On Tue, Mar 18, 2025 at 11:02:31PM +, Pratyush Yadav wrote:
> I suppose we can serialize all FDs when the box is sealed and get rid of
> the struct file. If kexec fails, userspace can unseal the box, and FDs
> will be deserialized into a new struct file. This way, the behaviour
> from userspac
On Tue, Mar 18 2025, Jason Gunthorpe wrote:
> On Tue, Mar 18, 2025 at 03:25:25PM +0100, Christian Brauner wrote:
>
>> > It is not really a stash, it is not keeping files, it is hardwired to
>>
>> Right now as written it is keeping references to files in these fdboxes
>> and thus functioning both
On 03/18/25 at 11:10am, Stefan Berger wrote:
>
>
> On 3/17/25 9:04 PM, steven chen wrote:
> > The name of the local variable "file" of type seq_file defined in the
> > ima_dump_measurement_list function is too generic. To better reflect the
> > purpose of the variable, rename it to "ima_kexec_fil
On Tue, Mar 18, 2025 at 09:06:58PM +, David Woodhouse wrote:
> On Tue, 2025-03-18 at 10:14 -0700, Josh Poimboeuf wrote:
> > On Tue, Mar 18, 2025 at 03:56:36PM +, David Woodhouse wrote:
> > > For the relocate_kernel() case I don't think we care much about the
> > > first. Without a CFI prolo
On Tue, 2025-03-18 at 10:14 -0700, Josh Poimboeuf wrote:
> On Tue, Mar 18, 2025 at 03:56:36PM +, David Woodhouse wrote:
> > But on the whole, I'm not sure the CFI check is worth it.
> >
> > CFI checks that the caller and callee agree about the prototype of the
> > function being called. There
On Tue, Mar 18, 2025 at 03:56:36PM +, David Woodhouse wrote:
> But on the whole, I'm not sure the CFI check is worth it.
>
> CFI checks that the caller and callee agree about the prototype of the
> function being called. There are two main benefits of this:
>
> • to protect against attacks w
On Tue, Mar 18, 2025 at 03:25:25PM +0100, Christian Brauner wrote:
> > It is not really a stash, it is not keeping files, it is hardwired to
>
> Right now as written it is keeping references to files in these fdboxes
> and thus functioning both as a crippled high-privileged fdstore and a
> serial
On Mon, 2025-03-17 at 17:24 -0700, Josh Poimboeuf wrote:
> On Mon, Mar 17, 2025 at 05:17:24PM -0700, Josh Poimboeuf wrote:
> > On Mon, Mar 17, 2025 at 12:40:14PM +, David Woodhouse wrote:
> > > On Fri, 2025-03-14 at 10:52 -0700, Josh Poimboeuf wrote:
> > > >
> > > > IIRC, the reasons were the
On 3/17/25 9:04 PM, steven chen wrote:
The name of the local variable "file" of type seq_file defined in the
ima_dump_measurement_list function is too generic. To better reflect the
purpose of the variable, rename it to "ima_kexec_file". This change will
help improve code readability and maint
