Re: [PATCH v2] lockdown: allow kexec_file of unsigned images when not under lockdown

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Thadeu,

I love your patch! Yet something to improve:

[auto build test ERROR on linus/master]
[also build test ERROR on v4.20-rc1 next-20181106]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]

url:    https://github.com/0day-ci/linux/commits/Thadeu-Lima-de-Souza-Cascardo/lockdown-allow-kexec_file-of-unsigned-images-when-not-under-lockdown/20181106-081252
config: x86_64-fedora-25 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-1) 7.3.0
reproduce:
        # save the attached .config to linux build tree
        make ARCH=x86_64 

All errors (new ones prefixed by >>):

   kernel/kexec_file.c: In function 'kimage_file_prepare_segments':
>> kernel/kexec_file.c:220:13: error: implicit declaration of function 'kernel_is_locked_down'; did you mean 'kernel_sigaction'? [-Werror=implicit-function-declaration]
     if (ret && kernel_is_locked_down("kexec of unsigned images"))
                ^~~~~~~~~~~~~~~~~~~~~
                kernel_sigaction
   cc1: some warnings being treated as errors

vim +220 kernel/kexec_file.c

   180	
   181	/*
   182	 * In file mode list of segments is prepared by kernel. Copy relevant
   183	 * data from user space, do error checking, prepare segment list
   184	 */
   185	static int
   186	kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd,
   187				     const char __user *cmdline_ptr,
   188				     unsigned long cmdline_len, unsigned flags)
   189	{
   190		int ret = 0;
   191		void *ldata;
   192		loff_t size;
   193	
   194		ret = kernel_read_file_from_fd(kernel_fd, &image->kernel_buf,
   195					       &size, INT_MAX, READING_KEXEC_IMAGE);
   196		if (ret)
   197			return ret;
   198		image->kernel_buf_len = size;
   199	
   200		/* IMA needs to pass the measurement list to the next kernel. */
   201		ima_add_kexec_buffer(image);
   202	
   203		/* Call arch image probe handlers */
   204		ret = arch_kexec_kernel_image_probe(image, image->kernel_buf,
   205						    image->kernel_buf_len);
   206		if (ret)
   207			goto out;
   208	
   209	#ifdef CONFIG_KEXEC_VERIFY_SIG
   210		ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf,
   211						   image->kernel_buf_len);
   212		if (ret) {
   213			pr_debug("kernel signature verification failed.\n");
   214		} else {
   215			pr_debug("kernel signature verification successful.\n");
   216		}
   217	#else
   218		ret = -EPERM;
   219	#endif
 > 220		if (ret && kernel_is_locked_down("kexec of unsigned images"))
   221			goto out;
   222		else
   223			ret = 0;
   224	
   225		/* It is possible that there no initramfs is being loaded */
   226		if (!(flags & KEXEC_FILE_NO_INITRAMFS)) {
   227			ret = kernel_read_file_from_fd(initrd_fd, &image->initrd_buf,
   228						       &size, INT_MAX,
   229						       READING_KEXEC_INITRAMFS);
   230			if (ret)
   231				goto out;
   232			image->initrd_buf_len = size;
   233		}
   234	
   235		if (cmdline_len) {
   236			image->cmdline_buf = memdup_user(cmdline_ptr, cmdline_len);
   237			if (IS_ERR(image->cmdline_buf)) {
   238				ret = PTR_ERR(image->cmdline_buf);
   239				image->cmdline_buf = NULL;
   240				goto out;
   241			}
   242	
   243			image->cmdline_buf_len = cmdline_len;
   244	
   245			/* command line should be a string with last byte null */
   246			if (image->cmdline_buf[cmdline_len - 1] != '\0') {
   247				ret = -EINVAL;
   248				goto out;
   249			}
   250		}
   251	
   252		/* Call arch image load handlers */
   253		ldata = arch_kexec_kernel_image_load(image);
   254	
   255		if (IS_ERR(ldata)) {
   256			ret = PTR_ERR(ldata);
   257			goto out;
   258		}
   259	
   260		image->image_loader_data = ldata;
   261	out:
   262		/* In case of error, free up all allocated memory in this function */
   263		if (ret)
   264			kimage_file_post_load_cleanup(image);
   265		return ret;
   266	}
   267	

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

Attachment: .config.gz
Description: application/gzip

_______________________________________________
kexec mailing list
kexec@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/kexec

[Index of Archives]     [LM Sensors]     [Linux Sound]     [ALSA Users]     [ALSA Devel]     [Linux Audio Users]     [Linux Media]     [Kernel]     [Gimp]     [Yosemite News]     [Linux Media]

  Powered by Linux