On Wed, 2016-01-20 at 15:56 -0800, Luis R. Rodriguez wrote:
> On Wed, Jan 20, 2016 at 3:39 PM, Luis R. Rodriguez wrote:
> >> @@ -350,13 +321,18 @@ static int fw_get_filesystem_firmware(struct device
> >> *device,
> >> file = filp_open(path, O_RDONLY, 0);
> >>
On Tue, 2016-01-19 at 16:10 -0800, Kees Cook wrote:
> On Mon, Jan 18, 2016 at 7:11 AM, Mimi Zohar wrote:
> > Replace fw_read_file_contents() for reading a file with the common VFS
> > kernel_read_file() function. A benefit of calling kernel_read_file()
> > to read the
On Tue, 2016-01-19 at 21:26 +0200, Dmitry Kasatkin wrote:
> On Mon, Jan 18, 2016 at 5:11 PM, Mimi Zohar wrote:
> > From: Dmitry Kasatkin
> >
> > This patch provides convenient buffer hash calculation function.
> >
> > Changelog:
> > - rewrite to
On Thu, Jan 21, 2016 at 03:53:42PM +0900, AKASHI Takahiro wrote:
> On 01/20/2016 08:49 PM, Mark Rutland wrote:
> >On Wed, Jan 20, 2016 at 03:07:53PM +0900, AKASHI Takahiro wrote:
> >>On 01/20/2016 11:49 AM, Dave Young wrote:
> >>>On 01/19/16 at 02:01pm, Mark Rutland wrote:
> On Tue, Jan 19,
On Thu, Jan 21, 2016 at 02:43:15PM +0900, AKASHI Takahiro wrote:
> On 01/20/2016 11:59 PM, Ard Biesheuvel wrote:
> >On 20 January 2016 at 13:36, Mark Rutland wrote:
> >>Ard, Ganapatrao, the below is something we need to consider for the
> >>combination of the NUMA & kexec
On Tue, 2016-01-19 at 22:00 +0200, Dmitry Kasatkin wrote:
> Hi Mimi,
>
> Please change
>
> Signed-off-by: Dmitry Kasatkin
I'll make the change here and in the other patches as well.
Mimi
___
kexec mailing list
On Wed, 2016-01-20 at 02:09 +0100, Luis R. Rodriguez wrote:
> On Mon, Jan 18, 2016 at 10:11:17AM -0500, Mimi Zohar wrote:
> > diff --git a/fs/exec.c b/fs/exec.c
> > index b06623a..6d623c2 100644
> > --- a/fs/exec.c
> > +++ b/fs/exec.c
> > @@ -831,6 +832,58 @@ int kernel_read(struct file *file,
On Thu, 2016-01-21 at 01:05 +0100, Luis R. Rodriguez wrote:
> On Mon, Jan 18, 2016 at 10:11:24AM -0500, Mimi Zohar wrote:
> > --- a/fs/exec.c
> > +++ b/fs/exec.c
> > @@ -903,6 +903,27 @@ out:
> > return ret;
> > }
> >
> > +int kernel_read_file_from_path(char *path, void **buf, loff_t *size,
On Wed, Jan 20, 2016 at 10:56:21AM +0800, Dave Young wrote:
> On 01/19/16 at 04:15pm, Geoff Levand wrote:
> > On Tue, 2016-01-19 at 20:32 +0800, Dave Young wrote:
> > > Geoff, another question about kexec-tools part is, can the kexec
> > > -tools code
> > > been written in kernel? We have the
On Thu, 2016-01-21 at 01:03 +0100, Luis R. Rodriguez wrote:
> On Mon, Jan 18, 2016 at 10:11:23AM -0500, Mimi Zohar wrote:
> > This patch replaces the module copy_module_from_fd() call with the VFS
> > common kernel_read_file_from_fd() function. Instead of reading the
> > kernel module twice, once
A general note here. It does not appear that you implement the
error recovery states in your state machine. If the system fails
in the middle of doing an IPMI operation, it is likely to fail.
If you do this you will need to detect and abort any running
operation. Implementing the full state
On Thursday, January 21, 2016 08:12:12 AM Mimi Zohar wrote:
> Paul, Casey, Kees, Jon, Tetsuo does it make sense to consolidate the
> module, firmware, and kexec pre and post security hooks and have just
> one set of pre and post security kernel_read_file hook instead? Does
> it make sense for
I understand what you are trying to accomplish here, but I'm not sure of
the wisdom of this approach. I'll give some more information and the
kexec maintainers can decide, I suppose.
The KCS interface given here probably covers ~70% of the systems out there
right now. Other systems have:
*
Hi!
On 15/01/16 19:18, Geoff Levand wrote:
> From: AKASHI Takahiro
>
> On crash dump kernel, all the information about primary kernel's core
> image is available in elf core header specified by "elfcorehdr=" boot
> parameter. reserve_elfcorehdr() will set aside the
On Thu, Jan 21, 2016 at 4:05 AM, Mimi Zohar wrote:
> On Wed, 2016-01-20 at 15:56 -0800, Luis R. Rodriguez wrote:
>> On Wed, Jan 20, 2016 at 3:39 PM, Luis R. Rodriguez wrote:
>
>> >> @@ -350,13 +321,18 @@ static int fw_get_filesystem_firmware(struct
On Thu, Jan 21, 2016 at 5:12 AM, Mimi Zohar wrote:
> On Thu, 2016-01-21 at 01:03 +0100, Luis R. Rodriguez wrote:
>> On Mon, Jan 18, 2016 at 10:11:23AM -0500, Mimi Zohar wrote:
>> > This patch replaces the module copy_module_from_fd() call with the VFS
>> > common
On Thu, Jan 21, 2016 at 3:19 PM, Mimi Zohar wrote:
> On Tue, 2016-01-19 at 22:00 +0200, Dmitry Kasatkin wrote:
>> Hi Mimi,
>>
>> Please change
>>
>> Signed-off-by: Dmitry Kasatkin
>
> I'll make the change here and in the other patches as
Linux kernel commit 054954eb051f35e74b75a566a96fe756015352c8
(xen: switch to linear virtual mapped sparse p2m list), which
appeared in 3.19, introduced linear virtual mapped sparse p2m
list. If readmem() reads p2m then it access this list using
physical addresses. Sadly, VMA to physical address
On Mon, Jan 18, 2016 at 10:11:15AM -0500, Mimi Zohar wrote:
> For a while it was looked down upon to directly read files from Linux.
> These days there exists a few mechanisms in the kernel that do just this
> though to load a file into a local buffer. There are minor but important
> checks
On Thu, 2016-01-21 at 21:16 +0100, Luis R. Rodriguez wrote:
> On Mon, Jan 18, 2016 at 10:11:15AM -0500, Mimi Zohar wrote:
> >
> > The latest version of these patches can be found in the next-kernel-read-v2
> > branch of:
> > git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
>
On Thu, 2016-01-21 at 08:56 -0800, Luis R. Rodriguez wrote:
> On Thu, Jan 21, 2016 at 5:12 AM, Mimi Zohar wrote:
> > On Thu, 2016-01-21 at 01:03 +0100, Luis R. Rodriguez wrote:
> >> On Mon, Jan 18, 2016 at 10:11:23AM -0500, Mimi Zohar wrote:
> >> > This patch replaces
On Thu, 2016-01-21 at 10:45 -0500, Paul Moore wrote:
> On Thursday, January 21, 2016 08:12:12 AM Mimi Zohar wrote:
> > Paul, Casey, Kees, Jon, Tetsuo does it make sense to consolidate the
> > module, firmware, and kexec pre and post security hooks and have just
> > one set of pre and post security
> A general note here. It does not appear that you implement the
> error recovery states in your state machine. If the system fails
> in the middle of doing an IPMI operation, it is likely to fail.
The reason why I din't implement the error handling is that
I think the error rate is low and it
On 01/21/2016 09:02 PM, Mark Rutland wrote:
On Thu, Jan 21, 2016 at 03:53:42PM +0900, AKASHI Takahiro wrote:
On 01/20/2016 08:49 PM, Mark Rutland wrote:
On Wed, Jan 20, 2016 at 03:07:53PM +0900, AKASHI Takahiro wrote:
On 01/20/2016 11:49 AM, Dave Young wrote:
On 01/19/16 at 02:01pm, Mark
24 matches
Mail list logo