Hi Simon,
On 02/02/2018 03:48 PM, Geoff Levand wrote:
> Hi,
>
> On 01/07/2018 08:26 AM, David Michael wrote:
>> As seen in GCC's gcc/config/aarch64/aarch64.c, -fPIC with large
>> code model is unsupported. This fixes the "sorry, unimplemented"
>> errors when building with compilers defaulting
The original kexec_load syscall can not verify file signatures. This
patch differentiates between the kexec_load and kexec_file_load
syscalls.
Signed-off-by: Mimi Zohar
---
security/integrity/ima/ima.h| 1 +
security/integrity/ima/ima_main.c | 9 +
In environments that require the kexec kernel image to be signed, prevent
using the kexec_load syscall. In order for LSMs and IMA to differentiate
between kexec_load and kexec_file_load syscalls, this patch set adds a
call to security_kernel_read_file() in kexec_load_check().
Signed-off-by: Mimi
Allow LSMs and IMA to differentiate between the kexec_load and
kexec_file_load syscalls by adding an "unnecessary" call to
security_kernel_read_file() in kexec_load. This would be similar to the
existing init_module syscall calling security_kernel_read_file().
Signed-off-by: Mimi Zohar
The builtin "secure_boot" policy adds IMA appraisal rules requiring kernel
modules (finit_module syscall), direct firmware load, kexec kernel image
(kexec_file_load syscall), and the IMA policy to be signed, but did not
prevent the other syscalls/methods from working. Loading an equivalent
custom
From: Bjorn Helgaas
Weak header file declarations are error-prone because they make every
definition weak, and the linker chooses one based on link order (see
10629d711ed7 ("PCI: Remove __weak annotation from pcibios_get_phb_of_node
decl")).
kernel/kexec_file.c contains a
"Weak" annotations in header files are error-prone because they make
every definition weak. Remove them from include/linux/kexec.h.
These were introduced in two separate commits, so this is in two
patches so they can be easily backported to stable kernels (some of
them date back to v4.3 and one
From: Bjorn Helgaas
Weak header file declarations are error-prone because they make every
definition weak, and the linker chooses one based on link order (see
10629d711ed7 ("PCI: Remove __weak annotation from pcibios_get_phb_of_node
decl")).
For the following functions:
Hi Akashi,
Sorry I've been sluggish on this issue,
On 05/04/18 03:42, AKASHI Takahiro wrote:
> On Mon, Apr 02, 2018 at 10:53:32AM +0900, AKASHI Takahiro wrote:
>> On Tue, Mar 27, 2018 at 02:32:49PM +0100, James Morse wrote:
>>> On 27/03/18 11:16, AKASHI Takahiro wrote:
On Tue, Mar 20, 2018