From: "Luis R. Rodriguez"
Simplify a few of the *generic* shared dev_warn() and dev_dbg()
print messages for three reasons:
0) Historically firmware_class code was added to help
get device driver firmware binaries but these days
request_firmware*() helpers are being repurposed for
gener
On Wed, 03 Feb, at 10:53:33PM, Matt Fleming wrote:
> On Thu, 04 Feb, at 05:42:00AM, Dave Young wrote:
> >
> > On 01/27/16 at 07:20pm, Dave Young wrote:
> > > For kexec reboot the bgrt image address could contains random data because
> > > we have freed boot service areas in 1st kernel boot phase.
Hi, Matt
Thanks for the feedback.
On 02/04/16 at 10:03am, Matt Fleming wrote:
> On Wed, 03 Feb, at 10:53:33PM, Matt Fleming wrote:
> > On Thu, 04 Feb, at 05:42:00AM, Dave Young wrote:
> > >
> > > On 01/27/16 at 07:20pm, Dave Young wrote:
> > > > For kexec reboot the bgrt image address could cont
On Thu, 04 Feb, at 07:09:03PM, Dave Young wrote:
>
> Consider the original code path, maybe change it to efi_kexec_setup will
> be better to remind people? Or something else like a wraper function with
> similar name..
Possibly. I had considered adding a new efi_enabled() bit for
KEXEC_BOOT, but
On Wed, Feb 3, 2016 at 11:06 AM, Mimi Zohar wrote:
> From: "Luis R. Rodriguez"
>
> This will be re-used later through a new extensible interface.
>
> Reviewed-by: Josh Boyer
> Signed-off-by: Luis R. Rodriguez
> Signed-off-by: Mimi Zohar
Acked-by: Kees Cook
-Kees
> ---
> drivers/base/firmw
On Wed, Feb 3, 2016 at 11:06 AM, Mimi Zohar wrote:
> From: David Howells
>
> We'll be folding in some more checks on fw_read_file_contents(),
> this will make the success case easier to follow.
>
> Reviewed-by: Josh Boyer
> Signed-off-by: David Howells
> Signed-off-by: Luis R. Rodriguez
> Sign
On Wed, Feb 3, 2016 at 11:06 AM, Mimi Zohar wrote:
> For a while it was looked down upon to directly read files from Linux.
> These days there exists a few mechanisms in the kernel that do just
> this though to load a file into a local buffer. There are minor but
> important checks differences on
On Wed, Feb 3, 2016 at 11:06 AM, Mimi Zohar wrote:
> To differentiate between the kernel_read_file() callers, this patch
> defines a new enumeration named kernel_read_file_id and includes the
> caller identifier as an argument.
>
> Subsequent patches define READING_KEXEC_IMAGE, READING_KEXEC_INITR
On Wed, Feb 3, 2016 at 11:06 AM, Mimi Zohar wrote:
> This patch defines kernel_read_file_from_path(), a wrapper for the VFS
> common kernel_read_file().
>
> Changelog:
> - Separated from the IMA patch
>
> Signed-off-by: Mimi Zohar
Acked-by: Kees Cook
-Kees
> ---
> fs/exec.c | 22 +++
On Wed, Feb 3, 2016 at 11:06 AM, Mimi Zohar wrote:
> Replace the fw_read_file_contents with kernel_file_read_from_path().
>
> Although none of the upstreamed LSMs define a kernel_fw_from_file hook,
> IMA is called by the security function to prevent unsigned firmware from
> being loaded and to mea
On Wed, Feb 3, 2016 at 11:06 AM, Mimi Zohar wrote:
> The kernel_read_file security hook is called prior to reading the file
> into memory.
>
> Signed-off-by: Mimi Zohar
Acked-by: Kees Cook
-Kees
> ---
> fs/exec.c | 4
> include/linux/ima.h | 6 +++
On Wed, Feb 3, 2016 at 11:06 AM, Mimi Zohar wrote:
> This patch defines kernel_read_file_from_fd(), a wrapper for the VFS
> common kernel_read_file().
>
> Changelog:
> - Separated from the kernel modules patch
>
> Signed-off-by: Mimi Zohar
Acked-by: Kees Cook
-Kees
> ---
> fs/exec.c
On Wed, Feb 3, 2016 at 11:06 AM, Mimi Zohar wrote:
> Replace copy_module_from_fd() with kernel_read_file_from_fd().
>
> Although none of the upstreamed LSMs define a kernel_module_from_file
> hook, IMA is called, based on policy, to prevent unsigned kernel modules
> from being loaded by the origin
On Wed, Feb 3, 2016 at 11:06 AM, Mimi Zohar wrote:
> Replace copy_file_from_fd() with kernel_read_file_from_fd().
>
> Two new identifiers named READING_KEXEC_IMAGE and READING_KEXEC_INITRAMFS
> are defined for measuring, appraising or auditing the kexec image and
> initramfs.
>
> Changelog v3:
> -
On Wed, Feb 3, 2016 at 11:06 AM, Mimi Zohar wrote:
> For a while it was looked down upon to directly read files from Linux.
> These days there exists a few mechanisms in the kernel that do just this
> though to load a file into a local buffer. There are minor but important
> checks differences on
On Wed, Feb 03, 2016 at 02:06:16PM -0500, Mimi Zohar wrote:
> To differentiate between the kernel_read_file() callers, this patch
> defines a new enumeration named kernel_read_file_id and includes the
> caller identifier as an argument.
>
> Subsequent patches define READING_KEXEC_IMAGE, READING_KE
On Wed, Feb 03, 2016 at 02:06:20PM -0500, Mimi Zohar wrote:
> This patch defines kernel_read_file_from_path(), a wrapper for the VFS
> common kernel_read_file().
>
> Changelog:
> - Separated from the IMA patch
>
> Signed-off-by: Mimi Zohar
Acked-by: Luis R. Rodriguez
Luis
_
On Wed, Feb 03, 2016 at 02:06:24PM -0500, Mimi Zohar wrote:
> Replace copy_module_from_fd() with kernel_read_file_from_fd().
>
> Although none of the upstreamed LSMs define a kernel_module_from_file
> hook, IMA is called, based on policy, to prevent unsigned kernel modules
> from being loaded by t
On Wed, Feb 03, 2016 at 02:06:26PM -0500, Mimi Zohar wrote:
> Replace copy_file_from_fd() with kernel_read_file_from_fd().
>
> Two new identifiers named READING_KEXEC_IMAGE and READING_KEXEC_INITRAMFS
> are defined for measuring, appraising or auditing the kexec image and
> initramfs.
>
> Changel
On Wed, Feb 03, 2016 at 02:06:21PM -0500, Mimi Zohar wrote:
> Replace the fw_read_file_contents with kernel_file_read_from_path().
>
> Although none of the upstreamed LSMs define a kernel_fw_from_file hook,
> IMA is called by the security function to prevent unsigned firmware from
> being loaded a
On Wed, Feb 03, 2016 at 02:06:23PM -0500, Mimi Zohar wrote:
> This patch defines kernel_read_file_from_fd(), a wrapper for the VFS
> common kernel_read_file().
>
> Changelog:
> - Separated from the kernel modules patch
>
> Signed-off-by: Mimi Zohar
Acked-by: Luis R. Rodriguez
Luis
On Wed, Feb 03, 2016 at 02:06:22PM -0500, Mimi Zohar wrote:
> The kernel_read_file security hook is called prior to reading the file
> into memory.
>
> Signed-off-by: Mimi Zohar
Acked-by: Luis R. Rodriguez
Luis
___
kexec mailing list
kexec@lists.i
On Thu, Feb 04, 2016 at 09:36:50AM -0800, Kees Cook wrote:
> On Wed, Feb 3, 2016 at 11:06 AM, Mimi Zohar wrote:
> > From: David Howells
> >
> > We'll be folding in some more checks on fw_read_file_contents(),
> > this will make the success case easier to follow.
> >
> > Reviewed-by: Josh Boyer
>
This makes the error and success paths more readable while trying to
load firmware from the filesystem.
Signed-off-by: Kees Cook
Cc: Josh Boyer
Cc: David Howells
Cc: Luis R. Rodriguez
Cc: Mimi Zohar
---
Suggested as an alternative to "[PATCH v3 06/22] firmware: fold successful fw
read early"
On Thu, Feb 04, 2016 at 01:15:02PM -0800, Kees Cook wrote:
> This makes the error and success paths more readable while trying to
> load firmware from the filesystem.
>
> Signed-off-by: Kees Cook
> Cc: Josh Boyer
> Cc: David Howells
> Cc: Luis R. Rodriguez
> Cc: Mimi Zohar
Thanks,
Acked-by:
On Thu, 2016-02-04 at 23:01 +0100, Luis R. Rodriguez wrote:
> On Thu, Feb 04, 2016 at 01:15:02PM -0800, Kees Cook wrote:
> > This makes the error and success paths more readable while trying to
> > load firmware from the filesystem.
> >
> > Signed-off-by: Kees Cook
> > Cc: Josh Boyer
> > Cc: Davi
On Thu, 2016-02-04 at 10:15 -0800, Kees Cook wrote:
> On Wed, Feb 3, 2016 at 11:06 AM, Mimi Zohar wrote:
> > For a while it was looked down upon to directly read files from Linux.
> > These days there exists a few mechanisms in the kernel that do just this
> > though to load a file into a local bu
On Thu, 2016-02-04 at 20:56 +0100, Luis R. Rodriguez wrote:
> On Wed, Feb 03, 2016 at 02:06:24PM -0500, Mimi Zohar wrote:
> > Replace copy_module_from_fd() with kernel_read_file_from_fd().
> >
> > Although none of the upstreamed LSMs define a kernel_module_from_file
> > hook, IMA is called, based
On 02/04/16 at 11:56am, Matt Fleming wrote:
> On Thu, 04 Feb, at 07:09:03PM, Dave Young wrote:
> >
> > Consider the original code path, maybe change it to efi_kexec_setup will
> > be better to remind people? Or something else like a wraper function with
> > similar name..
>
> Possibly. I had con
29 matches
Mail list logo
