Re: [PATCH v2 3/3] kexec: extend kexec_file_load system call

From: Thiago Jung Bauermann
Date: Fri Aug 05 2016 - 16:47:07 EST

Next message: Pavel Machek: "Re: [linux-mm] Drastic increase in application memory usage with Kernel version upgrade"
Previous message: Keith Busch: "Re: NVME regression in all kernels after 4.4.x for NVME in M2 slot for laptop?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Am Dienstag, 26 Juli 2016, 21:24:29 schrieb Thiago Jung Bauermann:
> Notes:
> This is a new version of the last patch in this series which adds
> a function where each architecture can verify if the DTB is safe
> to load:
>
> int __weak arch_kexec_verify_buffer(enum kexec_file_type type,
> const void *buf,
> unsigned long size)
> {
> return -EINVAL;
> }
>
> I will then provide an implementation in my powerpc patch series
> which checks that the DTB only contains nodes and properties from a
> whitelist. arch_kexec_kernel_image_load will copy these properties
> to the device tree blob the kernel was booted with (and perform
> other changes such as setting /chosen/bootargs, of course).

Is this approach ok? If so, I'll post a patch next week adding an
arch_kexec_verify_buffer hook for powerpc to enforce the whitelist, and also
a new version of the patches implementing kexec_file_load for powerpc on top
of this series.

Eric, does this address your concerns?

--
[]'s
Thiago Jung Bauermann
IBM Linux Technology Center

Next message: Pavel Machek: "Re: [linux-mm] Drastic increase in application memory usage with Kernel version upgrade"
Previous message: Keith Busch: "Re: NVME regression in all kernels after 4.4.x for NVME in M2 slot for laptop?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]