kexec_load(2) bypasses signature verification
dyoung at redhat.com
Thu Jun 25 18:59:31 PDT 2015
On 06/25/15 at 11:59am, Vivek Goyal wrote:
> On Thu, Jun 25, 2015 at 04:48:18PM +0800, Dave Young wrote:
> > On 06/19/15 at 09:09am, Vivek Goyal wrote:
> > > On Fri, Jun 19, 2015 at 04:18:16PM +0800, Dave Young wrote:
> > > > > > If we want to disable unsigned kernel loading at compile time, then we
> > > > > > really need to work on decoupling CONFIG_KEXEC and CONFIG_FILE_KEXEC.
> > > > > > Introducing another config option is not the way forward, IMHO.
> > > > >
> > > > > Yes, let's do it in this way since everyone is fine with it.
> > > >
> > > > I will work on a patch if nobody else have interest or no time on it.
> > >
> > > Thanks Dave. Will be good if you can get this done.
> > Vivek, I worked out some draft patches here:
> > https://github.com/daveyoung/linux/commits/kexec-syscall-cleanup
> > Basiclly I split kexec_file first, then add CONFIG_KEXEC_CORE kconfig option
> > then split kexec_load code from general code.
> > There's a lot of #ifdef CONFIG_KEXEC in kernel source, because CONFIG_KEXEC
> > can be disabled so I changed all kernel general and x86 #ifdef to use
> > CONFIG_KEXEC_CORE if necessary. For other arches dependent code with #ifdef
> > I did not change anything other than the new Kconfig option. It will works
> > because only x86 support KEXEC_FILE.
> > Please take a look if you have time, if this is not what you want please let
> > me know.
> > I will have no time this week, only did building test, will do more test next
> > week, if everything is ok I can send out the patches to list for review.
> Hi Dave,
> I have put few comments in github. Please have a look. Once you have
> another version of patches, I will have another look.
Vivek, thanks a lot. Will have a look.
More information about the kexec