From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751930AbcGLNia (ORCPT ); Tue, 12 Jul 2016 09:38:30 -0400 Received: from out03.mta.xmission.com ([166.70.13.233]:51876 "EHLO out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750760AbcGLNi3 (ORCPT ); Tue, 12 Jul 2016 09:38:29 -0400 From: ebiederm@xmission.com (Eric W. Biederman) To: AKASHI Takahiro Cc: vgoyal@redhat.com, dyoung@redhat.com, bhe@redhat.com, bauerman@linux.vnet.ibm.com, arnd@arndb.de, kexec@lists.infradead.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linuxppc-dev@lists.ozlabs.org References: <20160712014201.11456-1-takahiro.akashi@linaro.org> Date: Tue, 12 Jul 2016 08:25:48 -0500 In-Reply-To: <20160712014201.11456-1-takahiro.akashi@linaro.org> (AKASHI Takahiro's message of "Tue, 12 Jul 2016 10:41:58 +0900") Message-ID: <87furf7ztv.fsf@x220.int.ebiederm.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1bMxtA-0002sI-3o;;;mid=<87furf7ztv.fsf@x220.int.ebiederm.org>;;;hst=in01.mta.xmission.com;;;ip=67.3.204.119;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX18DGIdATAtIR9pIwIpJ0zt+h4PAULVtDUA= X-SA-Exim-Connect-IP: 67.3.204.119 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.0 TVD_RCVD_IP Message was received from an IP address * 1.5 XMNoVowels Alpha-numberic number with no vowels * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5000] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa06 1397; Body=1 Fuz1=1 Fuz2=1] * 0.0 T_TooManySym_01 4+ unique symbols in subject X-Spam-DCC: XMission; sa06 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: *;AKASHI Takahiro X-Spam-Relay-Country: X-Spam-Timing: total 1062 ms - load_scoreonly_sql: 0.03 (0.0%), signal_user_changed: 3.5 (0.3%), b_tie_ro: 2.6 (0.2%), parse: 0.72 (0.1%), extract_message_metadata: 17 (1.6%), get_uri_detail_list: 1.48 (0.1%), tests_pri_-1000: 5 (0.5%), tests_pri_-950: 1.14 (0.1%), tests_pri_-900: 0.99 (0.1%), tests_pri_-400: 20 (1.8%), check_bayes: 19 (1.8%), b_tokenize: 5 (0.5%), b_tok_get_all: 6 (0.6%), b_comp_prob: 1.86 (0.2%), b_tok_touch_all: 2.8 (0.3%), b_finish: 0.62 (0.1%), tests_pri_0: 372 (35.0%), check_dkim_signature: 0.45 (0.0%), check_dkim_adsp: 3.1 (0.3%), tests_pri_500: 639 (60.2%), poll_dns_idle: 632 (59.6%), rewrite_mail: 0.00 (0.0%) Subject: Re: [RFC 0/3] extend kexec_file_load system call X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org AKASHI Takahiro writes: > Device tree blob must be passed to a second kernel on DTB-capable > archs, like powerpc and arm64, but the current kernel interface > lacks this support. > > This patch extends kexec_file_load system call by adding an extra > argument to this syscall so that an arbitrary number of file descriptors > can be handed out from user space to the kernel. > > See the background [1]. > > Please note that the new interface looks quite similar to the current > system call, but that it won't always mean that it provides the "binary > compatibility." > > [1] http://lists.infradead.org/pipermail/kexec/2016-June/016276.html So this design is wrong. The kernel already has the device tree blob, you should not be extracting it from the kernel munging it, and then reinserting it in the kernel if you want signatures and everything to pass. What x86 does is pass it's equivalent of the device tree blob from one kernel to another directly and behind the scenes. It does not go through userspace for this. Until a persuasive case can be made for going around the kernel and probably adding a feature (like code execution) that can be used to defeat the signature scheme I am going to nack this. Nacked-by: "Eric W. Biederman" I am happy to see support for other architectures, but for the sake of not moving some code in the kernel let's not build an attackable infrastructure. Eric