From: Baoquan He <bhe@redhat.com>
To: Ricardo Ribalda <ribalda@chromium.org>, akpm@linux-foundation.org
Cc: Jonathan Corbet <corbet@lwn.net>, Petr Tesarik <petr@tesarici.cz>,
Philipp Rudo <prudo@redhat.com>,
linux-doc@vger.kernel.org, kexec@lists.infradead.org,
linux-kernel@vger.kernel.org,
Steven Rostedt <rostedt@goodmis.org>,
Sergey Senozhatsky <senozhatsky@chromium.org>,
Eric Biederman <ebiederm@xmission.com>,
Bagas Sanjaya <bagasdotme@gmail.com>,
Ross Zwisler <zwisler@kernel.org>,
"Joel Fernandes \(Google\)" <joel@joelfernandes.org>
Subject: Re: [PATCH v6 0/3] kexec: Add new parameter to limit the access to kexec
Date: Tue, 10 Jan 2023 10:32:49 +0800 [thread overview]
Message-ID: <Y7zOUdQdbV+c+6P2@fedora> (raw)
In-Reply-To: <20221114-disable-kexec-reset-v6-0-6a8531a09b9a@chromium.org>
On 01/04/23 at 03:38pm, Ricardo Ribalda wrote:
> Add two parameter to specify how many times a kexec kernel can be loaded.
>
> These parameter allow hardening the system.
>
> While we are at it, fix a documentation issue and refactor some code.
The whole series looks good to me, thx.
Acked-by: Baoquan He <bhe@redhat.com>
>
> To: Jonathan Corbet <corbet@lwn.net>
> To: Eric Biederman <ebiederm@xmission.com>
> Cc: linux-doc@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> Cc: kexec@lists.infradead.org
> Cc: Joel Fernandes (Google) <joel@joelfernandes.org>
> Cc: Sergey Senozhatsky <senozhatsky@chromium.org>
> Cc: Steven Rostedt <rostedt@goodmis.org>
> Cc: Ross Zwisler <zwisler@kernel.org>
> To: Philipp Rudo <prudo@redhat.com>
> To: Guilherme G. Piccoli <gpiccoli@igalia.com>
> Cc: Bagas Sanjaya <bagasdotme@gmail.com>
> Cc: Petr Tesarik <petr@tesarici.cz>
> Cc: Baoquan He <bhe@redhat.com>
> Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
>
> ---
> Changes in v6:
> - Fix kexec type on kexec_file
> - Match the length of the table borders to the sections underline (Thanks Bagas!)
> - Fix typo on kexec_load_limit_reboot (Thanks Petr!)
> - Improve commit message (Thanks Baoquan!)
> - Link to v5: https://lore.kernel.org/r/20221114-disable-kexec-reset-v5-0-1bd37caf3c75@chromium.org
>
> Changes in v5:
> - Remove maxlen from ctl_table. Thanks Steven!
> - Link to v4: https://lore.kernel.org/r/20221114-disable-kexec-reset-v4-0-ab809c8d988c@chromium.org
>
> Changes in v4 (Thanks Steven!):
> - Uses sysctl instead or module_parameters
> - Pass image type instead of boolean to permitted
> - Fix typo on flag handling
> - Return -EINVAL for values that does not change the current value.
> - Link to v3: https://lore.kernel.org/r/20221114-disable-kexec-reset-v3-0-4ef4e929adf6@chromium.org
>
> Changes in v3:
> - s/paramter/parameter/ Thanks Ghilherme!
> - s/permited/permitted/ Thanks Joel!
> - Link to v2: https://lore.kernel.org/r/20221114-disable-kexec-reset-v2-0-c498313c1bb5@chromium.org
>
> Changes in v2:
> - Instead of kexec_reboot_disabled, add two new counters (Thanks Philipp!)
> - Link to v1: https://lore.kernel.org/r/20221114-disable-kexec-reset-v1-0-fb51d20cf871@chromium.org
>
> ---
> Ricardo Ribalda (3):
> Documentation: sysctl: Correct kexec_load_disabled
> kexec: Factor out kexec_load_permitted
> kexec: Introduce sysctl parameters kexec_load_limit_*
>
> Documentation/admin-guide/sysctl/kernel.rst | 25 +++++++-
> include/linux/kexec.h | 3 +-
> kernel/kexec.c | 4 +-
> kernel/kexec_core.c | 94 ++++++++++++++++++++++++++++-
> kernel/kexec_file.c | 11 ++--
> 5 files changed, 127 insertions(+), 10 deletions(-)
> ---
> base-commit: 479174d402bcf60789106eedc4def3957c060bad
> change-id: 20221114-disable-kexec-reset-19b7e117338f
>
> Best regards,
> --
> Ricardo Ribalda <ribalda@chromium.org>
>
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
WARNING: multiple messages have this Message-ID (diff)
From: Baoquan He <bhe@redhat.com>
To: Ricardo Ribalda <ribalda@chromium.org>, akpm@linux-foundation.org
Cc: Philipp Rudo <prudo@redhat.com>,
Eric Biederman <ebiederm@xmission.com>,
"Guilherme G. Piccoli" <gpiccoli@igalia.com>,
Jonathan Corbet <corbet@lwn.net>,
linux-doc@vger.kernel.org,
Sergey Senozhatsky <senozhatsky@chromium.org>,
"Joel Fernandes (Google)" <joel@joelfernandes.org>,
Petr Tesarik <petr@tesarici.cz>,
kexec@lists.infradead.org, Bagas Sanjaya <bagasdotme@gmail.com>,
Steven Rostedt <rostedt@goodmis.org>,
linux-kernel@vger.kernel.org, Ross Zwisler <zwisler@kernel.org>
Subject: Re: [PATCH v6 0/3] kexec: Add new parameter to limit the access to kexec
Date: Tue, 10 Jan 2023 10:32:49 +0800 [thread overview]
Message-ID: <Y7zOUdQdbV+c+6P2@fedora> (raw)
In-Reply-To: <20221114-disable-kexec-reset-v6-0-6a8531a09b9a@chromium.org>
On 01/04/23 at 03:38pm, Ricardo Ribalda wrote:
> Add two parameter to specify how many times a kexec kernel can be loaded.
>
> These parameter allow hardening the system.
>
> While we are at it, fix a documentation issue and refactor some code.
The whole series looks good to me, thx.
Acked-by: Baoquan He <bhe@redhat.com>
>
> To: Jonathan Corbet <corbet@lwn.net>
> To: Eric Biederman <ebiederm@xmission.com>
> Cc: linux-doc@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> Cc: kexec@lists.infradead.org
> Cc: Joel Fernandes (Google) <joel@joelfernandes.org>
> Cc: Sergey Senozhatsky <senozhatsky@chromium.org>
> Cc: Steven Rostedt <rostedt@goodmis.org>
> Cc: Ross Zwisler <zwisler@kernel.org>
> To: Philipp Rudo <prudo@redhat.com>
> To: Guilherme G. Piccoli <gpiccoli@igalia.com>
> Cc: Bagas Sanjaya <bagasdotme@gmail.com>
> Cc: Petr Tesarik <petr@tesarici.cz>
> Cc: Baoquan He <bhe@redhat.com>
> Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
>
> ---
> Changes in v6:
> - Fix kexec type on kexec_file
> - Match the length of the table borders to the sections underline (Thanks Bagas!)
> - Fix typo on kexec_load_limit_reboot (Thanks Petr!)
> - Improve commit message (Thanks Baoquan!)
> - Link to v5: https://lore.kernel.org/r/20221114-disable-kexec-reset-v5-0-1bd37caf3c75@chromium.org
>
> Changes in v5:
> - Remove maxlen from ctl_table. Thanks Steven!
> - Link to v4: https://lore.kernel.org/r/20221114-disable-kexec-reset-v4-0-ab809c8d988c@chromium.org
>
> Changes in v4 (Thanks Steven!):
> - Uses sysctl instead or module_parameters
> - Pass image type instead of boolean to permitted
> - Fix typo on flag handling
> - Return -EINVAL for values that does not change the current value.
> - Link to v3: https://lore.kernel.org/r/20221114-disable-kexec-reset-v3-0-4ef4e929adf6@chromium.org
>
> Changes in v3:
> - s/paramter/parameter/ Thanks Ghilherme!
> - s/permited/permitted/ Thanks Joel!
> - Link to v2: https://lore.kernel.org/r/20221114-disable-kexec-reset-v2-0-c498313c1bb5@chromium.org
>
> Changes in v2:
> - Instead of kexec_reboot_disabled, add two new counters (Thanks Philipp!)
> - Link to v1: https://lore.kernel.org/r/20221114-disable-kexec-reset-v1-0-fb51d20cf871@chromium.org
>
> ---
> Ricardo Ribalda (3):
> Documentation: sysctl: Correct kexec_load_disabled
> kexec: Factor out kexec_load_permitted
> kexec: Introduce sysctl parameters kexec_load_limit_*
>
> Documentation/admin-guide/sysctl/kernel.rst | 25 +++++++-
> include/linux/kexec.h | 3 +-
> kernel/kexec.c | 4 +-
> kernel/kexec_core.c | 94 ++++++++++++++++++++++++++++-
> kernel/kexec_file.c | 11 ++--
> 5 files changed, 127 insertions(+), 10 deletions(-)
> ---
> base-commit: 479174d402bcf60789106eedc4def3957c060bad
> change-id: 20221114-disable-kexec-reset-19b7e117338f
>
> Best regards,
> --
> Ricardo Ribalda <ribalda@chromium.org>
>
next prev parent reply other threads:[~2023-01-10 2:33 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-04 14:38 [PATCH v6 0/3] kexec: Add new parameter to limit the access to kexec Ricardo Ribalda
2023-01-04 14:38 ` Ricardo Ribalda
2023-01-04 14:38 ` [PATCH v6 1/3] Documentation: sysctl: Correct kexec_load_disabled Ricardo Ribalda
2023-01-04 14:38 ` Ricardo Ribalda
2023-01-04 14:38 ` [PATCH v6 2/3] kexec: Factor out kexec_load_permitted Ricardo Ribalda
2023-01-04 14:38 ` Ricardo Ribalda
2023-01-04 14:38 ` [PATCH v6 3/3] kexec: Introduce sysctl parameters kexec_load_limit_* Ricardo Ribalda
2023-01-04 14:38 ` Ricardo Ribalda
2023-01-10 2:31 ` Baoquan He
2023-01-10 2:31 ` Baoquan He
2023-01-10 2:32 ` Baoquan He [this message]
2023-01-10 2:32 ` [PATCH v6 0/3] kexec: Add new parameter to limit the access to kexec Baoquan He
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y7zOUdQdbV+c+6P2@fedora \
--to=bhe@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=bagasdotme@gmail.com \
--cc=corbet@lwn.net \
--cc=ebiederm@xmission.com \
--cc=joel@joelfernandes.org \
--cc=kexec@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=petr@tesarici.cz \
--cc=prudo@redhat.com \
--cc=ribalda@chromium.org \
--cc=rostedt@goodmis.org \
--cc=senozhatsky@chromium.org \
--cc=zwisler@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.