Re: [RFC PATCH v2 07/11] firmware: replace call to fw_read_file_contents() with kernel version

On Wed, 2016-01-20 at 15:56 -0800, Luis R. Rodriguez wrote: > On Wed, Jan 20, 2016 at 3:39 PM, Luis R. Rodriguez wrote: > >> @@ -350,13 +321,18 @@ static int fw_get_filesystem_firmware(struct device > >> *device, > >> file = filp_open(path, O_RDONLY, 0); > >>

Re: [RFC PATCH v2 07/11] firmware: replace call to fw_read_file_contents() with kernel version

On Tue, 2016-01-19 at 16:10 -0800, Kees Cook wrote: > On Mon, Jan 18, 2016 at 7:11 AM, Mimi Zohar wrote: > > Replace fw_read_file_contents() for reading a file with the common VFS > > kernel_read_file() function. A benefit of calling kernel_read_file() > > to read the

Re: [RFC PATCH v2 03/11] ima: provide buffer hash calculation function

On Tue, 2016-01-19 at 21:26 +0200, Dmitry Kasatkin wrote: > On Mon, Jan 18, 2016 at 5:11 PM, Mimi Zohar wrote: > > From: Dmitry Kasatkin > > > > This patch provides convenient buffer hash calculation function. > > > > Changelog: > > - rewrite to

Re: [PATCH 18/19] arm64: kdump: update a kernel doc

On Thu, Jan 21, 2016 at 03:53:42PM +0900, AKASHI Takahiro wrote: > On 01/20/2016 08:49 PM, Mark Rutland wrote: > >On Wed, Jan 20, 2016 at 03:07:53PM +0900, AKASHI Takahiro wrote: > >>On 01/20/2016 11:49 AM, Dave Young wrote: > >>>On 01/19/16 at 02:01pm, Mark Rutland wrote: > On Tue, Jan 19,

Re: [PATCH 18/19] arm64: kdump: update a kernel doc

On Thu, Jan 21, 2016 at 02:43:15PM +0900, AKASHI Takahiro wrote: > On 01/20/2016 11:59 PM, Ard Biesheuvel wrote: > >On 20 January 2016 at 13:36, Mark Rutland wrote: > >>Ard, Ganapatrao, the below is something we need to consider for the > >>combination of the NUMA & kexec

Re: [RFC PATCH v2 01/11] ima: separate 'security.ima' reading functionality from collect

On Tue, 2016-01-19 at 22:00 +0200, Dmitry Kasatkin wrote: > Hi Mimi, > > Please change > > Signed-off-by: Dmitry Kasatkin I'll make the change here and in the other patches as well. Mimi ___ kexec mailing list

Re: [RFC PATCH v2 02/11] vfs: define a generic function to read a file from the kernel

On Wed, 2016-01-20 at 02:09 +0100, Luis R. Rodriguez wrote: > On Mon, Jan 18, 2016 at 10:11:17AM -0500, Mimi Zohar wrote: > > diff --git a/fs/exec.c b/fs/exec.c > > index b06623a..6d623c2 100644 > > --- a/fs/exec.c > > +++ b/fs/exec.c > > @@ -831,6 +832,58 @@ int kernel_read(struct file *file,

Re: [RFC PATCH v2 09/11] ima: load policy using path

On Thu, 2016-01-21 at 01:05 +0100, Luis R. Rodriguez wrote: > On Mon, Jan 18, 2016 at 10:11:24AM -0500, Mimi Zohar wrote: > > --- a/fs/exec.c > > +++ b/fs/exec.c > > @@ -903,6 +903,27 @@ out: > > return ret; > > } > > > > +int kernel_read_file_from_path(char *path, void **buf, loff_t *size,

Re: [PATCH 00/19] arm64 kexec kernel patches v13

On Wed, Jan 20, 2016 at 10:56:21AM +0800, Dave Young wrote: > On 01/19/16 at 04:15pm, Geoff Levand wrote: > > On Tue, 2016-01-19 at 20:32 +0800, Dave Young wrote: > > > Geoff, another question about kexec-tools part is, can the kexec > > > -tools code > > > been written in kernel? We have the

Re: [RFC PATCH v2 08/11] module: replace copy_module_from_fd with kernel version

On Thu, 2016-01-21 at 01:03 +0100, Luis R. Rodriguez wrote: > On Mon, Jan 18, 2016 at 10:11:23AM -0500, Mimi Zohar wrote: > > This patch replaces the module copy_module_from_fd() call with the VFS > > common kernel_read_file_from_fd() function. Instead of reading the > > kernel module twice, once

Re: [RFC PATCH 1/4] purgatory/ipmi: Support BMC watchdog timer start/stop in purgatory

A general note here. It does not appear that you implement the error recovery states in your state machine. If the system fails in the middle of doing an IPMI operation, it is likely to fail. If you do this you will need to detect and abort any running operation. Implementing the full state

Re: [RFC PATCH v2 08/11] module: replace copy_module_from_fd with kernel version

On Thursday, January 21, 2016 08:12:12 AM Mimi Zohar wrote: > Paul, Casey, Kees, Jon, Tetsuo does it make sense to consolidate the > module, firmware, and kexec pre and post security hooks and have just > one set of pre and post security kernel_read_file hook instead? Does > it make sense for

Re: [RFC PATCH 0/4] purgatory: Add basic support for IPMI command execution

I understand what you are trying to accomplish here, but I'm not sure of the wisdom of this approach. I'll give some more information and the kexec maintainers can decide, I suppose. The KCS interface given here probably covers ~70% of the systems out there right now. Other systems have: *

Re: [PATCH 16/19] arm64: kdump: add kdump support

Hi! On 15/01/16 19:18, Geoff Levand wrote: > From: AKASHI Takahiro > > On crash dump kernel, all the information about primary kernel's core > image is available in elf core header specified by "elfcorehdr=" boot > parameter. reserve_elfcorehdr() will set aside the

Re: [RFC PATCH v2 07/11] firmware: replace call to fw_read_file_contents() with kernel version

On Thu, Jan 21, 2016 at 4:05 AM, Mimi Zohar wrote: > On Wed, 2016-01-20 at 15:56 -0800, Luis R. Rodriguez wrote: >> On Wed, Jan 20, 2016 at 3:39 PM, Luis R. Rodriguez wrote: > >> >> @@ -350,13 +321,18 @@ static int fw_get_filesystem_firmware(struct

Re: [RFC PATCH v2 08/11] module: replace copy_module_from_fd with kernel version

On Thu, Jan 21, 2016 at 5:12 AM, Mimi Zohar wrote: > On Thu, 2016-01-21 at 01:03 +0100, Luis R. Rodriguez wrote: >> On Mon, Jan 18, 2016 at 10:11:23AM -0500, Mimi Zohar wrote: >> > This patch replaces the module copy_module_from_fd() call with the VFS >> > common

Re: [RFC PATCH v2 01/11] ima: separate 'security.ima' reading functionality from collect

On Thu, Jan 21, 2016 at 3:19 PM, Mimi Zohar wrote: > On Tue, 2016-01-19 at 22:00 +0200, Dmitry Kasatkin wrote: >> Hi Mimi, >> >> Please change >> >> Signed-off-by: Dmitry Kasatkin > > I'll make the change here and in the other patches as

[PATCH] xen: Add support for dom0 with Linux kernel 3.19 and newer

Linux kernel commit 054954eb051f35e74b75a566a96fe756015352c8 (xen: switch to linear virtual mapped sparse p2m list), which appeared in 3.19, introduced linear virtual mapped sparse p2m list. If readmem() reads p2m then it access this list using physical addresses. Sadly, VMA to physical address

Re: [RFC PATCH v2 00/11] vfss: support for a common kernel file loader

On Mon, Jan 18, 2016 at 10:11:15AM -0500, Mimi Zohar wrote: > For a while it was looked down upon to directly read files from Linux. > These days there exists a few mechanisms in the kernel that do just this > though to load a file into a local buffer. There are minor but important > checks

Re: [RFC PATCH v2 00/11] vfss: support for a common kernel file loader

On Thu, 2016-01-21 at 21:16 +0100, Luis R. Rodriguez wrote: > On Mon, Jan 18, 2016 at 10:11:15AM -0500, Mimi Zohar wrote: > > > > The latest version of these patches can be found in the next-kernel-read-v2 > > branch of: > > git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git >

Re: [RFC PATCH v2 08/11] module: replace copy_module_from_fd with kernel version

On Thu, 2016-01-21 at 08:56 -0800, Luis R. Rodriguez wrote: > On Thu, Jan 21, 2016 at 5:12 AM, Mimi Zohar wrote: > > On Thu, 2016-01-21 at 01:03 +0100, Luis R. Rodriguez wrote: > >> On Mon, Jan 18, 2016 at 10:11:23AM -0500, Mimi Zohar wrote: > >> > This patch replaces

Re: [RFC PATCH v2 08/11] module: replace copy_module_from_fd with kernel version

On Thu, 2016-01-21 at 10:45 -0500, Paul Moore wrote: > On Thursday, January 21, 2016 08:12:12 AM Mimi Zohar wrote: > > Paul, Casey, Kees, Jon, Tetsuo does it make sense to consolidate the > > module, firmware, and kexec pre and post security hooks and have just > > one set of pre and post security

RE: [RFC PATCH 1/4] purgatory/ipmi: Support BMC watchdog timer start/stop in purgatory

> A general note here. It does not appear that you implement the > error recovery states in your state machine. If the system fails > in the middle of doing an IPMI operation, it is likely to fail. The reason why I din't implement the error handling is that I think the error rate is low and it

Re: [PATCH 18/19] arm64: kdump: update a kernel doc

On 01/21/2016 09:02 PM, Mark Rutland wrote: On Thu, Jan 21, 2016 at 03:53:42PM +0900, AKASHI Takahiro wrote: On 01/20/2016 08:49 PM, Mark Rutland wrote: On Wed, Jan 20, 2016 at 03:07:53PM +0900, AKASHI Takahiro wrote: On 01/20/2016 11:49 AM, Dave Young wrote: On 01/19/16 at 02:01pm, Mark