[PATCH v3 0/7] Appended signatures support for IMA appraisal

yring_from_id function. - Put modsig to measurement list if the template requires the signature contents. (suggested by Mimi). Thiago Jung Bauermann (7): integrity: Introduce struct evm_hmac_xattr MODSIGN: Export module signature definitions. PKCS#7: Introduce verify_pkcs7_message_sig

Re: [PATCH v2 6/6] ima: Support module-style appended signatures for appraisal

Mimi Zohar <zo...@linux.vnet.ibm.com> writes: > On Wed, 2017-06-21 at 14:45 -0300, Thiago Jung Bauermann wrote: >> Mimi Zohar <zo...@linux.vnet.ibm.com> writes: >> > On Wed, 2017-06-07 at 22:49 -0300, Thiago Jung Bauermann wrote: >> >> @@ -267,11 +2

Re: [v3, 1/8] powerpc/perf/hv-24x7: Fix passing of catalog version number

Michael Ellerman <patch-notificati...@ellerman.id.au> writes: > On Thu, 2017-06-29 at 21:55:31 UTC, Thiago Jung Bauermann wrote: >> H_GET_24X7_CATALOG_PAGE needs to be passed the version number obtained from >> the first catalog page obtained previously. Th

[PATCH v3 8/8] powerpc/perf/hv-24x7: Aggregate result elements on POWER9 SMT8

On POWER9 SMT8 the 24x7 API returns two result elements for physical core and virtual CPU events and we need to add their counts to get the final result. Reviewed-by: Sukadev Bhattiprolu <suka...@linux.vnet.ibm.com> Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com&g

[PATCH v3 7/8] powerpc/perf/hv-24x7: Support v2 of the hypervisor API

POWER9 introduces a new version of the hypervisor API to access the 24x7 perf counters. The new version changed some of the structures used for requests and results. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/perf/hv-24x7.c

[PATCH v3 6/8] powerpc/perf/hv-24x7: Minor improvements

of a semicolon. Fix it. In hv-24x7.h, improve comments in struct hv_24x7_result. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/perf/hv-24x7.c | 9 - arch/powerpc/perf/hv-24x7.h | 11 ++- 2 files changed, 14 insertions(+), 6 deletions(-)

[PATCH v3 5/8] powerpc/perf/hv-24x7: Fix return value of hcalls

single_24x7_request, so there's no need to store it. Reviewed-by: Sukadev Bhattiprolu <suka...@linux.vnet.ibm.com> Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/perf/hv-24x7.c | 28 +--- 1 file changed, 13 insertions(+),

[PATCH v3 4/8] powerpc-perf/hx-24x7: Don't log failed hcall twice

Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/perf/hv-24x7.c | 35 --- 1 file changed, 12 insertions(+), 23 deletions(-) diff --git a/arch/powerpc/perf/hv-24x7.c b/arch/powerpc/perf/hv-24x7.c index 8b1a3e849d23..111c61e

[PATCH v3 3/8] powerpc/perf/hv-24x7: Properly iterate through results

t each result has only one result element, so warn if that assumption is violated. Reviewed-by: Sukadev Bhattiprolu <suka...@linux.vnet.ibm.com> Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/perf/hv-24x7.c | 32 +++-

[PATCH v3 2/8] powerpc/perf/hv-24x7: Fix off-by-one error in request_buffer check

rolu <suka...@linux.vnet.ibm.com> Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/perf/hv-24x7.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/powerpc/perf/hv-24x7.c b/arch/powerpc/perf/hv-24x7.c index 1354cde7095c..141de0f7

[PATCH v3 1/8] powerpc/perf/hv-24x7: Fix passing of catalog version number

rolu <suka...@linux.vnet.ibm.com> Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/perf/hv-24x7.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/powerpc/perf/hv-24x7.c b/arch/powerpc/perf/hv-24x7.c index 7b2ca16b1eb

[PATCH v3 0/8] Support for 24x7 hcall interface version 2

il out if any result has an error (suggested by Sukadev). Thiago Jung Bauermann (8): powerpc/perf/hv-24x7: Fix passing of catalog version number powerpc/perf/hv-24x7: Fix off-by-one error in request_buffer check powerpc/perf/hv-24x7: Properly iterate through results powerpc-perf/hx-24x7: Don't log

[PATCH v2 8/8] powerpc/perf/hv-24x7: Aggregate result elements on POWER9 SMT8

On POWER9 SMT8 the 24x7 API returns two result elements for physical core and virtual CPU events and we need to add their counts to get the final result. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/perf/hv-24x7.

[PATCH v2 7/8] powerpc/perf/hv-24x7: Support v2 of the hypervisor API

POWER9 introduces a new version of the hypervisor API to access the 24x7 perf counters. The new version changed some of the structures used for requests and results. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/perf/hv-24x7.c

[PATCH v2 6/8] powerpc/perf/hv-24x7: Minor improvements

of a semicolon. Fix it. In hv-24x7.h, improve comments in struct hv_24x7_result. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/perf/hv-24x7.c | 9 - arch/powerpc/perf/hv-24x7.h | 11 ++- 2 files changed, 14 insertions(+), 6 deletions(-)

[PATCH v2 5/8] powerpc/perf/hv-24x7: Fix return value of hcalls

single_24x7_request, so there's no need to store it. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/perf/hv-24x7.c | 28 +--- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/arch/powerpc/perf/hv-24x7.c b/arch/powerpc/p

[PATCH v2 4/8] powerpc-perf/hx-24x7: Don't log failed hcall twice

make_24x7_request already calls log_24x7_hcall if it fails, so callers don't have to do it again. In fact, since the latter is now only called from the former, there's no need for a separate log_24x7_hcall anymore so remove it. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.

[PATCH v2 3/8] powerpc/perf/hv-24x7: Properly iterate through results

t each result has only one result element, so warn if that assumption is violated. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/perf/hv-24x7.c | 32 +++- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/arch/pow

[PATCH v2 2/8] powerpc/perf/hv-24x7: Fix off-by-one error in request_buffer check

request_buffer can hold 254 requests, so if it already has that number of entries we can't add a new one. Also, define constant to show where the number comes from. Fixes: e3ee15dc5d19 ("powerpc/perf/hv-24x7: Define add_event_to_24x7_request()") Signed-off-by: Thiago Jung Bauerm

[PATCH v2 1/8] powerpc/perf/hv-24x7: Fix passing of catalog version number

because the hypervisor doesn't recognize the version. This patch also adds the hcall return code to the error message, which is helpful when debugging the problem. Fixes: 5c5cd7b50259 ("powerpc/perf/hv-24x7: parse catalog and populate sysfs with events") Signed-off-by: Thiago Jung Bauerm

[PATCH v2 0/8] Support for 24x7 hcall interface version 2

ext result in get_count_from_result if there's more than one result element. - Changed h_24x7_event_commit_txn to bail out if any result has an error (suggested by Sukadev). Thiago Jung Bauermann (8): powerpc/perf/hv-24x7: Fix passing of catalog version number powerpc/perf/hv-24x7: Fix off-by

Re: [PATCH 0/8] Support for 24x7 hcall interface version 2

Michael Ellerman <m...@ellerman.id.au> writes: > Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> writes: >> The hypervisor interface to access 24x7 performance counters (which collect >> performance information from system power on to system power off) has been &

Re: [PATCH] powerpc: Only obtain cpu_hotplug_lock if called by rtasd

Michael Ellerman <m...@ellerman.id.au> writes: > Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> writes: > >> Michael Ellerman <m...@ellerman.id.au> writes: >>> Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> writes: >>> >>

Re: [PATCH] powerpc: Only obtain cpu_hotplug_lock if called by rtasd

Michael Ellerman <m...@ellerman.id.au> writes: > Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> writes: > >> Calling arch_update_cpu_topology from a CPU hotplug state machine callback >> hits a deadlock because the function tries to get a read lock on >&

Re: [PATCH v2 6/6] ima: Support module-style appended signatures for appraisal

Hello Mimi, Thanks for your review, and for queuing the other patches in this series. Mimi Zohar <zo...@linux.vnet.ibm.com> writes: > On Wed, 2017-06-07 at 22:49 -0300, Thiago Jung Bauermann wrote: >> This patch introduces the modsig keyword to the IMA policy syntax to >>

[PATCH] powerpc: Only obtain cpu_hotplug_lock if called by rtasd

://patchwork.ozlabs.org/patch/771293/ Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- Notes: This patch applies on tip/smp/hotplug, it should probably be carried there. arch/powerpc/include/asm/topology.h | 6 ++ arch/powerpc/kernel/rtasd.c | 2 +- arch/p

Re: [PATCH 7/8] powerpc/perf/hv-24x7: Support v2 of the hypervisor API

Hello Suka, Thanks for your review! Sukadev Bhattiprolu <suka...@linux.vnet.ibm.com> writes: > Thiago Jung Bauermann [bauer...@linux.vnet.ibm.com] wrote: >> @@ -166,9 +174,12 @@ DEFINE_PER_CPU(struct hv_24x7_hw, hv_24x7_hw); >> DEFINE_PER_CPU(char, hv_24x7_reqb[H

Re: [PATCH v2 0/6] Appended signatures support for IMA appraisal

Michael Ellerman <m...@ellerman.id.au> writes: > Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> writes: > >> On the OpenPOWER platform, secure boot and trusted boot are being >> implemented using IMA for taking measurements and verifying signatures. >

[PATCH v2 1/6] integrity: Small code improvements

-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- security/integrity/digsig_asymmetric.c | 4 ++-- security/integrity/iint.c | 2 +- security/integrity/ima/ima.h | 2 +- security/integrity/ima/ima_appraise.c | 1 + security/integrity/ima/ima_policy.c

[PATCH v2 6/6] ima: Support module-style appended signatures for appraisal

GRITY_SIGNATURE to select CONFIG_KEYS instead of depending on it is to avoid a dependency recursion in CONFIG_IMA_APPRAISE_MODSIG, because CONFIG_MODULE_SIG_FORMAT selects CONFIG_KEYS and Kconfig complains that CONFIG_INTEGRITY_SIGNATURE depends on it. Signed-off-by: Thiago Jung Bauermann <bauer...@lin

[PATCH v2 5/6] MODSIGN: Export module signature definitions.

of the raw bytes that verify_pkcs7_signature takes. Finally, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it and be able to use validate_module_signature without having to depend on CONFIG_MODULE_SIG. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> ---

[PATCH v2 4/6] integrity: Introduce struct evm_hmac_xattr

ata, since in most places the array doesn't hold a digest. A separate struct evm_hmac_xattr is introduced, with the original definition of evm_ima_xattr_data to be used in the places that actually expect that definition. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- se

[PATCH v2 3/6] ima: Log the same audit cause whenever a file has no signature

If the file doesn't have an xattr, ima_appraise_measurement sets cause to "missing-hash" while if there's an xattr but it's a digest instead of a signature it sets cause to "IMA-signature-required". Fix it by setting cause to "IMA-signature-required" in both case

[PATCH v2 2/6] ima: Simplify policy_func_show.

they are always in sync (suggested by Mimi Zohar). Finally, by using the printf pattern for the function token directly instead of using the pt macro we can simplify policy_func_show even further and avoid needing a temporary buffer. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.

[PATCH v2 0/6] Appended signatures support for IMA appraisal

function. - Put modsig to measurement list if the template requires the signature contents. (suggested by Mimi). Thiago Jung Bauermann (6): integrity: Small code improvements ima: Simplify policy_func_show. ima: Log the same audit cause whenever a file has no signature integrity: Introduc

[PATCH 8/8] powerpc/perf/hv-24x7: Aggregate result elements on POWER9 SMT8

On POWER9 SMT8 the 24x7 API returns two result elements for physical core and virtual CPU events and we need to add their counts to get the final result. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/perf/hv-24x7.

[PATCH 6/8] powerpc/perf/hv-24x7: Minor improvements

of a semicolon. Fix it. In hv-24x7.h, improve comments in struct hv_24x7_result. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/perf/hv-24x7.c | 9 - arch/powerpc/perf/hv-24x7.h | 11 ++- 2 files changed, 14 insertions(+), 6 deletions(-)

[PATCH 4/8] powerpc-perf/hx-24x7: Don't log failed hcall twice

make_24x7_request already calls log_24x7_hcall if it fails, so callers don't have to do it again. In fact, since the latter is now only called from the former, there's no need for a separate log_24x7_hcall anymore so remove it. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.

[PATCH 7/8] powerpc/perf/hv-24x7: Support v2 of the hypervisor API

POWER9 introduces a new version of the hypervisor API to access the 24x7 perf counters. The new version changed some of the structures used for requests and results. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/perf/hv-24x7.c

[PATCH 2/8] powerpc/perf/hv-24x7: Fix off-by-one error in request_buffer check

request_buffer can hold 254 requests, so if it already has that number of entries we can't add a new one. Also, define constant to show where the number comes from. Fixes: e3ee15dc5d19 ("powerpc/perf/hv-24x7: Define add_event_to_24x7_request()") Signed-off-by: Thiago Jung Bauerm

[PATCH 5/8] powerpc/perf/hv-24x7: Fix return value of hcalls

single_24x7_request, so there's no need to store it. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/perf/hv-24x7.c | 28 +--- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/arch/powerpc/perf/hv-24x7.c b/arch/powerpc/p

[PATCH 3/8] powerpc/perf/hv-24x7: Properly iterate through results

t each result has only one result element, so warn if that assumption is violated. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/perf/hv-24x7.c | 32 +++- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/arch/pow

[PATCH 1/8] powerpc/perf/hv-24x7: Fix passing of catalog version number

because the hypervisor doesn't recognize the version. This patch also adds the hcall return code to the error message, which is helpful when debugging the problem. Fixes: 5c5cd7b50259 ("powerpc/perf/hv-24x7: parse catalog and populate sysfs with events") Signed-off-by: Thiago Jung Bauerm

[PATCH 0/8] Support for 24x7 hcall interface version 2

of the interface, while POWER9 systems only support version 2. I tested these patches on POWER8 to verify that there are no regressions, and also on POWER9 DD1. Thiago Jung Bauermann (8): powerpc/perf/hv-24x7: Fix passing of catalog version number powerpc/perf/hv-24x7: Fix off-by-one error

[PATCH] powerpc/perf/hv-24x7: Fix off-by-one error in request_buffer check

request_buffer can hold 254 requests, so if it already has that number of entries we can't add a new one. Also, define constant to show where the number comes from. Fixes: e3ee15dc5d19 ("powerpc/perf/hv-24x7: Define add_event_to_24x7_request()") Signed-off-by: Thiago Jung Bauerm

Re: [RFC] powerpc/pseries: Increase busy loop in pseries_cpu_die

Am Dienstag, 7. Februar 2017, 08:26:45 BRST schrieb Balbir Singh: > On Mon, Feb 06, 2017 at 04:58:16PM -0200, Thiago Jung Bauermann wrote: > > [ 447.714064] Querying DEAD? cpu 134 (134) shows 2 > > cpu 0x86: Vector: 300 (Data Access) at [c7b0fd40] > > > &g

[RFC] powerpc/pseries: Increase busy loop in pseries_cpu_die

in commit 940ce422a367 ("powerpc/pseries: Increase cpu die timeout"), so it's not as lame as it sounds. :-) Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- Notes: A solution that is probably better is to have pseries_cpu_die wait on a per-CPU semaphore at the

Re: [PATCH 2/2] powerpc/pseries: Dynamically increase RMA size

or 20% could make the host automatically allocate an adequate RMA size in the first boot. -- Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH v11 0/8] powerpc: Implement kexec_file_load()

Young (since forever), and have been in > > linux-next (via akpm's tree) also for a long time. > > OK, I'll wait for these to appear in -next and I will await advice on Mimi and I would like to thank you for your support and help with these patches, Andrew. -- Thiago Jung Bauermann IBM Linux Technology Center

Re: linux-next: build failure after merge of the akpm-current tree

inker' > > Caused by patch > > "powerpc: add purgatory for kexec_file_load implementation" > Sorry about that. --no-dynamic-linker was added in binutils 2.26. The patch below fixes the problem. -- Thiago Jung Bauermann IBM Linux Technology Center diff --git a/arc

Re: [PATCH v10 04/10] kexec_file: Add support for purgatory built as PIE.

Am Mittwoch, 23. November 2016, 09:32:58 BRST schrieb Dave Young: > On 11/22/16 at 11:44am, Thiago Jung Bauermann wrote: > > Am Dienstag, 22. November 2016, 17:01:10 BRST schrieb Michael Ellerman: > > > Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> writes: > >

Re: [PATCH v10 04/10] kexec_file: Add support for purgatory built as PIE.

Am Dienstag, 22. November 2016, 17:01:10 BRST schrieb Michael Ellerman: > Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> writes: > > Am Sonntag, 20. November 2016, 10:45:46 BRST schrieb Dave Young: > >> On 11/10/16 at 01:27am, Thiago Jung Bauermann wrote: > >>

Re: [PATCH v10 04/10] kexec_file: Add support for purgatory built as PIE.

Hello Dave, Thanks for your review. Am Sonntag, 20. November 2016, 10:45:46 BRST schrieb Dave Young: > On 11/10/16 at 01:27am, Thiago Jung Bauermann wrote: > > powerpc's purgatory.ro has 12 relocation types when built as > > a relocatable object. To implement support fo

[PATCH v10 10/10] powerpc: Enable CONFIG_KEXEC_FILE in powerpc server defconfigs.

Enable CONFIG_KEXEC_FILE in powernv_defconfig, ppc64_defconfig and pseries_defconfig. It depends on CONFIG_CRYPTO_SHA256=y, so add that as well. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/configs/powernv_defconfig | 2 ++ arch/powerpc/c

[PATCH v10 09/10] powerpc: Add purgatory for kexec_file_load implementation.

nitialized to zero. It doesn't matter what their initial value is, because they will be set by the kernel when preparing the kexec image. Finally, some checkpatch.pl warnings were fixed. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/

[PATCH v10 08/10] powerpc: Add support for loading ELF kernels with kexec_file_load.

: coding-style fixes] Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> Signed-off-by: Andrew Morton <a...@linux-foundation.org> --- arch/powerpc/include/asm/kexec.h| 12 ++ arch/powerpc/kernel/Makefile| 3 +- arch/powerpc/kernel/ke

[PATCH v10 07/10] powerpc: Add functions to read ELF files of any endianness.

the ELF structs. These functions will be used in the next patch in the series. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/include/asm/elf_util.h | 43 arch/powerpc/kernel/Makefile| 2 +- arch/powerpc/kernel/elf_util.c

[PATCH v10 06/10] powerpc: Implement kexec_file_load.

Add arch-specific functions needed by the generic kexec_file code. Signed-off-by: Josh Sklar <sk...@linux.vnet.ibm.com> Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/Kconfig| 14 ++ arch/powerpc/include/asm/systbl.h

[PATCH v10 05/10] powerpc: Change places using CONFIG_KEXEC to use CONFIG_KEXEC_CORE instead.

RE instead, since kexec_file_load also needs that code compiled in. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/Kconfig | 2 +- arch/powerpc/include/asm/debug.h | 2 +- arch/powerpc/include/asm/kexec.h

[PATCH v10 04/10] kexec_file: Add support for purgatory built as PIE.

Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/Kconfig | 11 ++ include/linux/kexec.h | 4 + kernel/kexec_file.c | 314 ++ 3 files changed, 253 insertions(+), 76 deletions(-) diff --git a/arch/Kconfig b/arch/K

[PATCH v10 03/10] kexec_file: Factor out kexec_locate_mem_hole from kexec_add_buffer.

kexec_locate_mem_hole will be used by the PowerPC kexec_file_load implementation to find free memory for the purgatory stack. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> Acked-by: Dave Young <dyo...@redhat.com> --- include/linux/kexec.h | 1 + kernel/kexec_f

[PATCH v10 02/10] kexec_file: Change kexec_add_buffer to take kexec_buf as argument.

existing casts to char * in the code. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> Acked-by: Dave Young <dyo...@redhat.com> Acked-by: Balbir Singh <bsinghar...@gmail.com> --- arch/x86/kernel/crash.c | 37 arch/x86/kernel/kexe

[PATCH v10 01/10] kexec_file: Allow arch-specific memory walking for kexec_add_buffer

Allow architectures to specify a different memory walking function for kexec_add_buffer. x86 uses iomem to track reserved memory ranges, but PowerPC uses the memblock subsystem. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> Acked-by: Dave Young <dyo...@redhat.c

[PATCH v10 00/10] kexec_file_load implementation for PowerPC

_load." - Don't pass the offset to /chosen to find_debug_console. - Patch "powerpc: Allow userspace to set device tree properties in kexec_file_load" - Dropped patch. - Patch "powerpc: Add purgatory for kexec_file_load implementation." - Make boot/string.S u

Re: [RFC] kexec_file: Add support for purgatory built as PIE

Hello Eric, Am Freitag, 4. November 2016, 10:13:39 BRST schrieb Eric W. Biederman: > Baoquan He <b...@redhat.com> writes: > > On 11/02/16 at 04:00am, Thiago Jung Bauermann wrote: > >> Hello, > >> > >> The kexec_file code currently builds the purgatory a

Re: [RFC] kexec_file: Add support for purgatory built as PIE

Hello Baoquan, Am Freitag, 4. November 2016, 15:38:40 BRST schrieb Baoquan He: > On 11/02/16 at 04:00am, Thiago Jung Bauermann wrote: > > Hello, > > > > The kexec_file code currently builds the purgatory as a partially linked > > object (using ld -r). Is there

[RFC] kexec_file: Add support for purgatory built as PIE

be refined a bit. Would you accept a change along these lines? Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/Kconfig| 3 + kernel/kexec_file.c | 159 ++-- kernel/kexec_internal.h | 26 3

[PATCH v6 10/10] ima: platform-independent hash value

From: Andreas Steffen For remote attestion it is important for the ima measurement values to be platform-independent. Therefore integer fields to be hashed must be converted to canonical format. Changelog: - Define canonical format as little endian (Mimi)

[PATCH v6 09/10] ima: define a canonical binary_runtime_measurements list format

From: Mimi Zohar The IMA binary_runtime_measurements list is currently in platform native format. To allow restoring a measurement list carried across kexec with a different endianness than the targeted kernel, this patch defines little-endian as the canonical format.

[PATCH v6 08/10] ima: support restoring multiple template formats

From: Mimi Zohar The configured IMA measurement list template format can be replaced at runtime on the boot command line, including a custom template format. This patch adds support for restoring a measuremement list containing multiple builtin/custom template formats.

[PATCH v6 07/10] ima: store the builtin/custom template definitions in a list

From: Mimi Zohar The builtin and single custom templates are currently stored in an array. In preparation for being able to restore a measurement list containing multiple builtin/custom templates, this patch stores the builtin and custom templates as a linked list.

[PATCH v6 06/10] ima: on soft reboot, save the measurement list

ot notifier once Changelog v1: - updated to call IMA functions (Mimi) - move code from ima_template.c to ima_kexec.c (Mimi) Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Acked-by: "Eric W. Biederman"

[PATCH v6 05/10] powerpc: ima: Send the kexec buffer to the next kernel

CONFIG_IMA_KEXEC to build this code only when necessary. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> Acked-by: "Eric W. Biederman" <ebied...@xmission.com> --- arch/powerpc/include/asm/ima.h | 16 + arch/powerpc/include/asm/kexec.h

[PATCH v6 01/10] powerpc: ima: Get the kexec buffer passed by the previous kernel

}. - Use #address-cells and #size-cells to read the DT property. - Use size_t instead of unsigned long for size arguments. - Always remove linux,ima-kexec-buffer and its memory reservation when preparing a device tree for kexec_file_load. Signed-off-by: Thiago Jung Bauermann <ba

[PATCH v6 04/10] ima: maintain memory size needed for serializing the measurement list

From: Mimi Zohar In preparation for serializing the binary_runtime_measurements, this patch maintains the amount of memory required. Changelog v5: - replace CONFIG_KEXEC_FILE with architecture CONFIG_HAVE_IMA_KEXEC (Thiago) Changelog v3: - include the ima_kexec_hdr

[PATCH v6 00/10] ima: carry the measurement list across kexec

g the measurement list ima: on soft reboot, save the measurement list ima: store the builtin/custom template definitions in a list ima: support restoring multiple template formats ima: define a canonical binary_runtime_measurements list format Thiago Jung Bauermann (2): powerpc: ima:

[PATCH v6 03/10] ima: permit duplicate measurement list entries

From: Mimi Zohar Measurements carried across kexec need to be added to the IMA measurement list, but should not prevent measurements of the newly booted kernel from being added to the measurement list. This patch adds support for allowing duplicate measurements. The

[PATCH v6 02/10] ima: on soft reboot, restore the measurement list

e9747 --- /dev/null +++ b/security/integrity/ima/ima_kexec.c @@ -0,0 +1,44 @@ +/* + * Copyright (C) 2016 IBM Corporation + * + * Authors: + * Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> + * Mimi Zohar <zo...@linux.vnet.ibm.com> + * + * This program is free software; you can redis

[PATCH v9 10/10] powerpc: Enable CONFIG_KEXEC_FILE in powerpc server defconfigs.

Enable CONFIG_KEXEC_FILE in powernv_defconfig, ppc64_defconfig and pseries_defconfig. It depends on CONFIG_CRYPTO_SHA256=y, so add that as well. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/configs/powernv_defconfig | 2 ++ arch/powerpc/c

[PATCH v9 09/10] powerpc: Add purgatory for kexec_file_load implementation.

the kexec image. Also, since we don't support loading a crashdump kernel via kexec_file_load yet, the code related to that functionality has been removed. Finally, some checkpatch.pl warnings were fixed. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/Ma

[PATCH v9 08/10] powerpc: Add support for loading ELF kernels with kexec_file_load.

: coding-style fixes] Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> Signed-off-by: Andrew Morton <a...@linux-foundation.org> --- arch/powerpc/include/asm/kexec.h| 12 + arch/powerpc/kernel/Makefile| 3 +- arch/powerpc/kernel/kexec_elf_64.c

[PATCH v9 07/10] powerpc: Add functions to read ELF files of any endianness.

the ELF structs. These functions will be used in the next patch in the series. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/include/asm/elf_util.h | 21 ++ arch/powerpc/kernel/elf_util.c | 418 2 files change

[PATCH v9 06/10] powerpc: Implement kexec_file_load.

address of the relocation in memory. We also add more relocation types that are used by the purgatory. Signed-off-by: Josh Sklar <sk...@linux.vnet.ibm.com> Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/Kconfig| 13 ++ arch/pow

[PATCH v9 05/10] powerpc: Factor out relocation code in module_64.c

t;m...@ellerman.id.au> Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/kernel/module_64.c | 344 +--- 1 file changed, 182 insertions(+), 162 deletions(-) diff --git a/arch/powerpc/kernel/module_64.c b/arch/powerpc/kern

[PATCH v9 04/10] powerpc: Change places using CONFIG_KEXEC to use CONFIG_KEXEC_CORE instead.

RE instead, since kexec_file_load also needs that code compiled in. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- arch/powerpc/Kconfig | 2 +- arch/powerpc/include/asm/debug.h | 2 +- arch/powerpc/include/asm/kexec.h

[PATCH v9 03/10] kexec_file: Factor out kexec_locate_mem_hole from kexec_add_buffer.

kexec_locate_mem_hole will be used by the PowerPC kexec_file_load implementation to find free memory for the purgatory stack. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> Acked-by: Dave Young <dyo...@redhat.com> --- include/linux/kexec.h | 1 + kernel/kexec_f

[PATCH v9 02/10] kexec_file: Change kexec_add_buffer to take kexec_buf as argument.

existing casts to char * in the code. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> Acked-by: Dave Young <dyo...@redhat.com> Acked-by: Balbir Singh <bsinghar...@gmail.com> --- arch/x86/kernel/crash.c | 37 arch/x86/kernel/kexe

[PATCH v9 01/10] kexec_file: Allow arch-specific memory walking for kexec_add_buffer

Allow architectures to specify a different memory walking function for kexec_add_buffer. x86 uses iomem to track reserved memory ranges, but PowerPC uses the memblock subsystem. Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> Acked-by: Dave Young <dyo...@redhat.c

[PATCH v9 00/10] kexec_file_load implementation for PowerPC

code adapting the device tree for booting the new kernel was moved out of elf64_load to setup_new_fdt. - Patch "powerpc: Allow userspace to set device tree properties in kexec_file_load" - New patch. - The code in this patch didn't exist in v4. - This is the only

Re: [PATHC v2 0/9] ima: carry the measurement list across kexec

Am Donnerstag, 29 September 2016, 16:43:08 schrieb Eric W. Biederman: > Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> writes: > > Hello Eric, > > > > Am Dienstag, 20 September 2016, 11:07:29 schrieb Eric W. Biederman: > >> A semi-generic con

Re: [PATHC v2 0/9] ima: carry the measurement list across kexec

Hello Eric, Am Dienstag, 20 September 2016, 11:07:29 schrieb Eric W. Biederman: > Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> writes: > > Am Samstag, 17 September 2016, 00:17:37 schrieb Eric W. Biederman: > >> Thiago Jung Bauermann <bauer...@linux.vnet.ibm.co

Re: [PATHC v2 0/9] ima: carry the measurement list across kexec

Am Samstag, 17 September 2016, 00:17:37 schrieb Eric W. Biederman: > Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> writes: > > Hello Eric, > > > > Am Freitag, 16 September 2016, 14:47:13 schrieb Eric W. Biederman: > >> I can see tracking to see if the

Re: [PATHC v2 0/9] ima: carry the measurement list across kexec

e it will be useful to us in the future for the case of an arbitrary number of kexecs (and thus not only a bootloader but also multiple full-blown distros may be involved in the chain). But you are right that for the use case for which we currently need this feature it's feasible to measure everything upfront. We can cross the other bridge when we get there. > If there is anyway we can start small and not with this big scary > infrastructure change I would very much prefer it. Sounds good. If we pre-measure everything then the following patches from my buffer hand-over series are enough: [PATCH v5 2/5] kexec_file: Add buffer hand-over support for the next kernel [PATCH v5 3/5] powerpc: kexec_file: Add buffer hand-over support for the next kernel Would you consider including those two? And like I mentioned in the cover letter, patch 1/5 is an interesting improvement that is worth considering. -- []'s Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH v8 11/13] powerpc: Add support for loading ELF kernels with kexec_file_load.

*slave_code; struct elfhdr ehdr; -- []'s Thiago Jung Bauermann IBM Linux Technology Center Subject: [PATCH v8 11/13] powerpc: Add support for loading ELF kernels with kexec_file_load. This uses all the infrastructure built up by the previous patches in the series to load an ELF vmlinux

Re: + powerpc-add-purgatory-for-kexec_file_load-implementation-fix.patch added to -mm tree

; powerpc-add-purgatory-for-kexec_file_load-implementation-fix.patch > powerpc-enable-config_kexec_file-in-powerpc-server-defconfigs.patch > kexec_file-add-buffer-hand-over-support-for-the-next-kernel.patch > powerpc-kexec_file-add-buffer-hand-over-support-for-the-next-kernel.patch > kexec_file-allow-skipping-checksum-calculation-for-some-segments.patch > kexec_file-add-mechanism-to-update-kexec-segments.patch > ima-on-soft-reboot-save-the-measurement-list.patch -- []'s Thiago Jung Bauermann IBM Linux Technology Center

Re: [PATCH v5 1/5] kexec_file: Include the purgatory segment in the kexec image checksum.

ORY > > + bool > > + > > The above should probably be in arch/Kconfig (with an appropriately > changed comment) since it is used in generic code. Here is the new version, with that change. -- []'s Thiago Jung Bauermann IBM Linux Technology Center Subject: [PAT

Re: [PATCH v5 1/5] kexec_file: Include the purgatory segment in the kexec image checksum.

ORY > > + bool > > + > > The above should probably be in arch/Kconfig (with an appropriately > changed comment) since it is used in generic code. Thanks for your quick response! I'll make that change tomorrow and send an updated version of just this patch. -- []'s Thiago Jung Bauermann IBM Linux Technology Center

[PATCH v5 5/5] IMA: Demonstration code for kexec buffer passing.

This shows how kernel code can use the kexec buffer passing mechanism to pass information to the next kernel. This patch is not intended to be committed. [a...@linux-foundation.org: coding-style fixes] Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> Signed-off-by:

[PATCH v5 4/5] kexec_file: Add mechanism to update kexec segments.

is updated the checksum is recalculated and updated in the kexec image. Suggested-by: Mimi Zohar <zo...@linux.vnet.ibm.com> Signed-off-by: Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> --- include/linux/kexec.h | 2 + kernel/kexec_core.c | 5 - kernel/kexec_file

[PATCH v5 3/5] powerpc: kexec_file: Add buffer hand-over support for the next kernel

The buffer hand-over mechanism allows the currently running kernel to pass data to kernel that will be kexec'd via a kexec segment. The second kernel can check whether the previous kernel sent data and retrieve it. This is the architecture-specific part. Signed-off-by: Thiago Jung Bauermann

<    1   2   3   4   5   6   7   8   9   >