From: Baoquan He <bhe@redhat.com>
To: kexec@lists.infradead.org
Subject: [PATCH v6 1/4] kexec: clean up arch_kexec_kernel_verify_sig
Date: Thu, 14 Apr 2022 11:44:25 +0800 [thread overview]
Message-ID: <YleYmZAAnF5aOan3@MiWiFi-R3L-srv> (raw)
In-Reply-To: <20220414014344.228523-2-coxu@redhat.com>
On 04/14/22 at 09:43am, Coiby Xu wrote:
> Currently there is no arch-specific implementation of
> arch_kexec_kernel_verify_sig. Even if we want to add an implementation
> for an architecture in the future, we can simply use "(struct
> kexec_file_ops*)->verify_sig". So clean it up.
>
> Suggested-by: Eric W. Biederman <ebiederm@xmission.com>
> Cc: stable at kernel.org
It should be not worth noticing stable kernel that a clean up patch need
be back ported.
Otherwise this looks good to me,
Acked-by: Baoquan He <bhe@redhat.com>
> Reviewed-by: Michal Suchanek <msuchanek@suse.de>
> Signed-off-by: Coiby Xu <coxu@redhat.com>
> ---
> include/linux/kexec.h | 4 ----
> kernel/kexec_file.c | 34 +++++++++++++---------------------
> 2 files changed, 13 insertions(+), 25 deletions(-)
>
> diff --git a/include/linux/kexec.h b/include/linux/kexec.h
> index 58d1b58a971e..413235c6c797 100644
> --- a/include/linux/kexec.h
> +++ b/include/linux/kexec.h
> @@ -202,10 +202,6 @@ int arch_kexec_apply_relocations(struct purgatory_info *pi,
> const Elf_Shdr *relsec,
> const Elf_Shdr *symtab);
> int arch_kimage_file_post_load_cleanup(struct kimage *image);
> -#ifdef CONFIG_KEXEC_SIG
> -int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
> - unsigned long buf_len);
> -#endif
> int arch_kexec_locate_mem_hole(struct kexec_buf *kbuf);
>
> extern int kexec_add_buffer(struct kexec_buf *kbuf);
> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
> index 8347fc158d2b..3720435807eb 100644
> --- a/kernel/kexec_file.c
> +++ b/kernel/kexec_file.c
> @@ -89,25 +89,6 @@ int __weak arch_kimage_file_post_load_cleanup(struct kimage *image)
> return kexec_image_post_load_cleanup_default(image);
> }
>
> -#ifdef CONFIG_KEXEC_SIG
> -static int kexec_image_verify_sig_default(struct kimage *image, void *buf,
> - unsigned long buf_len)
> -{
> - if (!image->fops || !image->fops->verify_sig) {
> - pr_debug("kernel loader does not support signature verification.\n");
> - return -EKEYREJECTED;
> - }
> -
> - return image->fops->verify_sig(buf, buf_len);
> -}
> -
> -int __weak arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
> - unsigned long buf_len)
> -{
> - return kexec_image_verify_sig_default(image, buf, buf_len);
> -}
> -#endif
> -
> /*
> * arch_kexec_apply_relocations_add - apply relocations of type RELA
> * @pi: Purgatory to be relocated.
> @@ -184,13 +165,24 @@ void kimage_file_post_load_cleanup(struct kimage *image)
> }
>
> #ifdef CONFIG_KEXEC_SIG
> +static int kexec_image_verify_sig(struct kimage *image, void *buf,
> + unsigned long buf_len)
> +{
> + if (!image->fops || !image->fops->verify_sig) {
> + pr_debug("kernel loader does not support signature verification.\n");
> + return -EKEYREJECTED;
> + }
> +
> + return image->fops->verify_sig(buf, buf_len);
> +}
> +
> static int
> kimage_validate_signature(struct kimage *image)
> {
> int ret;
>
> - ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf,
> - image->kernel_buf_len);
> + ret = kexec_image_verify_sig(image, image->kernel_buf,
> + image->kernel_buf_len);
> if (ret) {
>
> if (IS_ENABLED(CONFIG_KEXEC_SIG_FORCE)) {
> --
> 2.34.1
>
next prev parent reply other threads:[~2022-04-14 3:44 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-14 1:43 [PATCH v6 0/4] use more system keyrings to verify arm64 and s390 kexec kernel image signature Coiby Xu
2022-04-14 1:43 ` [PATCH v6 1/4] kexec: clean up arch_kexec_kernel_verify_sig Coiby Xu
2022-04-14 3:44 ` Baoquan He [this message]
2022-04-15 9:37 ` Coiby Xu
2022-04-18 1:40 ` Baoquan He
2022-04-14 1:43 ` [PATCH v6 2/4] kexec, KEYS: make the code in bzImage64_verify_sig generic Coiby Xu
2022-04-18 1:53 ` Baoquan He
2022-04-18 5:42 ` Coiby Xu
2022-04-14 1:43 ` [PATCH v6 3/4] arm64: kexec_file: use more system keyrings to verify kernel image signature Coiby Xu
2022-04-18 2:14 ` Baoquan He
2022-04-18 5:46 ` Coiby Xu
2022-04-14 1:43 ` [PATCH v6 4/4] kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification Coiby Xu
2022-04-18 2:11 ` Baoquan He
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YleYmZAAnF5aOan3@MiWiFi-R3L-srv \
--to=bhe@redhat.com \
--cc=kexec@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).