Hello,
it applies on top of 105e10e2cf1c
Thanks
Michal
On Mon, Aug 15, 2022 at 01:48:04PM +0200, gregkh@xxxxxxxxxxxxxxxxxxx wrote:
>
> The patch below does not apply to the 5.15-stable tree.
> If someone wants it applied there, or to any other stable or longterm
> tree, then please email the backport, including the original git commit
> id to <stable@xxxxxxxxxxxxxxx>.
>
> thanks,
>
> greg k-h
>
> ------------------ original commit in Linus's tree ------------------
>
> From 689a71493bd2f31c024f8c0395f85a1fd4b2138e Mon Sep 17 00:00:00 2001
> From: Coiby Xu <coxu@xxxxxxxxxx>
> Date: Thu, 14 Jul 2022 21:40:24 +0800
> Subject: [PATCH] kexec: clean up arch_kexec_kernel_verify_sig
>
> Before commit 105e10e2cf1c ("kexec_file: drop weak attribute from
> functions"), there was already no arch-specific implementation
> of arch_kexec_kernel_verify_sig. With weak attribute dropped by that
> commit, arch_kexec_kernel_verify_sig is completely useless. So clean it
> up.
>
> Note later patches are dependent on this patch so it should be backported
> to the stable tree as well.
>
> Cc: stable@xxxxxxxxxxxxxxx
> Suggested-by: Eric W. Biederman <ebiederm@xxxxxxxxxxxx>
> Reviewed-by: Michal Suchanek <msuchanek@xxxxxxx>
> Acked-by: Baoquan He <bhe@xxxxxxxxxx>
> Signed-off-by: Coiby Xu <coxu@xxxxxxxxxx>
> [zohar@xxxxxxxxxxxxx: reworded patch description "Note"]
> Link: https://lore.kernel.org/linux-integrity/20220714134027.394370-1-coxu@xxxxxxxxxx/
> Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
>
> diff --git a/include/linux/kexec.h b/include/linux/kexec.h
> index 8107606ad1e8..7f710fb3712b 100644
> --- a/include/linux/kexec.h
> +++ b/include/linux/kexec.h
> @@ -212,11 +212,6 @@ static inline void *arch_kexec_kernel_image_load(struct kimage *image)
> }
> #endif
>
> -#ifdef CONFIG_KEXEC_SIG
> -int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
> - unsigned long buf_len);
> -#endif
> -
> extern int kexec_add_buffer(struct kexec_buf *kbuf);
> int kexec_locate_mem_hole(struct kexec_buf *kbuf);
>
> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
> index 0c27c81351ee..6dc1294c90fc 100644
> --- a/kernel/kexec_file.c
> +++ b/kernel/kexec_file.c
> @@ -81,24 +81,6 @@ int kexec_image_post_load_cleanup_default(struct kimage *image)
> return image->fops->cleanup(image->image_loader_data);
> }
>
> -#ifdef CONFIG_KEXEC_SIG
> -static int kexec_image_verify_sig_default(struct kimage *image, void *buf,
> - unsigned long buf_len)
> -{
> - if (!image->fops || !image->fops->verify_sig) {
> - pr_debug("kernel loader does not support signature verification.\n");
> - return -EKEYREJECTED;
> - }
> -
> - return image->fops->verify_sig(buf, buf_len);
> -}
> -
> -int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf, unsigned long buf_len)
> -{
> - return kexec_image_verify_sig_default(image, buf, buf_len);
> -}
> -#endif
> -
> /*
> * Free up memory used by kernel, initrd, and command line. This is temporary
> * memory allocation which is not needed any more after these buffers have
> @@ -141,13 +123,24 @@ void kimage_file_post_load_cleanup(struct kimage *image)
> }
>
> #ifdef CONFIG_KEXEC_SIG
> +static int kexec_image_verify_sig(struct kimage *image, void *buf,
> + unsigned long buf_len)
> +{
> + if (!image->fops || !image->fops->verify_sig) {
> + pr_debug("kernel loader does not support signature verification.\n");
> + return -EKEYREJECTED;
> + }
> +
> + return image->fops->verify_sig(buf, buf_len);
> +}
> +
> static int
> kimage_validate_signature(struct kimage *image)
> {
> int ret;
>
> - ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf,
> - image->kernel_buf_len);
> + ret = kexec_image_verify_sig(image, image->kernel_buf,
> + image->kernel_buf_len);
> if (ret) {
>
> if (sig_enforce) {
>
