.infradead.org
Cc: dyoung@redhat.com, ebiederm@xmission.com, vgoyal@redhat.com,
ptesarik@suse.cz, tytso@mit.edu, jwboyer@fedoraproject.org,
dhowells@redhat.com, akpm@linux-foundation.org,
geert@linux-m68k.org
Subject: [PATCH V2 0/2] kexec: refactor CONFIG_KEXEC/CONFIG_KEXEC_FILE Kconfig
Date: Mon, 20 Jul 2015 16:37:13 +0800 [thread overview]
Message-ID: <20150720083713.528114272@redhat.com> (raw)
Previously Theodore Ts'o brought up an issue about kexec_load syscall bypassing
signature verification:
https://lkml.org/lkml/2015/6/14/280
Because we have two kexec load syscall, one kexec_load, another kexec_file_load,
the latter one was introduced by Vivek Goyal, it is mainly for supporting UEFI
secure boot. kexec_file_load verifies kernel signature, but even if with
CONFIG_KEXEC_VERIFY_SIG=y and CONFIG_KEXEC_FILE=y, kexec-tools still can use
old syscall and bypass signature verification.
KEXEC_FILE can also be used without UEFI, so kexec can always verify kernel
signature for security purpose.
The suggestion in above thread is add a new Kconfig option for kexec common
code, here I use KEXEC_CORE, KEXEC and KEXEC_FILE select KEXEC_CORE so one can
compile only KEXEC_FILE without old kexec_load syscall.
There's checkpatch warnings and errors, I would like to send furthuer cleanup
patches after this series. Please let me know if you have other suggestions.
checkpatch errors are for cases such as assign a value to static variables.
Changes to V1:
* drop patch 3/3 which is not belonging to this series
* move KEXEC_CORE to generic arch/Kconfig, arch KEXEC selects KEXEC_CORE
* add KEXEC_CORE in s390 arch.
Tested kexec_load only, kexec_file_load only, kexec and kexec_file_load built in cases in x86. For kexec_file_load, tested signed and un-signed kernel.
Tested kexec_load in powerpc64 arch.
Build tested arm arch.
For kexec_file_load, if you do not specify "-s" in kexec-tools, kexec load
will hang, though "-s" is mandatory for kexec_file_load, kexec should still
fail out instead of hanging there, here is a fix in kexec-tools:
--- kexec-tools.orig/kexec/crashdump-elf.c
+++ kexec-tools/kexec/crashdump-elf.c
@@ -145,11 +145,12 @@ int FUNC(struct kexec_info *info,
count_cpu = nr_cpus;
for (i = 0; count_cpu > 0; i++) {
- if (get_note_info(i, ¬es_addr, ¬es_len) < 0) {
- /* This cpu is not present. Skip it. */
- continue;
- }
+ int ret;
+
+ ret = get_note_info(i, ¬es_addr, ¬es_len);
count_cpu--;
+ if (ret < 0) /* This cpu is not present. Skip it. */
+ continue;
phdr = (PHDR *) bufp;
bufp += sizeof(PHDR);
Below is the diffstat of the patche series:
--
arch/Kconfig | 3
arch/arm/Kconfig | 1
arch/ia64/Kconfig | 1
arch/m68k/Kconfig | 1
arch/mips/Kconfig | 1
arch/powerpc/Kconfig | 1
arch/s390/Kconfig | 1
arch/sh/Kconfig | 1
arch/tile/Kconfig | 1
arch/x86/Kconfig | 3
arch/x86/boot/header.S | 2
arch/x86/include/asm/kdebug.h | 2
arch/x86/kernel/Makefile | 4
arch/x86/kernel/kvmclock.c | 4
arch/x86/kernel/reboot.c | 4
arch/x86/kernel/setup.c | 2
arch/x86/kernel/vmlinux.lds.S | 2
arch/x86/kvm/vmx.c | 8
arch/x86/platform/efi/efi.c | 4
arch/x86/platform/uv/uv_nmi.c | 6
drivers/firmware/efi/Kconfig | 2
drivers/pci/pci-driver.c | 2
include/linux/kexec.h | 12
init/initramfs.c | 4
kernel/Makefile | 2
kernel/events/core.c | 2
kernel/kexec.c | 2633 ------------------------------------------
kernel/kexec_core.c | 1594 +++++++++++++++++++++++++
kernel/kexec_file.c | 1044 ++++++++++++++++
kernel/kexec_internal.h | 22
kernel/ksysfs.c | 6
kernel/printk/printk.c | 2
kernel/reboot.c | 2
kernel/sysctl.c | 2
34 files changed, 2725 insertions(+), 2656 deletions(-)
--
Thanks
Dave
next reply other threads:[~2015-07-20 8:47 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-20 8:37 dyoung [this message]
2015-07-20 8:37 ` [PATCH V2 0/2] kexec: refactor CONFIG_KEXEC/CONFIG_KEXEC_FILE Kconfig dyoung
2015-07-20 8:37 ` [PATCH V2 1/2] kexec: split kexec_file syscall code to kexec_file.c dyoung
2015-07-20 8:37 ` dyoung
2015-07-20 8:37 ` [PATCH V2 2/2] kexec: split kexec_load syscall from kexec core code dyoung
2015-07-20 8:37 ` dyoung
2015-07-21 13:03 ` Vivek Goyal
2015-07-21 13:03 ` Vivek Goyal
2015-07-22 2:14 ` Dave Young
2015-07-22 2:14 ` Dave Young
2015-07-22 2:19 ` [PATCH V2 2/2 update] " Dave Young
2015-07-22 2:19 ` Dave Young
2015-07-22 2:31 ` Dave Young
2015-07-22 2:31 ` Dave Young
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150720083713.528114272@redhat.com \
--to=dyoung@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=dhowells@redhat.com \
--cc=ebiederm@xmission.com \
--cc=geert@linux-m68k.org \
--cc=jwboyer@fedoraproject.org \
--cc=kexec@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ptesarik@suse.cz \
--cc=tytso@mit.edu \
--cc=vgoyal@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.