From: "Michal Suchánek" <msuchanek@suse.de>
To: gregkh@linuxfoundation.org
Cc: coxu@redhat.com, bhe@redhat.com, ebiederm@xmission.com,
zohar@linux.ibm.com, stable@vger.kernel.org
Subject: Re: FAILED: patch "[PATCH] kexec: clean up arch_kexec_kernel_verify_sig" failed to apply to 5.15-stable tree
Date: Mon, 15 Aug 2022 14:41:25 +0200 [thread overview]
Message-ID: <20220815124125.GD17705@kitsune.suse.cz> (raw)
In-Reply-To: <1660564084173149@kroah.com>
Hello,
it applies on top of 105e10e2cf1c
Thanks
Michal
On Mon, Aug 15, 2022 at 01:48:04PM +0200, gregkh@linuxfoundation.org wrote:
>
> The patch below does not apply to the 5.15-stable tree.
> If someone wants it applied there, or to any other stable or longterm
> tree, then please email the backport, including the original git commit
> id to <stable@vger.kernel.org>.
>
> thanks,
>
> greg k-h
>
> ------------------ original commit in Linus's tree ------------------
>
> From 689a71493bd2f31c024f8c0395f85a1fd4b2138e Mon Sep 17 00:00:00 2001
> From: Coiby Xu <coxu@redhat.com>
> Date: Thu, 14 Jul 2022 21:40:24 +0800
> Subject: [PATCH] kexec: clean up arch_kexec_kernel_verify_sig
>
> Before commit 105e10e2cf1c ("kexec_file: drop weak attribute from
> functions"), there was already no arch-specific implementation
> of arch_kexec_kernel_verify_sig. With weak attribute dropped by that
> commit, arch_kexec_kernel_verify_sig is completely useless. So clean it
> up.
>
> Note later patches are dependent on this patch so it should be backported
> to the stable tree as well.
>
> Cc: stable@vger.kernel.org
> Suggested-by: Eric W. Biederman <ebiederm@xmission.com>
> Reviewed-by: Michal Suchanek <msuchanek@suse.de>
> Acked-by: Baoquan He <bhe@redhat.com>
> Signed-off-by: Coiby Xu <coxu@redhat.com>
> [zohar@linux.ibm.com: reworded patch description "Note"]
> Link: https://lore.kernel.org/linux-integrity/20220714134027.394370-1-coxu@redhat.com/
> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
>
> diff --git a/include/linux/kexec.h b/include/linux/kexec.h
> index 8107606ad1e8..7f710fb3712b 100644
> --- a/include/linux/kexec.h
> +++ b/include/linux/kexec.h
> @@ -212,11 +212,6 @@ static inline void *arch_kexec_kernel_image_load(struct kimage *image)
> }
> #endif
>
> -#ifdef CONFIG_KEXEC_SIG
> -int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
> - unsigned long buf_len);
> -#endif
> -
> extern int kexec_add_buffer(struct kexec_buf *kbuf);
> int kexec_locate_mem_hole(struct kexec_buf *kbuf);
>
> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
> index 0c27c81351ee..6dc1294c90fc 100644
> --- a/kernel/kexec_file.c
> +++ b/kernel/kexec_file.c
> @@ -81,24 +81,6 @@ int kexec_image_post_load_cleanup_default(struct kimage *image)
> return image->fops->cleanup(image->image_loader_data);
> }
>
> -#ifdef CONFIG_KEXEC_SIG
> -static int kexec_image_verify_sig_default(struct kimage *image, void *buf,
> - unsigned long buf_len)
> -{
> - if (!image->fops || !image->fops->verify_sig) {
> - pr_debug("kernel loader does not support signature verification.\n");
> - return -EKEYREJECTED;
> - }
> -
> - return image->fops->verify_sig(buf, buf_len);
> -}
> -
> -int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf, unsigned long buf_len)
> -{
> - return kexec_image_verify_sig_default(image, buf, buf_len);
> -}
> -#endif
> -
> /*
> * Free up memory used by kernel, initrd, and command line. This is temporary
> * memory allocation which is not needed any more after these buffers have
> @@ -141,13 +123,24 @@ void kimage_file_post_load_cleanup(struct kimage *image)
> }
>
> #ifdef CONFIG_KEXEC_SIG
> +static int kexec_image_verify_sig(struct kimage *image, void *buf,
> + unsigned long buf_len)
> +{
> + if (!image->fops || !image->fops->verify_sig) {
> + pr_debug("kernel loader does not support signature verification.\n");
> + return -EKEYREJECTED;
> + }
> +
> + return image->fops->verify_sig(buf, buf_len);
> +}
> +
> static int
> kimage_validate_signature(struct kimage *image)
> {
> int ret;
>
> - ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf,
> - image->kernel_buf_len);
> + ret = kexec_image_verify_sig(image, image->kernel_buf,
> + image->kernel_buf_len);
> if (ret) {
>
> if (sig_enforce) {
>
next prev parent reply other threads:[~2022-08-15 12:41 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-15 11:48 FAILED: patch "[PATCH] kexec: clean up arch_kexec_kernel_verify_sig" failed to apply to 5.15-stable tree gregkh
2022-08-15 12:41 ` Michal Suchánek [this message]
2022-08-15 13:03 ` Greg KH
2022-08-15 13:22 ` Mimi Zohar
2022-08-17 12:06 ` Greg KH
2022-08-18 4:25 ` Coiby Xu
-- strict thread matches above, loose matches on Subject: below --
2022-08-20 18:20 gregkh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220815124125.GD17705@kitsune.suse.cz \
--to=msuchanek@suse.de \
--cc=bhe@redhat.com \
--cc=coxu@redhat.com \
--cc=ebiederm@xmission.com \
--cc=gregkh@linuxfoundation.org \
--cc=stable@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox