Hi Thadeu, I love your patch! Yet something to improve: [auto build test ERROR on linus/master] [also build test ERROR on v4.20-rc1 next-20181106] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Thadeu-Lima-de-Souza-Cascardo/lockdown-allow-kexec_file-of-unsigned-images-when-not-under-lockdown/20181106-081252 config: x86_64-fedora-25 (attached as .config) compiler: gcc-7 (Debian 7.3.0-1) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): kernel/kexec_file.c: In function 'kimage_file_prepare_segments': >> kernel/kexec_file.c:220:13: error: implicit declaration of function 'kernel_is_locked_down'; did you mean 'kernel_sigaction'? [-Werror=implicit-function-declaration] if (ret && kernel_is_locked_down("kexec of unsigned images")) ^~~~~~~~~~~~~~~~~~~~~ kernel_sigaction cc1: some warnings being treated as errors vim +220 kernel/kexec_file.c 180 181 /* 182 * In file mode list of segments is prepared by kernel. Copy relevant 183 * data from user space, do error checking, prepare segment list 184 */ 185 static int 186 kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, 187 const char __user *cmdline_ptr, 188 unsigned long cmdline_len, unsigned flags) 189 { 190 int ret = 0; 191 void *ldata; 192 loff_t size; 193 194 ret = kernel_read_file_from_fd(kernel_fd, &image->kernel_buf, 195 &size, INT_MAX, READING_KEXEC_IMAGE); 196 if (ret) 197 return ret; 198 image->kernel_buf_len = size; 199 200 /* IMA needs to pass the measurement list to the next kernel. */ 201 ima_add_kexec_buffer(image); 202 203 /* Call arch image probe handlers */ 204 ret = arch_kexec_kernel_image_probe(image, image->kernel_buf, 205 image->kernel_buf_len); 206 if (ret) 207 goto out; 208 209 #ifdef CONFIG_KEXEC_VERIFY_SIG 210 ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf, 211 image->kernel_buf_len); 212 if (ret) { 213 pr_debug("kernel signature verification failed.\n"); 214 } else { 215 pr_debug("kernel signature verification successful.\n"); 216 } 217 #else 218 ret = -EPERM; 219 #endif > 220 if (ret && kernel_is_locked_down("kexec of unsigned images")) 221 goto out; 222 else 223 ret = 0; 224 225 /* It is possible that there no initramfs is being loaded */ 226 if (!(flags & KEXEC_FILE_NO_INITRAMFS)) { 227 ret = kernel_read_file_from_fd(initrd_fd, &image->initrd_buf, 228 &size, INT_MAX, 229 READING_KEXEC_INITRAMFS); 230 if (ret) 231 goto out; 232 image->initrd_buf_len = size; 233 } 234 235 if (cmdline_len) { 236 image->cmdline_buf = memdup_user(cmdline_ptr, cmdline_len); 237 if (IS_ERR(image->cmdline_buf)) { 238 ret = PTR_ERR(image->cmdline_buf); 239 image->cmdline_buf = NULL; 240 goto out; 241 } 242 243 image->cmdline_buf_len = cmdline_len; 244 245 /* command line should be a string with last byte null */ 246 if (image->cmdline_buf[cmdline_len - 1] != '\0') { 247 ret = -EINVAL; 248 goto out; 249 } 250 } 251 252 /* Call arch image load handlers */ 253 ldata = arch_kexec_kernel_image_load(image); 254 255 if (IS_ERR(ldata)) { 256 ret = PTR_ERR(ldata); 257 goto out; 258 } 259 260 image->image_loader_data = ldata; 261 out: 262 /* In case of error, free up all allocated memory in this function */ 263 if (ret) 264 kimage_file_post_load_cleanup(image); 265 return ret; 266 } 267 --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation
Attachment:
.config.gz
Description: application/gzip
_______________________________________________ kexec mailing list kexec@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/kexec
