From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
"Eric W. Biederman" <ebiederm@xmission.com>,
Michal Suchanek <msuchanek@suse.de>, Baoquan He <bhe@redhat.com>,
Coiby Xu <coxu@redhat.com>, Mimi Zohar <zohar@linux.ibm.com>
Subject: [PATCH 5.15 12/14] kexec: clean up arch_kexec_kernel_verify_sig
Date: Fri, 19 Aug 2022 17:40:28 +0200 [thread overview]
Message-ID: <20220819153712.072098573@linuxfoundation.org> (raw)
In-Reply-To: <20220819153711.658766010@linuxfoundation.org>
From: Coiby Xu <coxu@redhat.com>
commit 689a71493bd2f31c024f8c0395f85a1fd4b2138e upstream.
Before commit 105e10e2cf1c ("kexec_file: drop weak attribute from
functions"), there was already no arch-specific implementation
of arch_kexec_kernel_verify_sig. With weak attribute dropped by that
commit, arch_kexec_kernel_verify_sig is completely useless. So clean it
up.
Note later patches are dependent on this patch so it should be backported
to the stable tree as well.
Cc: stable@vger.kernel.org
Suggested-by: Eric W. Biederman <ebiederm@xmission.com>
Reviewed-by: Michal Suchanek <msuchanek@suse.de>
Acked-by: Baoquan He <bhe@redhat.com>
Signed-off-by: Coiby Xu <coxu@redhat.com>
[zohar@linux.ibm.com: reworded patch description "Note"]
Link: https://lore.kernel.org/linux-integrity/20220714134027.394370-1-coxu@redhat.com/
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/kexec.h | 5 -----
kernel/kexec_file.c | 33 +++++++++++++--------------------
2 files changed, 13 insertions(+), 25 deletions(-)
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@@ -206,11 +206,6 @@ static inline void *arch_kexec_kernel_im
}
#endif
-#ifdef CONFIG_KEXEC_SIG
-int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
- unsigned long buf_len);
-#endif
-
extern int kexec_add_buffer(struct kexec_buf *kbuf);
int kexec_locate_mem_hole(struct kexec_buf *kbuf);
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -81,24 +81,6 @@ int kexec_image_post_load_cleanup_defaul
return image->fops->cleanup(image->image_loader_data);
}
-#ifdef CONFIG_KEXEC_SIG
-static int kexec_image_verify_sig_default(struct kimage *image, void *buf,
- unsigned long buf_len)
-{
- if (!image->fops || !image->fops->verify_sig) {
- pr_debug("kernel loader does not support signature verification.\n");
- return -EKEYREJECTED;
- }
-
- return image->fops->verify_sig(buf, buf_len);
-}
-
-int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf, unsigned long buf_len)
-{
- return kexec_image_verify_sig_default(image, buf, buf_len);
-}
-#endif
-
/*
* Free up memory used by kernel, initrd, and command line. This is temporary
* memory allocation which is not needed any more after these buffers have
@@ -141,13 +123,24 @@ void kimage_file_post_load_cleanup(struc
}
#ifdef CONFIG_KEXEC_SIG
+static int kexec_image_verify_sig(struct kimage *image, void *buf,
+ unsigned long buf_len)
+{
+ if (!image->fops || !image->fops->verify_sig) {
+ pr_debug("kernel loader does not support signature verification.\n");
+ return -EKEYREJECTED;
+ }
+
+ return image->fops->verify_sig(buf, buf_len);
+}
+
static int
kimage_validate_signature(struct kimage *image)
{
int ret;
- ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf,
- image->kernel_buf_len);
+ ret = kexec_image_verify_sig(image, image->kernel_buf,
+ image->kernel_buf_len);
if (ret) {
if (sig_enforce) {
next prev parent reply other threads:[~2022-08-19 15:42 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-19 15:40 [PATCH 5.15 00/14] 5.15.62-rc1 review Greg Kroah-Hartman
2022-08-19 15:40 ` [PATCH 5.15 01/14] io_uring: use original request task for inflight tracking Greg Kroah-Hartman
2022-08-19 15:40 ` [PATCH 5.15 02/14] tee: add overflow check in register_shm_helper() Greg Kroah-Hartman
2022-08-19 15:40 ` [PATCH 5.15 03/14] net_sched: cls_route: disallow handle of 0 Greg Kroah-Hartman
2022-08-19 15:40 ` [PATCH 5.15 04/14] ksmbd: prevent out of bound read for SMB2_WRITE Greg Kroah-Hartman
2022-08-19 15:40 ` [PATCH 5.15 05/14] ksmbd: fix heap-based overflow in set_ntacl_dacl() Greg Kroah-Hartman
2022-08-19 15:40 ` [PATCH 5.15 06/14] Revert "x86/ftrace: Use alternative RET encoding" Greg Kroah-Hartman
2022-08-19 15:40 ` [PATCH 5.15 07/14] x86/ibt,ftrace: Make function-graph play nice Greg Kroah-Hartman
2022-08-19 15:40 ` [PATCH 5.15 08/14] x86/ftrace: Use alternative RET encoding Greg Kroah-Hartman
2022-08-19 15:40 ` [PATCH 5.15 09/14] btrfs: only write the sectors in the vertical stripe which has data stripes Greg Kroah-Hartman
2022-08-19 15:40 ` [PATCH 5.15 10/14] btrfs: raid56: dont trust any cached sector in __raid56_parity_recover() Greg Kroah-Hartman
2022-08-19 15:40 ` [PATCH 5.15 11/14] kexec_file: drop weak attribute from functions Greg Kroah-Hartman
2022-08-19 15:40 ` Greg Kroah-Hartman [this message]
2022-08-19 15:40 ` [PATCH 5.15 13/14] kexec, KEYS: make the code in bzImage64_verify_sig generic Greg Kroah-Hartman
2022-08-19 15:40 ` [PATCH 5.15 14/14] arm64: kexec_file: use more system keyrings to verify kernel image signature Greg Kroah-Hartman
2022-08-20 0:42 ` [PATCH 5.15 00/14] 5.15.62-rc1 review Shuah Khan
2022-08-20 8:27 ` Naresh Kamboju
2022-08-20 18:17 ` Greg Kroah-Hartman
2022-08-20 10:05 ` Bagas Sanjaya
2022-08-20 10:42 ` Sudip Mukherjee (Codethink)
2022-08-20 22:23 ` Ron Economos
2022-08-21 0:56 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220819153712.072098573@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bhe@redhat.com \
--cc=coxu@redhat.com \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=msuchanek@suse.de \
--cc=stable@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).