FAILED: patch "[PATCH] Fix kexec forbidding kernels signed with keys in the" failed to apply to 4.9-stable tree

All of lore.kernel.org
 help / color / mirror / Atom feed

* FAILED: patch "[PATCH] Fix kexec forbidding kernels signed with keys in the" failed to apply to 4.9-stable tree
@ 2018-09-07  9:14 gregkh
  2018-09-07 10:34 ` Yannik Sembritzki
  0 siblings, 1 reply; 7+ messages in thread
From: gregkh @ 2018-09-07  9:14 UTC (permalink / raw)
  To: yannik, dhowells, torvalds; +Cc: stable


The patch below does not apply to the 4.9-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.

thanks,

greg k-h

------------------ original commit in Linus's tree ------------------

>From ea93102f32244e3f45c8b26260be77ed0cc1d16c Mon Sep 17 00:00:00 2001
From: Yannik Sembritzki <yannik@sembritzki.me>
Date: Thu, 16 Aug 2018 14:05:23 +0100
Subject: [PATCH] Fix kexec forbidding kernels signed with keys in the
 secondary keyring to boot

The split of .system_keyring into .builtin_trusted_keys and
.secondary_trusted_keys broke kexec, thereby preventing kernels signed by
keys which are now in the secondary keyring from being kexec'd.

Fix this by passing VERIFY_USE_SECONDARY_KEYRING to
verify_pefile_signature().

Fixes: d3bfe84129f6 ("certs: Add a secondary system keyring that can be added to dynamically")
Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me>
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: kexec@lists.infradead.org
Cc: keyrings@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c
index 7326078eaa7a..278cd07228dd 100644
--- a/arch/x86/kernel/kexec-bzimage64.c
+++ b/arch/x86/kernel/kexec-bzimage64.c
@@ -532,7 +532,7 @@ static int bzImage64_cleanup(void *loader_data)
 static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len)
 {
 	return verify_pefile_signature(kernel, kernel_len,
-				       NULL,
+				       VERIFY_USE_SECONDARY_KEYRING,
 				       VERIFYING_KEXEC_PE_SIGNATURE);
 }
 #endif

^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: FAILED: patch "[PATCH] Fix kexec forbidding kernels signed with keys in the" failed to apply to 4.9-stable tree
  2018-09-07  9:14 FAILED: patch "[PATCH] Fix kexec forbidding kernels signed with keys in the" failed to apply to 4.9-stable tree gregkh
@ 2018-09-07 10:34 ` Yannik Sembritzki
  2018-09-07 10:53   ` Greg KH
  0 siblings, 1 reply; 7+ messages in thread
From: Yannik Sembritzki @ 2018-09-07 10:34 UTC (permalink / raw)
  To: gregkh, dhowells, torvalds, stable

This patch applies cleanly for me on the linux-4.9.y branch. Could you
tell me what the problem is here?

Yannik

On 07.09.2018 11:14, gregkh@linuxfoundation.org wrote:
> The patch below does not apply to the 4.9-stable tree.
> If someone wants it applied there, or to any other stable or longterm
> tree, then please email the backport, including the original git commit
> id to <stable@vger.kernel.org>.
>
> thanks,
>
> greg k-h
>
> ------------------ original commit in Linus's tree ------------------
>
> From ea93102f32244e3f45c8b26260be77ed0cc1d16c Mon Sep 17 00:00:00 2001
> From: Yannik Sembritzki <yannik@sembritzki.me>
> Date: Thu, 16 Aug 2018 14:05:23 +0100
> Subject: [PATCH] Fix kexec forbidding kernels signed with keys in the
>  secondary keyring to boot
>
> The split of .system_keyring into .builtin_trusted_keys and
> .secondary_trusted_keys broke kexec, thereby preventing kernels signed by
> keys which are now in the secondary keyring from being kexec'd.
>
> Fix this by passing VERIFY_USE_SECONDARY_KEYRING to
> verify_pefile_signature().
>
> Fixes: d3bfe84129f6 ("certs: Add a secondary system keyring that can be added to dynamically")
> Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me>
> Signed-off-by: David Howells <dhowells@redhat.com>
> Cc: kexec@lists.infradead.org
> Cc: keyrings@vger.kernel.org
> Cc: linux-security-module@vger.kernel.org
> Cc: stable@kernel.org
> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
>
> diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c
> index 7326078eaa7a..278cd07228dd 100644
> --- a/arch/x86/kernel/kexec-bzimage64.c
> +++ b/arch/x86/kernel/kexec-bzimage64.c
> @@ -532,7 +532,7 @@ static int bzImage64_cleanup(void *loader_data)
>  static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len)
>  {
>  	return verify_pefile_signature(kernel, kernel_len,
> -				       NULL,
> +				       VERIFY_USE_SECONDARY_KEYRING,
>  				       VERIFYING_KEXEC_PE_SIGNATURE);
>  }
>  #endif
>

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: FAILED: patch "[PATCH] Fix kexec forbidding kernels signed with keys in the" failed to apply to 4.9-stable tree
  2018-09-07 10:34 ` Yannik Sembritzki
@ 2018-09-07 10:53   ` Greg KH
  2018-09-07 10:56     ` Yannik Sembritzki
  0 siblings, 1 reply; 7+ messages in thread
From: Greg KH @ 2018-09-07 10:53 UTC (permalink / raw)
  To: Yannik Sembritzki; +Cc: dhowells, torvalds, stable

On Fri, Sep 07, 2018 at 12:34:08PM +0200, Yannik Sembritzki wrote:
> This patch applies cleanly for me on the linux-4.9.y branch. Could you
> tell me what the problem is here?

The dependant patch fails to apply, so this one fails to build, sorry
for not being more obviuos about this.

So a backport of both is needed here.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: FAILED: patch "[PATCH] Fix kexec forbidding kernels signed with keys in the" failed to apply to 4.9-stable tree
  2018-09-07 10:53   ` Greg KH
@ 2018-09-07 10:56     ` Yannik Sembritzki
  2018-09-07 11:01       ` Greg KH
  0 siblings, 1 reply; 7+ messages in thread
From: Yannik Sembritzki @ 2018-09-07 10:56 UTC (permalink / raw)
  To: Greg KH; +Cc: dhowells, torvalds, stable

Thanks, Greg.

I've backported the other (dependant) patch to 4.9; do I need to do
anything more to also get this one applied to 4.9?

Yannik
On 07.09.2018 12:53, Greg KH wrote:
> On Fri, Sep 07, 2018 at 12:34:08PM +0200, Yannik Sembritzki wrote:
>> This patch applies cleanly for me on the linux-4.9.y branch. Could you
>> tell me what the problem is here?
> The dependant patch fails to apply, so this one fails to build, sorry
> for not being more obviuos about this.
>
> So a backport of both is needed here.
>
> thanks,
>
> greg k-h

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: FAILED: patch "[PATCH] Fix kexec forbidding kernels signed with keys in the" failed to apply to 4.9-stable tree
  2018-09-07 10:56     ` Yannik Sembritzki
@ 2018-09-07 11:01       ` Greg KH
  2018-09-07 11:19         ` [PATCH 1/2] Replace the use of a magic number that indicates that verify_*_signature() should use the secondary keyring with a symbol Yannik Sembritzki
  2018-09-07 11:19         ` [PATCH 2/2] The split of .system_keyring into .builtin_trusted_keys and .secondary_trusted_keys broke kexec, thereby preventing kernels signed by keys which are now in the secondary keyring from being kexec'd Yannik Sembritzki
  0 siblings, 2 replies; 7+ messages in thread
From: Greg KH @ 2018-09-07 11:01 UTC (permalink / raw)
  To: Yannik Sembritzki; +Cc: dhowells, torvalds, stable

On Fri, Sep 07, 2018 at 12:56:40PM +0200, Yannik Sembritzki wrote:
> Thanks, Greg.
> 
> I've backported the other (dependant) patch to 4.9; do I need to do
> anything more to also get this one applied to 4.9?

Yes, that one did not work :(

Can you resend the patch series, backported to 4.9, with the git ids of
the original patches in them somewhere so I know what to do?

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [PATCH 1/2] Replace the use of a magic number that indicates that verify_*_signature() should use the secondary keyring with a symbol.
  2018-09-07 11:01       ` Greg KH
@ 2018-09-07 11:19         ` Yannik Sembritzki
  2018-09-07 11:19         ` [PATCH 2/2] The split of .system_keyring into .builtin_trusted_keys and .secondary_trusted_keys broke kexec, thereby preventing kernels signed by keys which are now in the secondary keyring from being kexec'd Yannik Sembritzki
  1 sibling, 0 replies; 7+ messages in thread
From: Yannik Sembritzki @ 2018-09-07 11:19 UTC (permalink / raw)
  To: torvalds, stable, gregkh, dhowells; +Cc: Yannik Sembritzki

Backport of 817aef260037f33ee0f44c17fe341323d3aebd6d

Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me>
---
 certs/system_keyring.c                  | 3 ++-
 crypto/asymmetric_keys/pkcs7_key_type.c | 2 +-
 include/linux/verification.h            | 6 ++++++
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 50979d6d..24766505 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -14,6 +14,7 @@
 #include <linux/sched.h>
 #include <linux/cred.h>
 #include <linux/err.h>
+#include <linux/verification.h>
 #include <keys/asymmetric-type.h>
 #include <keys/system_keyring.h>
 #include <crypto/pkcs7.h>
@@ -207,7 +208,7 @@ int verify_pkcs7_signature(const void *data, size_t len,
 
 	if (!trusted_keys) {
 		trusted_keys = builtin_trusted_keys;
-	} else if (trusted_keys == (void *)1UL) {
+	} else if (trusted_keys == VERIFY_USE_SECONDARY_KEYRING) {
 #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
 		trusted_keys = secondary_trusted_keys;
 #else
diff --git a/crypto/asymmetric_keys/pkcs7_key_type.c b/crypto/asymmetric_keys/pkcs7_key_type.c
index 1063b644..b2aa925a 100644
--- a/crypto/asymmetric_keys/pkcs7_key_type.c
+++ b/crypto/asymmetric_keys/pkcs7_key_type.c
@@ -62,7 +62,7 @@ static int pkcs7_preparse(struct key_preparsed_payload *prep)
 
 	return verify_pkcs7_signature(NULL, 0,
 				      prep->data, prep->datalen,
-				      (void *)1UL, usage,
+				      VERIFY_USE_SECONDARY_KEYRING, usage,
 				      pkcs7_view_content, prep);
 }
 
diff --git a/include/linux/verification.h b/include/linux/verification.h
index a10549a6..cfa4730d 100644
--- a/include/linux/verification.h
+++ b/include/linux/verification.h
@@ -12,6 +12,12 @@
 #ifndef _LINUX_VERIFICATION_H
 #define _LINUX_VERIFICATION_H
 
+/*
+ * Indicate that both builtin trusted keys and secondary trusted keys
+ * should be used.
+ */
+#define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
+
 /*
  * The use to which an asymmetric key is being put.
  */
-- 
2.17.1

^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [PATCH 2/2] The split of .system_keyring into .builtin_trusted_keys and .secondary_trusted_keys broke kexec, thereby preventing kernels signed by keys which are now in the secondary keyring from being kexec'd.
  2018-09-07 11:01       ` Greg KH
  2018-09-07 11:19         ` [PATCH 1/2] Replace the use of a magic number that indicates that verify_*_signature() should use the secondary keyring with a symbol Yannik Sembritzki
@ 2018-09-07 11:19         ` Yannik Sembritzki
  1 sibling, 0 replies; 7+ messages in thread
From: Yannik Sembritzki @ 2018-09-07 11:19 UTC (permalink / raw)
  To: torvalds, stable, gregkh, dhowells; +Cc: Yannik Sembritzki

Fix this by passing VERIFY_USE_SECONDARY_KEYRING to
verify_pefile_signature().

Backport of ea93102f32244e3f45c8b26260be77ed0cc1d16c

Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me>
---
 arch/x86/kernel/kexec-bzimage64.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c
index 3407b148..490f9be3 100644
--- a/arch/x86/kernel/kexec-bzimage64.c
+++ b/arch/x86/kernel/kexec-bzimage64.c
@@ -529,7 +529,7 @@ static int bzImage64_cleanup(void *loader_data)
 static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len)
 {
 	return verify_pefile_signature(kernel, kernel_len,
-				       NULL,
+				       VERIFY_USE_SECONDARY_KEYRING,
 				       VERIFYING_KEXEC_PE_SIGNATURE);
 }
 #endif
-- 
2.17.1

^ permalink raw reply related	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2018-09-07 16:00 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-09-07  9:14 FAILED: patch "[PATCH] Fix kexec forbidding kernels signed with keys in the" failed to apply to 4.9-stable tree gregkh
2018-09-07 10:34 ` Yannik Sembritzki
2018-09-07 10:53   ` Greg KH
2018-09-07 10:56     ` Yannik Sembritzki
2018-09-07 11:01       ` Greg KH
2018-09-07 11:19         ` [PATCH 1/2] Replace the use of a magic number that indicates that verify_*_signature() should use the secondary keyring with a symbol Yannik Sembritzki
2018-09-07 11:19         ` [PATCH 2/2] The split of .system_keyring into .builtin_trusted_keys and .secondary_trusted_keys broke kexec, thereby preventing kernels signed by keys which are now in the secondary keyring from being kexec'd Yannik Sembritzki

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.