[PATCH v3 1/3] kexec: clean up arch_kexec_kernel_verify_sig

Coiby Xu coxu at redhat.com
Mon Nov 1 20:52:27 PDT 2021


Hi Eric,

Does this patch and "[PATCH v3 2/3] kexec, KEYS: make the code in
bzImage64_verify_sig generic" look good you?

On Mon, Oct 18, 2021 at 04:31:35PM +0800, Coiby Xu wrote:
>commit 9ec4ecef0af7790551109283ca039a7c52de343c ("kexec_file,x86,
>powerpc: factor out kexec_file_ops functions" allows implementing
>the arch-specific implementation of kernel image verification
>in kexec_file_ops->verify_sig. Currently, there is no arch-specific
>implementation of arch_kexec_kernel_verify_sig. So clean it up.
>
>Suggested-by: Eric W. Biederman <ebiederm at xmission.com>
>Signed-off-by: Coiby Xu <coxu at redhat.com>
>---
> include/linux/kexec.h |  4 ----
> kernel/kexec_file.c   | 34 +++++++++++++---------------------
> 2 files changed, 13 insertions(+), 25 deletions(-)
>
>diff --git a/include/linux/kexec.h b/include/linux/kexec.h
>index 0c994ae37729..755fed183224 100644
>--- a/include/linux/kexec.h
>+++ b/include/linux/kexec.h
>@@ -196,10 +196,6 @@ int arch_kexec_apply_relocations(struct purgatory_info *pi,
> 				 const Elf_Shdr *relsec,
> 				 const Elf_Shdr *symtab);
> int arch_kimage_file_post_load_cleanup(struct kimage *image);
>-#ifdef CONFIG_KEXEC_SIG
>-int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
>-				 unsigned long buf_len);
>-#endif
> int arch_kexec_locate_mem_hole(struct kexec_buf *kbuf);
>
> extern int kexec_add_buffer(struct kexec_buf *kbuf);
>diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
>index 33400ff051a8..42b3ac34e4ee 100644
>--- a/kernel/kexec_file.c
>+++ b/kernel/kexec_file.c
>@@ -89,25 +89,6 @@ int __weak arch_kimage_file_post_load_cleanup(struct kimage *image)
> 	return kexec_image_post_load_cleanup_default(image);
> }
>
>-#ifdef CONFIG_KEXEC_SIG
>-static int kexec_image_verify_sig_default(struct kimage *image, void *buf,
>-					  unsigned long buf_len)
>-{
>-	if (!image->fops || !image->fops->verify_sig) {
>-		pr_debug("kernel loader does not support signature verification.\n");
>-		return -EKEYREJECTED;
>-	}
>-
>-	return image->fops->verify_sig(buf, buf_len);
>-}
>-
>-int __weak arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
>-					unsigned long buf_len)
>-{
>-	return kexec_image_verify_sig_default(image, buf, buf_len);
>-}
>-#endif
>-
> /*
>  * arch_kexec_apply_relocations_add - apply relocations of type RELA
>  * @pi:		Purgatory to be relocated.
>@@ -184,13 +165,24 @@ void kimage_file_post_load_cleanup(struct kimage *image)
> }
>
> #ifdef CONFIG_KEXEC_SIG
>+static int kexec_image_verify_sig(struct kimage *image, void *buf,
>+		unsigned long buf_len)
>+{
>+	if (!image->fops || !image->fops->verify_sig) {
>+		pr_debug("kernel loader does not support signature verification.\n");
>+		return -EKEYREJECTED;
>+	}
>+
>+	return image->fops->verify_sig(buf, buf_len);
>+}
>+
> static int
> kimage_validate_signature(struct kimage *image)
> {
> 	int ret;
>
>-	ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf,
>-					   image->kernel_buf_len);
>+	ret = kexec_image_verify_sig(image, image->kernel_buf,
>+			image->kernel_buf_len);
> 	if (ret) {
>
> 		if (IS_ENABLED(CONFIG_KEXEC_SIG_FORCE)) {
>-- 
>2.31.1
>

-- 
Best regards,
Coiby




More information about the kexec mailing list