+++ /dev/null
-From 0d519cadf75184a24313568e7f489a7fc9b1be3b Mon Sep 17 00:00:00 2001
-From: Coiby Xu <coxu@redhat.com>
-Date: Thu, 14 Jul 2022 21:40:26 +0800
-Subject: arm64: kexec_file: use more system keyrings to verify kernel image signature
-
-From: Coiby Xu <coxu@redhat.com>
-
-commit 0d519cadf75184a24313568e7f489a7fc9b1be3b upstream.
-
-Currently, when loading a kernel image via the kexec_file_load() system
-call, arm64 can only use the .builtin_trusted_keys keyring to verify
-a signature whereas x86 can use three more keyrings i.e.
-.secondary_trusted_keys, .machine and .platform keyrings. For example,
-one resulting problem is kexec'ing a kernel image would be rejected
-with the error "Lockdown: kexec: kexec of unsigned images is restricted;
-see man kernel_lockdown.7".
-
-This patch set enables arm64 to make use of the same keyrings as x86 to
-verify the signature kexec'ed kernel image.
-
-Fixes: 732b7b93d849 ("arm64: kexec_file: add kernel signature verification support")
-Cc: stable@vger.kernel.org # 105e10e2cf1c: kexec_file: drop weak attribute from functions
-Cc: stable@vger.kernel.org # 34d5960af253: kexec: clean up arch_kexec_kernel_verify_sig
-Cc: stable@vger.kernel.org # 83b7bb2d49ae: kexec, KEYS: make the code in bzImage64_verify_sig generic
-Acked-by: Baoquan He <bhe@redhat.com>
-Cc: kexec@lists.infradead.org
-Cc: keyrings@vger.kernel.org
-Cc: linux-security-module@vger.kernel.org
-Co-developed-by: Michal Suchanek <msuchanek@suse.de>
-Signed-off-by: Michal Suchanek <msuchanek@suse.de>
-Acked-by: Will Deacon <will@kernel.org>
-Signed-off-by: Coiby Xu <coxu@redhat.com>
-Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- arch/arm64/kernel/kexec_image.c | 11 +----------
- 1 file changed, 1 insertion(+), 10 deletions(-)
-
---- a/arch/arm64/kernel/kexec_image.c
-+++ b/arch/arm64/kernel/kexec_image.c
-@@ -14,7 +14,6 @@
- #include <linux/kexec.h>
- #include <linux/pe.h>
- #include <linux/string.h>
--#include <linux/verification.h>
- #include <asm/byteorder.h>
- #include <asm/cpufeature.h>
- #include <asm/image.h>
-@@ -130,18 +129,10 @@ static void *image_load(struct kimage *i
- return NULL;
- }
-
--#ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
--static int image_verify_sig(const char *kernel, unsigned long kernel_len)
--{
-- return verify_pefile_signature(kernel, kernel_len, NULL,
-- VERIFYING_KEXEC_PE_SIGNATURE);
--}
--#endif
--
- const struct kexec_file_ops kexec_image_ops = {
- .probe = image_probe,
- .load = image_load,
- #ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
-- .verify_sig = image_verify_sig,
-+ .verify_sig = kexec_kernel_verify_pe_sig,
- #endif
- };
+++ /dev/null
-From 689a71493bd2f31c024f8c0395f85a1fd4b2138e Mon Sep 17 00:00:00 2001
-From: Coiby Xu <coxu@redhat.com>
-Date: Thu, 14 Jul 2022 21:40:24 +0800
-Subject: kexec: clean up arch_kexec_kernel_verify_sig
-
-From: Coiby Xu <coxu@redhat.com>
-
-commit 689a71493bd2f31c024f8c0395f85a1fd4b2138e upstream.
-
-Before commit 105e10e2cf1c ("kexec_file: drop weak attribute from
-functions"), there was already no arch-specific implementation
-of arch_kexec_kernel_verify_sig. With weak attribute dropped by that
-commit, arch_kexec_kernel_verify_sig is completely useless. So clean it
-up.
-
-Note later patches are dependent on this patch so it should be backported
-to the stable tree as well.
-
-Cc: stable@vger.kernel.org
-Suggested-by: Eric W. Biederman <ebiederm@xmission.com>
-Reviewed-by: Michal Suchanek <msuchanek@suse.de>
-Acked-by: Baoquan He <bhe@redhat.com>
-Signed-off-by: Coiby Xu <coxu@redhat.com>
-[zohar@linux.ibm.com: reworded patch description "Note"]
-Link: https://lore.kernel.org/linux-integrity/20220714134027.394370-1-coxu@redhat.com/
-Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- include/linux/kexec.h | 5 -----
- kernel/kexec_file.c | 33 +++++++++++++--------------------
- 2 files changed, 13 insertions(+), 25 deletions(-)
-
---- a/include/linux/kexec.h
-+++ b/include/linux/kexec.h
-@@ -206,11 +206,6 @@ static inline void *arch_kexec_kernel_im
- }
- #endif
-
--#ifdef CONFIG_KEXEC_SIG
--int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
-- unsigned long buf_len);
--#endif
--
- extern int kexec_add_buffer(struct kexec_buf *kbuf);
- int kexec_locate_mem_hole(struct kexec_buf *kbuf);
-
---- a/kernel/kexec_file.c
-+++ b/kernel/kexec_file.c
-@@ -81,24 +81,6 @@ int kexec_image_post_load_cleanup_defaul
- return image->fops->cleanup(image->image_loader_data);
- }
-
--#ifdef CONFIG_KEXEC_SIG
--static int kexec_image_verify_sig_default(struct kimage *image, void *buf,
-- unsigned long buf_len)
--{
-- if (!image->fops || !image->fops->verify_sig) {
-- pr_debug("kernel loader does not support signature verification.\n");
-- return -EKEYREJECTED;
-- }
--
-- return image->fops->verify_sig(buf, buf_len);
--}
--
--int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf, unsigned long buf_len)
--{
-- return kexec_image_verify_sig_default(image, buf, buf_len);
--}
--#endif
--
- /*
- * Free up memory used by kernel, initrd, and command line. This is temporary
- * memory allocation which is not needed any more after these buffers have
-@@ -141,13 +123,24 @@ void kimage_file_post_load_cleanup(struc
- }
-
- #ifdef CONFIG_KEXEC_SIG
-+static int kexec_image_verify_sig(struct kimage *image, void *buf,
-+ unsigned long buf_len)
-+{
-+ if (!image->fops || !image->fops->verify_sig) {
-+ pr_debug("kernel loader does not support signature verification.\n");
-+ return -EKEYREJECTED;
-+ }
-+
-+ return image->fops->verify_sig(buf, buf_len);
-+}
-+
- static int
- kimage_validate_signature(struct kimage *image)
- {
- int ret;
-
-- ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf,
-- image->kernel_buf_len);
-+ ret = kexec_image_verify_sig(image, image->kernel_buf,
-+ image->kernel_buf_len);
- if (ret) {
-
- if (sig_enforce) {
+++ /dev/null
-From c903dae8941deb55043ee46ded29e84e97cd84bb Mon Sep 17 00:00:00 2001
-From: Coiby Xu <coxu@redhat.com>
-Date: Thu, 14 Jul 2022 21:40:25 +0800
-Subject: kexec, KEYS: make the code in bzImage64_verify_sig generic
-
-From: Coiby Xu <coxu@redhat.com>
-
-commit c903dae8941deb55043ee46ded29e84e97cd84bb upstream.
-
-commit 278311e417be ("kexec, KEYS: Make use of platform keyring for
-signature verify") adds platform keyring support on x86 kexec but not
-arm64.
-
-The code in bzImage64_verify_sig uses the keys on the
-.builtin_trusted_keys, .machine, if configured and enabled,
-.secondary_trusted_keys, also if configured, and .platform keyrings
-to verify the signed kernel image as PE file.
-
-Cc: kexec@lists.infradead.org
-Cc: keyrings@vger.kernel.org
-Cc: linux-security-module@vger.kernel.org
-Reviewed-by: Michal Suchanek <msuchanek@suse.de>
-Signed-off-by: Coiby Xu <coxu@redhat.com>
-Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- arch/x86/kernel/kexec-bzimage64.c | 20 +-------------------
- include/linux/kexec.h | 7 +++++++
- kernel/kexec_file.c | 17 +++++++++++++++++
- 3 files changed, 25 insertions(+), 19 deletions(-)
-
---- a/arch/x86/kernel/kexec-bzimage64.c
-+++ b/arch/x86/kernel/kexec-bzimage64.c
-@@ -17,7 +17,6 @@
- #include <linux/kernel.h>
- #include <linux/mm.h>
- #include <linux/efi.h>
--#include <linux/verification.h>
-
- #include <asm/bootparam.h>
- #include <asm/setup.h>
-@@ -528,28 +527,11 @@ static int bzImage64_cleanup(void *loade
- return 0;
- }
-
--#ifdef CONFIG_KEXEC_BZIMAGE_VERIFY_SIG
--static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len)
--{
-- int ret;
--
-- ret = verify_pefile_signature(kernel, kernel_len,
-- VERIFY_USE_SECONDARY_KEYRING,
-- VERIFYING_KEXEC_PE_SIGNATURE);
-- if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) {
-- ret = verify_pefile_signature(kernel, kernel_len,
-- VERIFY_USE_PLATFORM_KEYRING,
-- VERIFYING_KEXEC_PE_SIGNATURE);
-- }
-- return ret;
--}
--#endif
--
- const struct kexec_file_ops kexec_bzImage64_ops = {
- .probe = bzImage64_probe,
- .load = bzImage64_load,
- .cleanup = bzImage64_cleanup,
- #ifdef CONFIG_KEXEC_BZIMAGE_VERIFY_SIG
-- .verify_sig = bzImage64_verify_sig,
-+ .verify_sig = kexec_kernel_verify_pe_sig,
- #endif
- };
---- a/include/linux/kexec.h
-+++ b/include/linux/kexec.h
-@@ -19,6 +19,7 @@
- #include <asm/io.h>
-
- #include <uapi/linux/kexec.h>
-+#include <linux/verification.h>
-
- #ifdef CONFIG_KEXEC_CORE
- #include <linux/list.h>
-@@ -206,6 +207,12 @@ static inline void *arch_kexec_kernel_im
- }
- #endif
-
-+#ifdef CONFIG_KEXEC_SIG
-+#ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION
-+int kexec_kernel_verify_pe_sig(const char *kernel, unsigned long kernel_len);
-+#endif
-+#endif
-+
- extern int kexec_add_buffer(struct kexec_buf *kbuf);
- int kexec_locate_mem_hole(struct kexec_buf *kbuf);
-
---- a/kernel/kexec_file.c
-+++ b/kernel/kexec_file.c
-@@ -123,6 +123,23 @@ void kimage_file_post_load_cleanup(struc
- }
-
- #ifdef CONFIG_KEXEC_SIG
-+#ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION
-+int kexec_kernel_verify_pe_sig(const char *kernel, unsigned long kernel_len)
-+{
-+ int ret;
-+
-+ ret = verify_pefile_signature(kernel, kernel_len,
-+ VERIFY_USE_SECONDARY_KEYRING,
-+ VERIFYING_KEXEC_PE_SIGNATURE);
-+ if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) {
-+ ret = verify_pefile_signature(kernel, kernel_len,
-+ VERIFY_USE_PLATFORM_KEYRING,
-+ VERIFYING_KEXEC_PE_SIGNATURE);
-+ }
-+ return ret;
-+}
-+#endif
-+
- static int kexec_image_verify_sig(struct kimage *image, void *buf,
- unsigned long buf_len)
- {
+++ /dev/null
-From 65d9a9a60fd71be964effb2e94747a6acb6e7015 Mon Sep 17 00:00:00 2001
-From: "Naveen N. Rao" <naveen.n.rao@linux.vnet.ibm.com>
-Date: Fri, 1 Jul 2022 13:04:04 +0530
-Subject: kexec_file: drop weak attribute from functions
-
-From: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
-
-commit 65d9a9a60fd71be964effb2e94747a6acb6e7015 upstream.
-
-As requested
-(http://lkml.kernel.org/r/87ee0q7b92.fsf@email.froward.int.ebiederm.org),
-this series converts weak functions in kexec to use the #ifdef approach.
-
-Quoting the 3e35142ef99fe ("kexec_file: drop weak attribute from
-arch_kexec_apply_relocations[_add]") changelog:
-
-: Since commit d1bcae833b32f1 ("ELF: Don't generate unused section symbols")
-: [1], binutils (v2.36+) started dropping section symbols that it thought
-: were unused. This isn't an issue in general, but with kexec_file.c, gcc
-: is placing kexec_arch_apply_relocations[_add] into a separate
-: .text.unlikely section and the section symbol ".text.unlikely" is being
-: dropped. Due to this, recordmcount is unable to find a non-weak symbol in
-: .text.unlikely to generate a relocation record against.
-
-This patch (of 2);
-
-Drop __weak attribute from functions in kexec_file.c:
-- arch_kexec_kernel_image_probe()
-- arch_kimage_file_post_load_cleanup()
-- arch_kexec_kernel_image_load()
-- arch_kexec_locate_mem_hole()
-- arch_kexec_kernel_verify_sig()
-
-arch_kexec_kernel_image_load() calls into kexec_image_load_default(), so
-drop the static attribute for the latter.
-
-arch_kexec_kernel_verify_sig() is not overridden by any architecture, so
-drop the __weak attribute.
-
-Link: https://lkml.kernel.org/r/cover.1656659357.git.naveen.n.rao@linux.vnet.ibm.com
-Link: https://lkml.kernel.org/r/2cd7ca1fe4d6bb6ca38e3283c717878388ed6788.1656659357.git.naveen.n.rao@linux.vnet.ibm.com
-Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
-Suggested-by: Eric Biederman <ebiederm@xmission.com>
-Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
-Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- arch/arm64/include/asm/kexec.h | 4 ++-
- arch/powerpc/include/asm/kexec.h | 9 +++++++
- arch/s390/include/asm/kexec.h | 3 ++
- arch/x86/include/asm/kexec.h | 6 +++++
- include/linux/kexec.h | 44 +++++++++++++++++++++++++++++++++------
- kernel/kexec_file.c | 35 +------------------------------
- 6 files changed, 61 insertions(+), 40 deletions(-)
-
---- a/arch/arm64/include/asm/kexec.h
-+++ b/arch/arm64/include/asm/kexec.h
-@@ -106,7 +106,9 @@ extern const struct kexec_file_ops kexec
-
- struct kimage;
-
--extern int arch_kimage_file_post_load_cleanup(struct kimage *image);
-+int arch_kimage_file_post_load_cleanup(struct kimage *image);
-+#define arch_kimage_file_post_load_cleanup arch_kimage_file_post_load_cleanup
-+
- extern int load_other_segments(struct kimage *image,
- unsigned long kernel_load_addr, unsigned long kernel_size,
- char *initrd, unsigned long initrd_len,
---- a/arch/powerpc/include/asm/kexec.h
-+++ b/arch/powerpc/include/asm/kexec.h
-@@ -131,6 +131,15 @@ int delete_fdt_mem_rsv(void *fdt, unsign
- #ifdef CONFIG_PPC64
- struct kexec_buf;
-
-+int arch_kexec_kernel_image_probe(struct kimage *image, void *buf, unsigned long buf_len);
-+#define arch_kexec_kernel_image_probe arch_kexec_kernel_image_probe
-+
-+int arch_kimage_file_post_load_cleanup(struct kimage *image);
-+#define arch_kimage_file_post_load_cleanup arch_kimage_file_post_load_cleanup
-+
-+int arch_kexec_locate_mem_hole(struct kexec_buf *kbuf);
-+#define arch_kexec_locate_mem_hole arch_kexec_locate_mem_hole
-+
- int load_crashdump_segments_ppc64(struct kimage *image,
- struct kexec_buf *kbuf);
- int setup_purgatory_ppc64(struct kimage *image, const void *slave_code,
---- a/arch/s390/include/asm/kexec.h
-+++ b/arch/s390/include/asm/kexec.h
-@@ -92,5 +92,8 @@ int arch_kexec_apply_relocations_add(str
- const Elf_Shdr *relsec,
- const Elf_Shdr *symtab);
- #define arch_kexec_apply_relocations_add arch_kexec_apply_relocations_add
-+
-+int arch_kimage_file_post_load_cleanup(struct kimage *image);
-+#define arch_kimage_file_post_load_cleanup arch_kimage_file_post_load_cleanup
- #endif
- #endif /*_S390_KEXEC_H */
---- a/arch/x86/include/asm/kexec.h
-+++ b/arch/x86/include/asm/kexec.h
-@@ -198,6 +198,12 @@ int arch_kexec_apply_relocations_add(str
- const Elf_Shdr *relsec,
- const Elf_Shdr *symtab);
- #define arch_kexec_apply_relocations_add arch_kexec_apply_relocations_add
-+
-+void *arch_kexec_kernel_image_load(struct kimage *image);
-+#define arch_kexec_kernel_image_load arch_kexec_kernel_image_load
-+
-+int arch_kimage_file_post_load_cleanup(struct kimage *image);
-+#define arch_kimage_file_post_load_cleanup arch_kimage_file_post_load_cleanup
- #endif
- #endif
-
---- a/include/linux/kexec.h
-+++ b/include/linux/kexec.h
-@@ -182,21 +182,53 @@ int kexec_purgatory_get_set_symbol(struc
- void *buf, unsigned int size,
- bool get_value);
- void *kexec_purgatory_get_symbol_addr(struct kimage *image, const char *name);
-+void *kexec_image_load_default(struct kimage *image);
-+
-+#ifndef arch_kexec_kernel_image_probe
-+static inline int
-+arch_kexec_kernel_image_probe(struct kimage *image, void *buf, unsigned long buf_len)
-+{
-+ return kexec_image_probe_default(image, buf, buf_len);
-+}
-+#endif
-+
-+#ifndef arch_kimage_file_post_load_cleanup
-+static inline int arch_kimage_file_post_load_cleanup(struct kimage *image)
-+{
-+ return kexec_image_post_load_cleanup_default(image);
-+}
-+#endif
-+
-+#ifndef arch_kexec_kernel_image_load
-+static inline void *arch_kexec_kernel_image_load(struct kimage *image)
-+{
-+ return kexec_image_load_default(image);
-+}
-+#endif
-
--/* Architectures may override the below functions */
--int arch_kexec_kernel_image_probe(struct kimage *image, void *buf,
-- unsigned long buf_len);
--void *arch_kexec_kernel_image_load(struct kimage *image);
--int arch_kimage_file_post_load_cleanup(struct kimage *image);
- #ifdef CONFIG_KEXEC_SIG
- int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
- unsigned long buf_len);
- #endif
--int arch_kexec_locate_mem_hole(struct kexec_buf *kbuf);
-
- extern int kexec_add_buffer(struct kexec_buf *kbuf);
- int kexec_locate_mem_hole(struct kexec_buf *kbuf);
-
-+#ifndef arch_kexec_locate_mem_hole
-+/**
-+ * arch_kexec_locate_mem_hole - Find free memory to place the segments.
-+ * @kbuf: Parameters for the memory search.
-+ *
-+ * On success, kbuf->mem will have the start address of the memory region found.
-+ *
-+ * Return: 0 on success, negative errno on error.
-+ */
-+static inline int arch_kexec_locate_mem_hole(struct kexec_buf *kbuf)
-+{
-+ return kexec_locate_mem_hole(kbuf);
-+}
-+#endif
-+
- /* Alignment required for elf header segment */
- #define ELF_CORE_HEADER_ALIGN 4096
-
---- a/kernel/kexec_file.c
-+++ b/kernel/kexec_file.c
-@@ -62,14 +62,7 @@ int kexec_image_probe_default(struct kim
- return ret;
- }
-
--/* Architectures can provide this probe function */
--int __weak arch_kexec_kernel_image_probe(struct kimage *image, void *buf,
-- unsigned long buf_len)
--{
-- return kexec_image_probe_default(image, buf, buf_len);
--}
--
--static void *kexec_image_load_default(struct kimage *image)
-+void *kexec_image_load_default(struct kimage *image)
- {
- if (!image->fops || !image->fops->load)
- return ERR_PTR(-ENOEXEC);
-@@ -80,11 +73,6 @@ static void *kexec_image_load_default(st
- image->cmdline_buf_len);
- }
-
--void * __weak arch_kexec_kernel_image_load(struct kimage *image)
--{
-- return kexec_image_load_default(image);
--}
--
- int kexec_image_post_load_cleanup_default(struct kimage *image)
- {
- if (!image->fops || !image->fops->cleanup)
-@@ -93,11 +81,6 @@ int kexec_image_post_load_cleanup_defaul
- return image->fops->cleanup(image->image_loader_data);
- }
-
--int __weak arch_kimage_file_post_load_cleanup(struct kimage *image)
--{
-- return kexec_image_post_load_cleanup_default(image);
--}
--
- #ifdef CONFIG_KEXEC_SIG
- static int kexec_image_verify_sig_default(struct kimage *image, void *buf,
- unsigned long buf_len)
-@@ -110,8 +93,7 @@ static int kexec_image_verify_sig_defaul
- return image->fops->verify_sig(buf, buf_len);
- }
-
--int __weak arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
-- unsigned long buf_len)
-+int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf, unsigned long buf_len)
- {
- return kexec_image_verify_sig_default(image, buf, buf_len);
- }
-@@ -617,19 +599,6 @@ int kexec_locate_mem_hole(struct kexec_b
- }
-
- /**
-- * arch_kexec_locate_mem_hole - Find free memory to place the segments.
-- * @kbuf: Parameters for the memory search.
-- *
-- * On success, kbuf->mem will have the start address of the memory region found.
-- *
-- * Return: 0 on success, negative errno on error.
-- */
--int __weak arch_kexec_locate_mem_hole(struct kexec_buf *kbuf)
--{
-- return kexec_locate_mem_hole(kbuf);
--}
--
--/**
- * kexec_add_buffer - place a buffer in a kexec segment
- * @kbuf: Buffer contents and memory parameters.
- *
sched-fair-fix-fault-in-reweight_entity.patch
btrfs-only-write-the-sectors-in-the-vertical-stripe-which-has-data-stripes.patch
btrfs-raid56-don-t-trust-any-cached-sector-in-__raid56_parity_recover.patch
-kexec_file-drop-weak-attribute-from-functions.patch
-kexec-clean-up-arch_kexec_kernel_verify_sig.patch
-kexec-keys-make-the-code-in-bzimage64_verify_sig-generic.patch
-arm64-kexec_file-use-more-system-keyrings-to-verify-kernel-image-signature.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
