On 07/15/15 at 05:16pm, Dave Young wrote: > On 07/13/15 at 10:13am, Dave Young wrote: > > Previously Theodore Ts'o brought up an issue about kexec_load syscall bypassing > > signature verification: > > https://lkml.org/lkml/2015/6/14/280 > > > > Because we have two kexec load syscall, one kexec_load, another kexec_file_load, > > the latter one was introduced by Vivek Goyal, it is mainly for supporting UEFI > > secure boot. kexec_file_load verifies kernel signature, but even if with > > CONFIG_KEXEC_VERIFY_SIG=y and CONFIG_KEXEC_FILE=y, kexec-tools still can use > > old syscall and bypass signature verification. > > > > KEXEC_FILE can also be used without UEFI, so kexec can always verify kernel > > signature for security purpose. > > > > The suggestion in above thread is add a new Kconfig option for kexec common > > code, here I use KEXEC_CORE, KEXEC and KEXEC_FILE select KEXEC_CORE so one can > > compile only KEXEC_FILE without old kexec_load syscall. > > > > There's checkpatch warnings and errors, I would like to send furthuer cleanup > > patches after this series. Please let me know if you have other suggestions. > > checkpatch errors are for cases such as assign a value to static variables. > > > > PATCH 3/3 can be sort out from the series if people do not like. It is a > > cleanup for a macro. > > Since it is not related to the Kconfig cleanup thus I will drop it in > next update, will send out as a standalone patch later. > > Also there's a kexec-tools patch needed for testing KEXEC_FILE only, I forgot > to mention, will take it in cover letter when I repost: BTW, it is the case below: kernel: CONFIG_KEXEC_FILE only, kexec-tools: do not use '-s' option, it should check kexec_load(2) earlier and fail out. but below code is still a fix to a code problem. kexec -s -p work ok without the fix. > > --- > kexec/crashdump-elf.c | 9 +++++---- > 1 file changed, 5 insertions(+), 4 deletions(-) > > --- kexec-tools.orig/kexec/crashdump-elf.c > +++ kexec-tools/kexec/crashdump-elf.c > @@ -145,11 +145,12 @@ int FUNC(struct kexec_info *info, > > count_cpu = nr_cpus; > for (i = 0; count_cpu > 0; i++) { > - if (get_note_info(i, ¬es_addr, ¬es_len) < 0) { > - /* This cpu is not present. Skip it. */ > - continue; > - } > + int ret; > + > + ret = get_note_info(i, ¬es_addr, ¬es_len); > count_cpu--; > + if (ret < 0) /* This cpu is not present. Skip it. */ > + continue; > > phdr = (PHDR *) bufp; > bufp += sizeof(PHDR); > > Thanks > Dave > > _______________________________________________ > kexec mailing list > kexec at lists.infradead.org > http://lists.infradead.org/mailman/listinfo/kexec > >