linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Dave Young <dyoung@redhat.com>
To: Matthew Garrett <matthewgarrett@google.com>
Cc: jmorris@namei.org, linux-security-module@vger.kernel.org,
	Matthew Garrett <mjg59@google.com>, Jiri Bohac <jbohac@suse.cz>,
	kexec@lists.infradead.org
Subject: Re: [PATCH 3/6] Avoid build warning when !CONFIG_KEXEC_SIG
Date: Wed, 14 Aug 2019 13:23:59 +0800	[thread overview]
Message-ID: <20190814052359.GA10664@dhcp-128-65.nay.redhat.com> (raw)
In-Reply-To: <20190813192126.122370-4-matthewgarrett@google.com>

On 08/13/19 at 12:21pm, Matthew Garrett wrote:
> Refactor the signature validation and lockdown integration a little in
> order to avoid an unused variable.
> 
> Signed-off-by: Matthew Garrett <mjg59@google.com>
> Cc: Jiri Bohac <jbohac@suse.cz>
> Cc: Dave Young <dyoung@redhat.com>
> Cc: kexec@lists.infradead.org
> ---
>  kernel/kexec_file.c | 72 ++++++++++++++++++++++++++++-----------------
>  1 file changed, 45 insertions(+), 27 deletions(-)
> 
> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
> index be0c13076056..e878587715b9 100644
> --- a/kernel/kexec_file.c
> +++ b/kernel/kexec_file.c
> @@ -177,36 +177,13 @@ void kimage_file_post_load_cleanup(struct kimage *image)
>  	image->image_loader_data = NULL;
>  }
>  
> -/*
> - * In file mode list of segments is prepared by kernel. Copy relevant
> - * data from user space, do error checking, prepare segment list
> - */
> +#ifdef CONFIG_KEXEC_SIG
>  static int
> -kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd,
> -			     const char __user *cmdline_ptr,
> -			     unsigned long cmdline_len, unsigned flags)
> +kimage_validate_signature(struct kimage *image)
>  {
>  	const char *reason;
>  	int ret;
> -	void *ldata;
> -	loff_t size;
> -
> -	ret = kernel_read_file_from_fd(kernel_fd, &image->kernel_buf,
> -				       &size, INT_MAX, READING_KEXEC_IMAGE);
> -	if (ret)
> -		return ret;
> -	image->kernel_buf_len = size;
> -
> -	/* IMA needs to pass the measurement list to the next kernel. */
> -	ima_add_kexec_buffer(image);
>  
> -	/* Call arch image probe handlers */
> -	ret = arch_kexec_kernel_image_probe(image, image->kernel_buf,
> -					    image->kernel_buf_len);
> -	if (ret)
> -		goto out;
> -
> -#ifdef CONFIG_KEXEC_SIG
>  	ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf,
>  					   image->kernel_buf_len);
>  	switch (ret) {
> @@ -228,7 +205,7 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd,
>  	decide:
>  		if (IS_ENABLED(CONFIG_KEXEC_SIG_FORCE)) {
>  			pr_notice("%s rejected\n", reason);
> -			goto out;
> +			break;
>  		}
>  
>  		ret = 0;
> @@ -251,9 +228,44 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd,
>  		 */
>  	default:
>  		pr_notice("kernel signature verification failed (%d).\n", ret);
> -		goto out;
> +		break;
>  	}
> +
> +	return ret;
> +}
> +#endif
> +
> +/*
> + * In file mode list of segments is prepared by kernel. Copy relevant
> + * data from user space, do error checking, prepare segment list
> + */
> +static int
> +kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd,
> +			     const char __user *cmdline_ptr,
> +			     unsigned long cmdline_len, unsigned flags)
> +{
> +	int ret;
> +	void *ldata;
> +	loff_t size;
> +
> +	ret = kernel_read_file_from_fd(kernel_fd, &image->kernel_buf,
> +				       &size, INT_MAX, READING_KEXEC_IMAGE);
> +	if (ret)
> +		return ret;
> +	image->kernel_buf_len = size;
> +
> +	/* Call arch image probe handlers */
> +	ret = arch_kexec_kernel_image_probe(image, image->kernel_buf,
> +					    image->kernel_buf_len);
> +	if (ret)
> +		goto out;
> +
> +#ifdef CONFIG_KEXEC_SIG
> +	ret = kimage_validate_signature(image);
> +	if (ret)
> +		goto out;
>  #endif
> +
>  	/* It is possible that there no initramfs is being loaded */
>  	if (!(flags & KEXEC_FILE_NO_INITRAMFS)) {
>  		ret = kernel_read_file_from_fd(initrd_fd, &image->initrd_buf,
> @@ -279,8 +291,14 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd,
>  			ret = -EINVAL;
>  			goto out;
>  		}
> +
> +		ima_kexec_cmdline(image->cmdline_buf,
> +				  image->cmdline_buf_len - 1);
>  	}
>  
> +	/* IMA needs to pass the measurement list to the next kernel. */
> +	ima_add_kexec_buffer(image);
> +
>  	/* Call arch image load handlers */
>  	ldata = arch_kexec_kernel_image_load(image);
>  

I can not get the whole thread, also not sure which tree it should
apply.

I assume it is based on your series for lockdown.  But it is really hard
to review because of no context in this patch.

Also I think it should be good to split the preparation piece of kexec
and send them separately.  Since it is improve the signature
verification logic, they do not necessarily depend on the lockdown
series.

Thanks
Dave

  reply	other threads:[~2019-08-14  5:24 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-13 19:21 [PATCH 0/6] lockdown fixups Matthew Garrett
2019-08-13 19:21 ` [PATCH 1/6] tracefs: Fix potential null dereference in default_file_open() Matthew Garrett
2019-08-13 19:21 ` [PATCH 2/6] early_security_init() needs a stub got !CONFIG_SECURITY Matthew Garrett
2019-08-13 19:21 ` [PATCH 3/6] Avoid build warning when !CONFIG_KEXEC_SIG Matthew Garrett
2019-08-14  5:23   ` Dave Young [this message]
2019-08-14 17:18     ` Matthew Garrett
2019-08-13 19:21 ` [PATCH 4/6] security: fix ptr_ret.cocci warnings Matthew Garrett
2019-08-13 19:21 ` [PATCH 5/6] kexec: s/KEXEC_VERIFY_SIG/KEXEC_SIG/ for consistency Matthew Garrett
2019-08-13 19:21 ` [PATCH 6/6] Document locked_down LSM hook Matthew Garrett
2019-08-13 22:59 ` [PATCH 0/6] lockdown fixups James Morris
2019-08-14  5:06 ` James Morris
2019-08-14 17:20   ` Matthew Garrett
2019-08-14 18:24     ` James Morris
2019-08-14 18:26       ` Matthew Garrett

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190814052359.GA10664@dhcp-128-65.nay.redhat.com \
    --to=dyoung@redhat.com \
    --cc=jbohac@suse.cz \
    --cc=jmorris@namei.org \
    --cc=kexec@lists.infradead.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=matthewgarrett@google.com \
    --cc=mjg59@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).