Hi, Am Dienstag, 26 Juli 2016, 21:24:29 schrieb Thiago Jung Bauermann: > Notes: > This is a new version of the last patch in this series which adds > a function where each architecture can verify if the DTB is safe > to load: > > int __weak arch_kexec_verify_buffer(enum kexec_file_type type, > const void *buf, > unsigned long size) > { > return -EINVAL; > } > > I will then provide an implementation in my powerpc patch series > which checks that the DTB only contains nodes and properties from a > whitelist. arch_kexec_kernel_image_load will copy these properties > to the device tree blob the kernel was booted with (and perform > other changes such as setting /chosen/bootargs, of course). Is this approach ok? If so, I'll post a patch next week adding an arch_kexec_verify_buffer hook for powerpc to enforce the whitelist, and also a new version of the patches implementing kexec_file_load for powerpc on top of this series. Eric, does this address your concerns? -- []'s Thiago Jung Bauermann IBM Linux Technology Center