From: Vivek Goyal <vgoyal@redhat.com> To: Borislav Petkov <bp@alien8.de> Cc: WANG Chao <chaowang@redhat.com>, Dave Young <dyoung@redhat.com>, mjg59@srcf.ucam.org, bhe@redhat.com, jkosina@suse.cz, greg@kroah.com, kexec@lists.infradead.org, linux-kernel@vger.kernel.org, ebiederm@xmission.com, hpa@zytor.com, akpm@linux-foundation.org Subject: Re: [PATCH 07/13] kexec: Implementation of new syscall kexec_file_load Date: Fri, 13 Jun 2014 08:46:09 -0400 [thread overview] Message-ID: <20140613124609.GC5871@redhat.com> (raw) In-Reply-To: <20140613075011.GA4751@pd.tnic> On Fri, Jun 13, 2014 at 09:50:11AM +0200, Borislav Petkov wrote: > On Mon, Jun 09, 2014 at 11:41:37AM -0400, Vivek Goyal wrote: > > IIUC, COMMAND_LINE_SIZE gives max limits of running kernel and it does > > not tell us anything about command line size supported by kernel being > > loaded. > > Whatever you do, you do need a sane default because even querying the > boot protocol is not reliable as the to-be-loaded kernel's boot protocol > might be manipulated too, before signing (who knows what people do > in the wild). If signature verification is on, that should catch any manipulation to to protocol headers. If not, then we really can't do anything about it. A large memory allocation will fail and user will get error. This is not different than length of kernel or length of initrd. Somebody might prepare a very huge file and pass that fd to kernel and kernel will try to read the whole thing in. If file is too large, memory allocation will fail and user space will get error. We don't try to put an upper limit on size of kernel image or initrd. > > So having a sane, unconditional fallback COMMAND_LINE_SIZE from the > first kernel is a must, methinks. I disagree here. What if new kernel supports (2 * COMMAND_LINE_SIZE) length command line. We don't want to truncate command line to smaller size because running kernel does not support that long a command line. Thanks Vivek
WARNING: multiple messages have this Message-ID (diff)
From: Vivek Goyal <vgoyal@redhat.com> To: Borislav Petkov <bp@alien8.de> Cc: mjg59@srcf.ucam.org, bhe@redhat.com, greg@kroah.com, hpa@zytor.com, kexec@lists.infradead.org, linux-kernel@vger.kernel.org, ebiederm@xmission.com, jkosina@suse.cz, akpm@linux-foundation.org, Dave Young <dyoung@redhat.com>, WANG Chao <chaowang@redhat.com> Subject: Re: [PATCH 07/13] kexec: Implementation of new syscall kexec_file_load Date: Fri, 13 Jun 2014 08:46:09 -0400 [thread overview] Message-ID: <20140613124609.GC5871@redhat.com> (raw) In-Reply-To: <20140613075011.GA4751@pd.tnic> On Fri, Jun 13, 2014 at 09:50:11AM +0200, Borislav Petkov wrote: > On Mon, Jun 09, 2014 at 11:41:37AM -0400, Vivek Goyal wrote: > > IIUC, COMMAND_LINE_SIZE gives max limits of running kernel and it does > > not tell us anything about command line size supported by kernel being > > loaded. > > Whatever you do, you do need a sane default because even querying the > boot protocol is not reliable as the to-be-loaded kernel's boot protocol > might be manipulated too, before signing (who knows what people do > in the wild). If signature verification is on, that should catch any manipulation to to protocol headers. If not, then we really can't do anything about it. A large memory allocation will fail and user will get error. This is not different than length of kernel or length of initrd. Somebody might prepare a very huge file and pass that fd to kernel and kernel will try to read the whole thing in. If file is too large, memory allocation will fail and user space will get error. We don't try to put an upper limit on size of kernel image or initrd. > > So having a sane, unconditional fallback COMMAND_LINE_SIZE from the > first kernel is a must, methinks. I disagree here. What if new kernel supports (2 * COMMAND_LINE_SIZE) length command line. We don't want to truncate command line to smaller size because running kernel does not support that long a command line. Thanks Vivek _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2014-06-13 12:46 UTC|newest] Thread overview: 214+ messages / expand[flat|nested] mbox.gz Atom feed top 2014-06-03 13:06 [RFC PATCH 00/13][V3] kexec: A new system call to allow in kernel loading Vivek Goyal 2014-06-03 13:06 ` Vivek Goyal 2014-06-03 13:06 ` [PATCH 01/13] bin2c: Move bin2c in scripts/basic Vivek Goyal 2014-06-03 13:06 ` Vivek Goyal 2014-06-03 16:01 ` Borislav Petkov 2014-06-03 16:01 ` Borislav Petkov 2014-06-03 17:13 ` Vivek Goyal 2014-06-03 17:13 ` Vivek Goyal 2014-06-03 13:06 ` [PATCH 02/13] kernel: Build bin2c based on config option CONFIG_BUILD_BIN2C Vivek Goyal 2014-06-03 13:06 ` Vivek Goyal 2014-06-04 9:13 ` Borislav Petkov 2014-06-04 9:13 ` Borislav Petkov 2014-06-03 13:06 ` [PATCH 03/13] kexec: Move segment verification code in a separate function Vivek Goyal 2014-06-03 13:06 ` Vivek Goyal 2014-06-04 9:32 ` Borislav Petkov 2014-06-04 9:32 ` Borislav Petkov 2014-06-04 18:47 ` Vivek Goyal 2014-06-04 18:47 ` Vivek Goyal 2014-06-04 20:30 ` Borislav Petkov 2014-06-04 20:30 ` Borislav Petkov 2014-06-05 14:05 ` Vivek Goyal 2014-06-05 14:05 ` Vivek Goyal 2014-06-05 14:07 ` Borislav Petkov 2014-06-05 14:07 ` Borislav Petkov 2014-06-03 13:06 ` [PATCH 04/13] resource: Provide new functions to walk through resources Vivek Goyal 2014-06-03 13:06 ` Vivek Goyal 2014-06-04 10:24 ` Borislav Petkov 2014-06-04 10:24 ` Borislav Petkov 2014-06-05 13:58 ` Vivek Goyal 2014-06-05 13:58 ` Vivek Goyal 2014-06-03 13:06 ` [PATCH 05/13] kexec: Make kexec_segment user buffer pointer a union Vivek Goyal 2014-06-03 13:06 ` Vivek Goyal 2014-06-04 10:34 ` Borislav Petkov 2014-06-04 10:34 ` Borislav Petkov 2014-06-03 13:06 ` [PATCH 06/13] kexec: New syscall kexec_file_load() declaration Vivek Goyal 2014-06-03 13:06 ` Vivek Goyal 2014-06-04 15:18 ` Borislav Petkov 2014-06-04 15:18 ` Borislav Petkov 2014-06-05 9:56 ` WANG Chao 2014-06-05 9:56 ` WANG Chao 2014-06-05 15:16 ` Vivek Goyal 2014-06-05 15:16 ` Vivek Goyal 2014-06-05 15:22 ` Vivek Goyal 2014-06-05 15:22 ` Vivek Goyal 2014-06-06 6:34 ` WANG Chao 2014-06-06 6:34 ` WANG Chao 2014-06-03 13:06 ` [PATCH 07/13] kexec: Implementation of new syscall kexec_file_load Vivek Goyal 2014-06-03 13:06 ` Vivek Goyal 2014-06-05 11:15 ` Borislav Petkov 2014-06-05 11:15 ` Borislav Petkov 2014-06-05 20:17 ` Vivek Goyal 2014-06-05 20:17 ` Vivek Goyal 2014-06-06 2:11 ` Borislav Petkov 2014-06-06 2:11 ` Borislav Petkov 2014-06-06 18:02 ` Vivek Goyal 2014-06-06 18:02 ` Vivek Goyal 2014-06-11 14:13 ` Borislav Petkov 2014-06-11 14:13 ` Borislav Petkov 2014-06-11 17:04 ` Vivek Goyal 2014-06-11 17:04 ` Vivek Goyal 2014-06-06 6:56 ` WANG Chao 2014-06-06 6:56 ` WANG Chao 2014-06-06 18:19 ` Vivek Goyal 2014-06-06 18:19 ` Vivek Goyal 2014-06-09 2:11 ` Dave Young 2014-06-09 2:11 ` Dave Young 2014-06-09 5:35 ` WANG Chao 2014-06-09 5:35 ` WANG Chao 2014-06-09 15:41 ` Vivek Goyal 2014-06-09 15:41 ` Vivek Goyal 2014-06-13 7:50 ` Borislav Petkov 2014-06-13 7:50 ` Borislav Petkov 2014-06-13 8:00 ` WANG Chao 2014-06-13 8:00 ` WANG Chao 2014-06-13 8:10 ` Borislav Petkov 2014-06-13 8:10 ` Borislav Petkov 2014-06-13 8:24 ` WANG Chao 2014-06-13 8:24 ` WANG Chao 2014-06-13 8:30 ` Borislav Petkov 2014-06-13 8:30 ` Borislav Petkov 2014-06-13 12:49 ` Vivek Goyal 2014-06-13 12:49 ` Vivek Goyal 2014-06-13 12:46 ` Vivek Goyal [this message] 2014-06-13 12:46 ` Vivek Goyal 2014-06-13 15:36 ` Borislav Petkov 2014-06-13 15:36 ` Borislav Petkov 2014-06-16 17:38 ` Vivek Goyal 2014-06-16 17:38 ` Vivek Goyal 2014-06-16 20:05 ` Borislav Petkov 2014-06-16 20:05 ` Borislav Petkov 2014-06-16 20:53 ` Vivek Goyal 2014-06-16 20:53 ` Vivek Goyal 2014-06-16 21:09 ` Borislav Petkov 2014-06-16 21:09 ` Borislav Petkov 2014-06-16 21:25 ` H. Peter Anvin 2014-06-16 21:25 ` H. Peter Anvin 2014-06-16 21:43 ` Vivek Goyal 2014-06-16 21:43 ` Vivek Goyal 2014-06-16 22:10 ` Borislav Petkov 2014-06-16 22:10 ` Borislav Petkov 2014-06-16 22:49 ` H. Peter Anvin 2014-06-16 22:49 ` H. Peter Anvin 2014-06-09 15:30 ` Vivek Goyal 2014-06-09 15:30 ` Vivek Goyal 2014-06-03 13:06 ` [PATCH 08/13] purgatory/sha256: Provide implementation of sha256 in purgaotory context Vivek Goyal 2014-06-03 13:06 ` Vivek Goyal 2014-06-03 13:06 ` [PATCH 09/13] purgatory: Core purgatory functionality Vivek Goyal 2014-06-03 13:06 ` Vivek Goyal 2014-06-05 20:05 ` Borislav Petkov 2014-06-05 20:05 ` Borislav Petkov 2014-06-06 19:51 ` Vivek Goyal 2014-06-06 19:51 ` Vivek Goyal 2014-06-13 10:17 ` Borislav Petkov 2014-06-13 10:17 ` Borislav Petkov 2014-06-16 17:25 ` Vivek Goyal 2014-06-16 17:25 ` Vivek Goyal 2014-06-16 20:10 ` Borislav Petkov 2014-06-16 20:10 ` Borislav Petkov 2014-06-03 13:06 ` [PATCH 10/13] kexec: Load and Relocate purgatory at kernel load time Vivek Goyal 2014-06-03 13:06 ` Vivek Goyal 2014-06-10 16:31 ` Borislav Petkov 2014-06-10 16:31 ` Borislav Petkov 2014-06-11 19:24 ` Vivek Goyal 2014-06-11 19:24 ` Vivek Goyal 2014-06-13 16:14 ` Borislav Petkov 2014-06-13 16:14 ` Borislav Petkov 2014-06-03 13:07 ` [PATCH 11/13] kexec-bzImage: Support for loading bzImage using 64bit entry Vivek Goyal 2014-06-03 13:07 ` Vivek Goyal 2014-06-15 16:35 ` Borislav Petkov 2014-06-15 16:35 ` Borislav Petkov 2014-06-15 16:56 ` H. Peter Anvin 2014-06-15 16:56 ` H. Peter Anvin 2014-06-16 20:06 ` Vivek Goyal 2014-06-16 20:06 ` Vivek Goyal 2014-06-16 20:57 ` Borislav Petkov 2014-06-16 20:57 ` Borislav Petkov 2014-06-16 21:15 ` Vivek Goyal 2014-06-16 21:15 ` Vivek Goyal 2014-06-16 21:27 ` Borislav Petkov 2014-06-16 21:27 ` Borislav Petkov 2014-06-16 21:45 ` Vivek Goyal 2014-06-16 21:45 ` Vivek Goyal 2014-06-24 17:31 ` Vivek Goyal 2014-06-24 17:31 ` Vivek Goyal 2014-06-24 18:23 ` Borislav Petkov 2014-06-24 18:23 ` Borislav Petkov 2014-06-03 13:07 ` [PATCH 12/13] kexec: Support for Kexec on panic using new system call Vivek Goyal 2014-06-03 13:07 ` Vivek Goyal 2014-06-17 21:43 ` Borislav Petkov 2014-06-17 21:43 ` Borislav Petkov 2014-06-18 14:20 ` Vivek Goyal 2014-06-18 14:20 ` Vivek Goyal 2014-06-03 13:07 ` [PATCH 13/13] kexec: Support kexec/kdump on EFI systems Vivek Goyal 2014-06-03 13:07 ` Vivek Goyal 2014-06-18 15:43 ` Borislav Petkov 2014-06-18 15:43 ` Borislav Petkov 2014-06-18 16:06 ` Borislav Petkov 2014-06-18 16:06 ` Borislav Petkov 2014-06-18 16:06 ` Borislav Petkov 2014-06-18 17:39 ` Vivek Goyal 2014-06-18 17:39 ` Vivek Goyal 2014-06-18 17:39 ` Vivek Goyal 2014-06-03 13:12 ` [RFC PATCH 00/13][V3] kexec: A new system call to allow in kernel loading Vivek Goyal 2014-06-03 13:12 ` Vivek Goyal 2014-06-04 9:22 ` WANG Chao 2014-06-04 9:22 ` WANG Chao 2014-06-04 17:50 ` Vivek Goyal 2014-06-04 17:50 ` Vivek Goyal 2014-06-04 19:39 ` Michael Kerrisk 2014-06-04 19:39 ` Michael Kerrisk 2014-06-04 19:39 ` Michael Kerrisk 2014-06-05 14:04 ` Vivek Goyal 2014-06-05 14:04 ` Vivek Goyal 2014-06-05 14:04 ` Vivek Goyal 2014-06-06 5:45 ` Michael Kerrisk (man-pages) 2014-06-06 5:45 ` Michael Kerrisk (man-pages) 2014-06-06 5:45 ` Michael Kerrisk (man-pages) 2014-06-06 18:04 ` Vivek Goyal 2014-06-06 18:04 ` Vivek Goyal 2014-06-06 18:04 ` Vivek Goyal 2014-06-05 8:31 ` Dave Young 2014-06-05 8:31 ` Dave Young 2014-06-05 15:01 ` Vivek Goyal 2014-06-05 15:01 ` Vivek Goyal 2014-06-06 7:37 ` Dave Young 2014-06-06 7:37 ` Dave Young 2014-06-06 20:04 ` Vivek Goyal 2014-06-06 20:04 ` Vivek Goyal 2014-06-09 1:57 ` Dave Young 2014-06-09 1:57 ` Dave Young 2014-06-06 20:37 ` H. Peter Anvin 2014-06-06 20:37 ` H. Peter Anvin 2014-06-06 20:58 ` Matt Fleming 2014-06-06 20:58 ` Matt Fleming 2014-06-06 21:00 ` H. Peter Anvin 2014-06-06 21:00 ` H. Peter Anvin 2014-06-06 21:02 ` Matt Fleming 2014-06-06 21:02 ` Matt Fleming 2014-06-12 5:42 ` Dave Young 2014-06-12 5:42 ` Dave Young 2014-06-12 12:36 ` Vivek Goyal 2014-06-12 12:36 ` Vivek Goyal 2014-06-17 14:24 ` Vivek Goyal 2014-06-17 14:24 ` Vivek Goyal 2014-06-18 1:45 ` Dave Young 2014-06-18 1:45 ` Dave Young 2014-06-18 1:52 ` Dave Young 2014-06-18 1:52 ` Dave Young 2014-06-18 12:40 ` Vivek Goyal 2014-06-18 12:40 ` Vivek Goyal 2014-06-16 21:13 ` Borislav Petkov 2014-06-16 21:13 ` Borislav Petkov 2014-06-17 13:24 ` Vivek Goyal 2014-06-17 13:24 ` Vivek Goyal
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20140613124609.GC5871@redhat.com \ --to=vgoyal@redhat.com \ --cc=akpm@linux-foundation.org \ --cc=bhe@redhat.com \ --cc=bp@alien8.de \ --cc=chaowang@redhat.com \ --cc=dyoung@redhat.com \ --cc=ebiederm@xmission.com \ --cc=greg@kroah.com \ --cc=hpa@zytor.com \ --cc=jkosina@suse.cz \ --cc=kexec@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=mjg59@srcf.ucam.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.