From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5] helo=mx0a-001b2d01.pphosted.com) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fEMEx-00016c-Nw for kexec@lists.infradead.org; Thu, 03 May 2018 21:58:17 +0000 Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w43LsWp7035491 for ; Thu, 3 May 2018 17:58:04 -0400 Received: from e06smtp14.uk.ibm.com (e06smtp14.uk.ibm.com [195.75.94.110]) by mx0a-001b2d01.pphosted.com with ESMTP id 2hr81hehh9-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 03 May 2018 17:58:03 -0400 Received: from localhost by e06smtp14.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 3 May 2018 22:58:01 +0100 Subject: Re: [PATCH 0/3] kexec: limit kexec_load syscall From: Mimi Zohar Date: Thu, 03 May 2018 17:57:55 -0400 In-Reply-To: <87d0yco1vy.fsf@xmission.com> References: <1523572911-16363-1-git-send-email-zohar@linux.vnet.ibm.com> <87r2mso5up.fsf@xmission.com> <1525383075.3539.67.camel@linux.vnet.ibm.com> <87d0yco1vy.fsf@xmission.com> Mime-Version: 1.0 Message-Id: <1525384675.3539.89.camel@linux.vnet.ibm.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "kexec" Errors-To: kexec-bounces+dwmw2=infradead.org@lists.infradead.org To: "Eric W. Biederman" Cc: Kees Cook , kernel-hardening@lists.openwall.com, kexec@lists.infradead.org, linux-kernel@vger.kernel.org, Matthew Garrett , David Howells , linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org T24gVGh1LCAyMDE4LTA1LTAzIGF0IDE2OjM4IC0wNTAwLCBFcmljIFcuIEJpZWRlcm1hbiB3cm90 ZToKPiBNaW1pIFpvaGFyIDx6b2hhckBsaW51eC52bmV0LmlibS5jb20+IHdyaXRlczoKPiAKPiA+ IFtDYydpbmcgS2VlcyBhbmQga2VybmVsLWhhcmRlbmluZ10KPiA+Cj4gPiBPbiBUaHUsIDIwMTgt MDUtMDMgYXQgMTU6MTMgLTA1MDAsIEVyaWMgVy4gQmllZGVybWFuIHdyb3RlOgo+ID4+IE1pbWkg Wm9oYXIgPHpvaGFyQGxpbnV4LnZuZXQuaWJtLmNvbT4gd3JpdGVzOgo+ID4+IAo+ID4+ID4gSW4g ZW52aXJvbm1lbnRzIHRoYXQgcmVxdWlyZSB0aGUga2V4ZWMga2VybmVsIGltYWdlIHRvIGJlIHNp Z25lZCwgcHJldmVudAo+ID4+ID4gdXNpbmcgdGhlIGtleGVjX2xvYWQgc3lzY2FsbC4gIEluIG9y ZGVyIGZvciBMU01zIGFuZCBJTUEgdG8gZGlmZmVyZW50aWF0ZQo+ID4+ID4gYmV0d2VlbiBrZXhl Y19sb2FkIGFuZCBrZXhlY19maWxlX2xvYWQgc3lzY2FsbHMsIHRoaXMgcGF0Y2ggc2V0IGFkZHMg YQo+ID4+ID4gY2FsbCB0byBzZWN1cml0eV9rZXJuZWxfcmVhZF9maWxlKCkgaW4ga2V4ZWNfbG9h ZF9jaGVjaygpLgo+ID4+IAo+ID4+IEhhdmluZyB0aG91Z2h0IGFib3V0IGl0IHNvbWUgbW9yZSB0 aGlzIGp1c3RpZmljYXRpb24gZm9yIHRoZXNlIGNoYW5nZXMKPiA+PiBkb2VzIG5vdCB3b3JrLiAg VGhlIGZ1bmN0aW9uYWxpdHkgb2Yga2V4ZWNfbG9hZCBpcyBhbHJlYWR5IHJvb3Qtb25seS4KPiA+ PiBTbyBpbiBlbnZpcm9ubWVudHMgdGhhdCByZXF1aXJlIHRoZSBrZXJuZWwgaW1hZ2UgdG8gYmUg c2lnbmVkIGp1c3QgZG9uJ3QKPiA+PiB1c2Uga2V4ZWNfbG9hZC4gIFBvc3NpYmx5IGV2ZW4gY29t cGlsZSBrZXhlY19sb2FkIG91dCB0byBzYXZlIHNwYWNlCj4gPj4gYmVjYXVzZSB5b3Ugd2lsbCBu ZXZlciBuZWVkIGl0LiAgWW91IGRvbid0IG5lZWQgYSBuZXcgc2VjdXJpdHkgaG9vayB0bwo+ID4+ IGRvIGFueSBvZiB0aGF0LiAgVXNlcnNwYWNlIGlzIGEgdmVyeSBmaW5lIG1lY2hhbmlzbSBmb3Ig YmVpbmcgdGhlCj4gPj4gaW5zdHJ1bWVudCBvZiBwb2xpY3kuCj4gPgo+ID4gVHJ1ZSwgZm9yIHRo b3NlIGJ1aWxkaW5nIHRoZWlyIG93biBrZXJuZWwsIHRoZXkgY2FuIGRpc2FibGUgdGhlIG9sZAo+ ID4gc3lzY2FsbHMuIMKgVGhlIGNvbmNlcm4gaXMgbm90IGZvciB0aG9zZSBidWlsZGluZyB0aGVp ciBvd24ga2VybmVscywKPiA+IGJ1dCBmb3IgdGhvc2UgdXNpbmcgc3RvY2sga2VybmVscy4gwqAK PiA+Cj4gPiBCeSBhZGRpbmcgYW4gTFNNIGhvb2sgaGVyZSBpbiB0aGUga2V4ZWNfbG9hZCBzeXNj YWxsLCBhcyBvcHBvc2VkIHRvIGFuCj4gPiBJTUEgc3BlY2lmaWMgaG9vaywgb3RoZXIgTFNNcyBj YW4gcGlnZ3kgYmFjayBvbiB0b3Agb2YgaXQuIMKgQ3VycmVudGx5LAo+ID4gYm90aCBsb2FkX3Bp biBhbmQgU0VMaW51eCBhcmUgZ2F0aW5nIHRoZSBrZXJuZWwgbW9kdWxlIHN5c2NhbGxzIGJhc2Vk Cj4gPiBvbiBzZWN1cml0eV9rZXJuZWxfcmVhZF9maWxlLgo+ID4KPiA+IElmIHRoZXJlIHdhcyBh IHNpbWlsYXIgb3B0aW9uIGZvciB0aGUga2VybmVsIGltYWdlLCBJJ20gcHJldHR5IHN1cmUKPiA+ IG90aGVyIExTTXMgd291bGQgdXNlIGl0Lgo+ID4KPiA+IEZyb20gYW4gSU1BIHBlcnNwZWN0aXZl LCB0aGVyZSBuZWVkcyB0byBiZSBzb21lIG1ldGhvZCBmb3Igb25seQo+ID4gYWxsb3dpbmcgc2ln bmVkIGNvZGUgdG8gYmUgbG9hZGVkLCBleGVjdXRlZCwgZXRjLiAtIGtlcm5lbCBtb2R1bGVzLAo+ ID4ga2VybmVsIGltYWdlL2luaXRyYW1mcywgZmlybXdhcmUsIHBvbGljaWVzLgo+IAo+IFdoYXQg aXMgdGhlIElNQSBwZXJzcGVjdGl2ZS4gIFdoeSBjYW4ndCBJTUEgdHJ1c3QgYXBwcm9wcmlhdGVs eQo+IGF1dGhvcml6ZWQgdXNlcnNwYWNlPwoKU3VwcG9zZSBhIHN5c3RlbSBvd25lciB3YW50cyB0 byBkZWZpbmUgYSBzeXN0ZW0gd2lkZSBwb2xpY3kgdGhhdApyZXF1aXJlcyBhbGwgY29kZSBiZSBz aWduZWQgLSBrZXJuZWwgbW9kdWxlcywgZmlybXdhcmUsIGtleGVjIGltYWdlICYKaW5pdHJhbWZz LCBleGVjdXRhYmxlcywgbW1hcHBlZCBmaWxlcywgZXRjIC0gd2l0aG91dCBoYXZpbmcgdG8gcmVi dWlsZAp0aGUga2VybmVsLiDCoFdpdGhvdXQgYSBjYWxsIGluIGtleGVjX2xvYWQgdGhhdCBpc24n dCBwb3NzaWJsZS4KCj4gCj4gPj4gSWYgeW91IGRvbid0IHRydXN0IHVzZXJzcGFjZSB0aGF0IG5l ZWRzIHRvIGJlIHNwZWxsZWQgb3V0IHZlcnkgY2xlYXJseS4KPiA+PiBZb3UgbmVlZCB0byB0YWxr IGFib3V0IHdoYXQgeW91ciB0aHJlYXQgbW9kZWxzIGFyZS4KPiA+PiAKPiA+PiBJZiB0aGUgb25s eSBqdXN0aWZpY2F0aW9uIGlzIHNvIHRoYXQgdGhhdCB3ZSBjYW4ndCBib290IHdpbmRvd3MgaWYK PiA+PiBzb21lb25lIGhhY2tzIGludG8gdXNlcnNwYWNlIGl0IGhhcyBteSBuYWNrIGJlY2F1c2Ug dGhhdCBpcyBhbm90aGVyIGtpbmQKPiA+PiBvZiBjb21wbGV0ZSBub24tc2Vuc2UuCj4gPgo+ID4g VGhlIHVzZWNhc2UgaXMgdGhlIGFiaWxpdHkgdG8gZ2F0ZSB0aGUga2V4ZWNfbG9hZCB1c2FnZSBp biBzdG9jawo+ID4ga2VybmVscy4KPiAKPiBCdXQga2V4ZWNfbG9hZCBpcyBhbHJlYWR5IGdhdGVk LiAgSXQgcmVxdWlyZXMgQ0FQX1NZU19CT09ULgoKSXQgaXNuJ3QgYSBtYXR0ZXIgb2Yga2V4ZWNf bG9hZCBhbHJlYWR5IGJlaW5nIGdhdGVkLCBidXQgb2Ygd2FudGluZyBhCnNpbmdsZSBwbGFjZSBm b3IgZGVmaW5pbmcgYSBzeXN0ZW0gd2lkZSBwb2xpY3ksIGFzIGRlc2NyaWJlZCBhYm92ZS4KCk1p bWkKCj4gCj4gPj4gR2l2ZW4gdGhhdCB5b3UgYXJlIG5vdCB0cnVzdGluZyB1c2Vyc3BhY2UgdGhp cyBjaGFuZ2VzZXQgYWxzbyBwcm9iYWJseQo+ID4+IG5lZWRzIHRvIGhhdmUgdGhlIGtlcm5lbC1o YXJkZW5pbmcgbGlzdCBjYydkLiAgQmVjYXVzZSB0aGUgb25seSBwb3NzaWJsZQo+ID4+IGp1c3Rp ZmljYXRpb24gSSBjYW4gaW1hZ2luZSBmb3Igc29tZXRoaW5nIGxpa2UgdGhpcyBpcyBrZXJuZWwt aGFyZGVuaW5nLgo+ID4KPiA+IFN1cmUsIENjJ2luZyBsaW51eC1oYXJkZW5pbmcgYW5kIEtlZXMu Cj4gPgo+ID4gTWltaQo+IAoKCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fCmtleGVjIG1haWxpbmcgbGlzdAprZXhlY0BsaXN0cy5pbmZyYWRlYWQub3JnCmh0 dHA6Ly9saXN0cy5pbmZyYWRlYWQub3JnL21haWxtYW4vbGlzdGluZm8va2V4ZWMK