From: Ricardo Ribalda <ribalda@chromium.org>
To: "Guilherme G. Piccoli" <gpiccoli@igalia.com>,
Eric Biederman <ebiederm@xmission.com>,
Jonathan Corbet <corbet@lwn.net>, Philipp Rudo <prudo@redhat.com>
Cc: Ross Zwisler <zwisler@kernel.org>,
Sergey Senozhatsky <senozhatsky@chromium.org>,
Steven Rostedt <rostedt@goodmis.org>,
kexec@lists.infradead.org, Ricardo Ribalda <ribalda@chromium.org>,
"Joel Fernandes (Google)" <joel@joelfernandes.org>,
linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org
Subject: [PATCH v5 0/3] kexec: Add new parameter to limit the access to kexec
Date: Wed, 21 Dec 2022 20:45:56 +0100 [thread overview]
Message-ID: <20221114-disable-kexec-reset-v5-0-1bd37caf3c75@chromium.org> (raw)
Add two parameter to specify how many times a kexec kernel can be loaded.
These parameter allow hardening the system.
While we are at it, fix a documentation issue and refactor some code.
To: Jonathan Corbet <corbet@lwn.net>
To: Eric Biederman <ebiederm@xmission.com>
Cc: linux-doc@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: kexec@lists.infradead.org
Cc: Joel Fernandes (Google) <joel@joelfernandes.org>
Cc: Sergey Senozhatsky <senozhatsky@chromium.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Ross Zwisler <zwisler@kernel.org>
To: Philipp Rudo <prudo@redhat.com>
To: Guilherme G. Piccoli <gpiccoli@igalia.com>
Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
---
Changes in v5:
- Remove maxlen from ctl_table. Thanks Steven!
- Link to v4: https://lore.kernel.org/r/20221114-disable-kexec-reset-v4-0-ab809c8d988c@chromium.org
Changes in v4 (Thanks Steven!):
- Uses sysctl instead or module_parameters
- Pass image type instead of boolean to permitted
- Fix typo on flag handling
- Return -EINVAL for values that does not change the current value.
- Link to v3: https://lore.kernel.org/r/20221114-disable-kexec-reset-v3-0-4ef4e929adf6@chromium.org
Changes in v3:
- s/paramter/parameter/ Thanks Ghilherme!
- s/permited/permitted/ Thanks Joel!
- Link to v2: https://lore.kernel.org/r/20221114-disable-kexec-reset-v2-0-c498313c1bb5@chromium.org
Changes in v2:
- Instead of kexec_reboot_disabled, add two new counters (Thanks Philipp!)
- Link to v1: https://lore.kernel.org/r/20221114-disable-kexec-reset-v1-0-fb51d20cf871@chromium.org
---
Ricardo Ribalda (3):
Documentation: sysctl: Correct kexec_load_disabled
kexec: Factor out kexec_load_permitted
kexec: Introduce sysctl parameters kexec_load_limit_*
Documentation/admin-guide/sysctl/kernel.rst | 25 +++++++-
include/linux/kexec.h | 3 +-
kernel/kexec.c | 4 +-
kernel/kexec_core.c | 94 ++++++++++++++++++++++++++++-
kernel/kexec_file.c | 11 ++--
5 files changed, 127 insertions(+), 10 deletions(-)
---
base-commit: 479174d402bcf60789106eedc4def3957c060bad
change-id: 20221114-disable-kexec-reset-19b7e117338f
Best regards,
--
Ricardo Ribalda <ribalda@chromium.org>
WARNING: multiple messages have this Message-ID (diff)
From: Ricardo Ribalda <ribalda@chromium.org>
To: "Guilherme G. Piccoli" <gpiccoli@igalia.com>,
Eric Biederman <ebiederm@xmission.com>,
Jonathan Corbet <corbet@lwn.net>, Philipp Rudo <prudo@redhat.com>
Cc: Ross Zwisler <zwisler@kernel.org>,
Sergey Senozhatsky <senozhatsky@chromium.org>,
Steven Rostedt <rostedt@goodmis.org>,
kexec@lists.infradead.org, Ricardo Ribalda <ribalda@chromium.org>,
"Joel Fernandes (Google)" <joel@joelfernandes.org>,
linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org
Subject: [PATCH v5 0/3] kexec: Add new parameter to limit the access to kexec
Date: Wed, 21 Dec 2022 20:45:56 +0100 [thread overview]
Message-ID: <20221114-disable-kexec-reset-v5-0-1bd37caf3c75@chromium.org> (raw)
Add two parameter to specify how many times a kexec kernel can be loaded.
These parameter allow hardening the system.
While we are at it, fix a documentation issue and refactor some code.
To: Jonathan Corbet <corbet@lwn.net>
To: Eric Biederman <ebiederm@xmission.com>
Cc: linux-doc@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: kexec@lists.infradead.org
Cc: Joel Fernandes (Google) <joel@joelfernandes.org>
Cc: Sergey Senozhatsky <senozhatsky@chromium.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Ross Zwisler <zwisler@kernel.org>
To: Philipp Rudo <prudo@redhat.com>
To: Guilherme G. Piccoli <gpiccoli@igalia.com>
Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
---
Changes in v5:
- Remove maxlen from ctl_table. Thanks Steven!
- Link to v4: https://lore.kernel.org/r/20221114-disable-kexec-reset-v4-0-ab809c8d988c@chromium.org
Changes in v4 (Thanks Steven!):
- Uses sysctl instead or module_parameters
- Pass image type instead of boolean to permitted
- Fix typo on flag handling
- Return -EINVAL for values that does not change the current value.
- Link to v3: https://lore.kernel.org/r/20221114-disable-kexec-reset-v3-0-4ef4e929adf6@chromium.org
Changes in v3:
- s/paramter/parameter/ Thanks Ghilherme!
- s/permited/permitted/ Thanks Joel!
- Link to v2: https://lore.kernel.org/r/20221114-disable-kexec-reset-v2-0-c498313c1bb5@chromium.org
Changes in v2:
- Instead of kexec_reboot_disabled, add two new counters (Thanks Philipp!)
- Link to v1: https://lore.kernel.org/r/20221114-disable-kexec-reset-v1-0-fb51d20cf871@chromium.org
---
Ricardo Ribalda (3):
Documentation: sysctl: Correct kexec_load_disabled
kexec: Factor out kexec_load_permitted
kexec: Introduce sysctl parameters kexec_load_limit_*
Documentation/admin-guide/sysctl/kernel.rst | 25 +++++++-
include/linux/kexec.h | 3 +-
kernel/kexec.c | 4 +-
kernel/kexec_core.c | 94 ++++++++++++++++++++++++++++-
kernel/kexec_file.c | 11 ++--
5 files changed, 127 insertions(+), 10 deletions(-)
---
base-commit: 479174d402bcf60789106eedc4def3957c060bad
change-id: 20221114-disable-kexec-reset-19b7e117338f
Best regards,
--
Ricardo Ribalda <ribalda@chromium.org>
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next reply other threads:[~2022-12-21 19:46 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-21 19:45 Ricardo Ribalda [this message]
2022-12-21 19:45 ` [PATCH v5 0/3] kexec: Add new parameter to limit the access to kexec Ricardo Ribalda
2022-12-21 19:45 ` [PATCH v5 1/3] Documentation: sysctl: Correct kexec_load_disabled Ricardo Ribalda
2022-12-21 19:45 ` Ricardo Ribalda
2022-12-21 19:45 ` [PATCH v5 2/3] kexec: Factor out kexec_load_permitted Ricardo Ribalda
2022-12-21 19:45 ` Ricardo Ribalda
2022-12-21 19:45 ` [PATCH v5 3/3] kexec: Introduce sysctl parameters kexec_load_limit_* Ricardo Ribalda
2022-12-21 19:45 ` Ricardo Ribalda
2022-12-22 2:49 ` Baoquan He
2022-12-22 2:49 ` Baoquan He
2023-01-01 20:08 ` Petr Tesařík
2023-01-01 20:08 ` Petr Tesařík
2023-01-02 13:21 ` Bagas Sanjaya
2023-01-02 13:21 ` Bagas Sanjaya
2022-12-21 20:09 ` [PATCH v5 0/3] kexec: Add new parameter to limit the access to kexec Steven Rostedt
2022-12-21 20:09 ` Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221114-disable-kexec-reset-v5-0-1bd37caf3c75@chromium.org \
--to=ribalda@chromium.org \
--cc=corbet@lwn.net \
--cc=ebiederm@xmission.com \
--cc=gpiccoli@igalia.com \
--cc=joel@joelfernandes.org \
--cc=kexec@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=prudo@redhat.com \
--cc=rostedt@goodmis.org \
--cc=senozhatsky@chromium.org \
--cc=zwisler@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.