Re: [PATCH] arm64: Set -fno-PIC along with -mcmodel=large

Hi Simon, On 02/02/2018 03:48 PM, Geoff Levand wrote: > Hi, > > On 01/07/2018 08:26 AM, David Michael wrote: >> As seen in GCC's gcc/config/aarch64/aarch64.c, -fPIC with large >> code model is unsupported. This fixes the "sorry, unimplemented" >> errors when building with compilers defaulting

[PATCH 3/3] ima: based on policy require signed kexec kernel images

The original kexec_load syscall can not verify file signatures. This patch differentiates between the kexec_load and kexec_file_load syscalls. Signed-off-by: Mimi Zohar --- security/integrity/ima/ima.h| 1 + security/integrity/ima/ima_main.c | 9 +

[PATCH 0/3] kexec: limit kexec_load syscall

In environments that require the kexec kernel image to be signed, prevent using the kexec_load syscall. In order for LSMs and IMA to differentiate between kexec_load and kexec_file_load syscalls, this patch set adds a call to security_kernel_read_file() in kexec_load_check(). Signed-off-by: Mimi

[PATCH 2/3] kexec: call LSM hook for kexec_load syscall

Allow LSMs and IMA to differentiate between the kexec_load and kexec_file_load syscalls by adding an "unnecessary" call to security_kernel_read_file() in kexec_load. This would be similar to the existing init_module syscall calling security_kernel_read_file(). Signed-off-by: Mimi Zohar

[PATCH 1/3] ima: based on the "secure_boot" policy limit syscalls

The builtin "secure_boot" policy adds IMA appraisal rules requiring kernel modules (finit_module syscall), direct firmware load, kexec kernel image (kexec_file_load syscall), and the IMA policy to be signed, but did not prevent the other syscalls/methods from working. Loading an equivalent custom

[PATCH v1 2/2] kexec: Remove "weak" from arch_kexec_walk_mem() declaration

From: Bjorn Helgaas Weak header file declarations are error-prone because they make every definition weak, and the linker chooses one based on link order (see 10629d711ed7 ("PCI: Remove __weak annotation from pcibios_get_phb_of_node decl")). kernel/kexec_file.c contains a

[PATCH v1 0/2] kexec: Remove "weak" annotations from headers

"Weak" annotations in header files are error-prone because they make every definition weak. Remove them from include/linux/kexec.h. These were introduced in two separate commits, so this is in two patches so they can be easily backported to stable kernels (some of them date back to v4.3 and one

[PATCH v1 1/2] kexec: Remove "weak" from kexec_file function declarations

From: Bjorn Helgaas Weak header file declarations are error-prone because they make every definition weak, and the linker chooses one based on link order (see 10629d711ed7 ("PCI: Remove __weak annotation from pcibios_get_phb_of_node decl")). For the following functions:

Re: [RFC] arm64: extra entries in /proc/iomem for kexec

Hi Akashi, Sorry I've been sluggish on this issue, On 05/04/18 03:42, AKASHI Takahiro wrote: > On Mon, Apr 02, 2018 at 10:53:32AM +0900, AKASHI Takahiro wrote: >> On Tue, Mar 27, 2018 at 02:32:49PM +0100, James Morse wrote: >>> On 27/03/18 11:16, AKASHI Takahiro wrote: On Tue, Mar 20, 2018