From: Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>
To: kexec@lists.infradead.org
Cc: linux-security-module@vger.kernel.org,
linux-ima-devel@lists.sourceforge.net,
linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org,
Eric Biederman <ebiederm@xmission.com>,
Dave Young <dyoung@redhat.com>, Vivek Goyal <vgoyal@redhat.com>,
Baoquan He <bhe@redhat.com>,
Michael Ellerman <mpe@ellerman.id.au>,
Stewart Smith <stewart@linux.vnet.ibm.com>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
Eric Richter <erichte@linux.vnet.ibm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Balbir Singh <bsingharora@gmail.com>,
Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>
Subject: [PATCH v4 3/5] kexec_file: Allow skipping checksum calculation for some segments.
Date: Tue, 30 Aug 2016 14:45:03 -0300 [thread overview]
Message-ID: <1472579105-26296-4-git-send-email-bauerman@linux.vnet.ibm.com> (raw)
In-Reply-To: <1472579105-26296-1-git-send-email-bauerman@linux.vnet.ibm.com>
Add skip_checksum member to struct kexec_buf to specify whether the
corresponding segment should be part of the checksum calculation.
The next patch will add a way to update segments after a kimage is loaded.
Segments that will be updated in this way should not be checksummed,
otherwise they will cause the purgatory checksum verification to fail
when the machine is rebooted.
As a bonus, we don't need to special-case the purgatory segment anymore
to avoid checksumming it.
Places using struct kexec_buf get false as the default value for
skip_checksum since they all use designated initializers. Therefore,
there is no behavior change with this patch and all segments except the
purgatory are checksummed.
Signed-off-by: Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>
---
include/linux/kexec.h | 23 ++++++++++++++---------
kernel/kexec_file.c | 15 +++++++--------
2 files changed, 21 insertions(+), 17 deletions(-)
diff --git a/include/linux/kexec.h b/include/linux/kexec.h
index 16561e96a6d7..edadff6c86ff 100644
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@@ -100,6 +100,9 @@ struct kexec_segment {
size_t bufsz;
unsigned long mem;
size_t memsz;
+
+ /* Whether this segment is ignored in the checksum calculation. */
+ bool skip_checksum;
};
#ifdef CONFIG_COMPAT
@@ -151,15 +154,16 @@ struct kexec_file_ops {
/**
* struct kexec_buf - parameters for finding a place for a buffer in memory
- * @image: kexec image in which memory to search.
- * @buffer: Contents which will be copied to the allocated memory.
- * @bufsz: Size of @buffer.
- * @mem: On return will have address of the buffer in memory.
- * @memsz: Size for the buffer in memory.
- * @buf_align: Minimum alignment needed.
- * @buf_min: The buffer can't be placed below this address.
- * @buf_max: The buffer can't be placed above this address.
- * @top_down: Allocate from top of memory.
+ * @image: kexec image in which memory to search.
+ * @buffer: Contents which will be copied to the allocated memory.
+ * @bufsz: Size of @buffer.
+ * @mem: On return will have address of the buffer in memory.
+ * @memsz: Size for the buffer in memory.
+ * @buf_align: Minimum alignment needed.
+ * @buf_min: The buffer can't be placed below this address.
+ * @buf_max: The buffer can't be placed above this address.
+ * @top_down: Allocate from top of memory.
+ * @skip_checksum: Don't verify checksum for this buffer in purgatory.
*/
struct kexec_buf {
struct kimage *image;
@@ -171,6 +175,7 @@ struct kexec_buf {
unsigned long buf_min;
unsigned long buf_max;
bool top_down;
+ bool skip_checksum;
};
int __weak arch_kexec_walk_mem(struct kexec_buf *kbuf,
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index f5684adfad07..0e90d1446cb0 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -584,6 +584,7 @@ int kexec_add_buffer(struct kexec_buf *kbuf)
ksegment->bufsz = kbuf->bufsz;
ksegment->mem = kbuf->mem;
ksegment->memsz = kbuf->memsz;
+ ksegment->skip_checksum = kbuf->skip_checksum;
kbuf->image->nr_segments++;
return 0;
}
@@ -598,7 +599,6 @@ static int kexec_calculate_store_digests(struct kimage *image)
char *digest;
void *zero_buf;
struct kexec_sha_region *sha_regions;
- struct purgatory_info *pi = &image->purgatory_info;
zero_buf = __va(page_to_pfn(ZERO_PAGE(0)) << PAGE_SHIFT);
zero_buf_sz = PAGE_SIZE;
@@ -638,11 +638,7 @@ static int kexec_calculate_store_digests(struct kimage *image)
struct kexec_segment *ksegment;
ksegment = &image->segment[i];
- /*
- * Skip purgatory as it will be modified once we put digest
- * info in purgatory.
- */
- if (ksegment->kbuf == pi->purgatory_buf)
+ if (ksegment->skip_checksum)
continue;
ret = crypto_shash_update(desc, ksegment->kbuf,
@@ -714,7 +710,7 @@ static int __kexec_load_purgatory(struct kimage *image, unsigned long min,
Elf_Shdr *sechdrs = NULL;
struct kexec_buf kbuf = { .image = image, .bufsz = 0, .buf_align = 1,
.buf_min = min, .buf_max = max,
- .top_down = top_down };
+ .top_down = top_down, .skip_checksum = true };
/*
* sechdrs_c points to section headers in purgatory and are read
@@ -819,7 +815,10 @@ static int __kexec_load_purgatory(struct kimage *image, unsigned long min,
if (kbuf.buf_align < bss_align)
kbuf.buf_align = bss_align;
- /* Add buffer to segment list */
+ /*
+ * Add buffer to segment list. Don't checksum the segment as
+ * it will be modified once we put digest info in purgatory.
+ */
ret = kexec_add_buffer(&kbuf);
if (ret)
goto out;
--
1.9.1
next prev parent reply other threads:[~2016-08-30 17:45 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-30 17:45 [PATCH v4 0/5] kexec_file: Add buffer hand-over for the next kernel Thiago Jung Bauermann
2016-08-30 17:45 ` [PATCH v4 1/5] kexec_file: Add buffer hand-over support " Thiago Jung Bauermann
2016-08-30 17:45 ` [PATCH v4 2/5] powerpc: " Thiago Jung Bauermann
2016-08-30 17:45 ` Thiago Jung Bauermann [this message]
2016-09-07 1:30 ` [PATCH v4 3/5] kexec_file: Allow skipping checksum calculation for some segments Eric W. Biederman
2016-08-30 17:45 ` [PATCH v4 4/5] kexec_file: Add mechanism to update kexec segments Thiago Jung Bauermann
2016-08-30 17:45 ` [PATCH v4 5/5] IMA: Demonstration code for kexec buffer passing Thiago Jung Bauermann
2016-09-07 13:51 ` [PATCH v4 0/5] kexec_file: Add buffer hand-over for the next kernel Eric W. Biederman
2016-09-07 14:19 ` Eric W. Biederman
2016-09-08 19:20 ` Thiago Jung Bauermann
2016-09-09 4:07 ` Eric W. Biederman
2016-09-09 13:08 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1472579105-26296-4-git-send-email-bauerman@linux.vnet.ibm.com \
--to=bauerman@linux.vnet.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=bhe@redhat.com \
--cc=bsingharora@gmail.com \
--cc=dyoung@redhat.com \
--cc=ebiederm@xmission.com \
--cc=erichte@linux.vnet.ibm.com \
--cc=kexec@lists.infradead.org \
--cc=linux-ima-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=stewart@linux.vnet.ibm.com \
--cc=vgoyal@redhat.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).