| Message ID | 20220401013118.348084-2-coxu@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | use more system keyrings to verify arm64 kdump kernel image signature | expand |
On Fri, Apr 01, 2022 at 09:31:16AM +0800, Coiby Xu wrote: > Currently there is no arch-specific implementation of > arch_kexec_kernel_verify_sig. Even if we want to add an implementation > for an architecture in the future, we can simply use "(struct > kexec_file_ops*)->verify_sig". So clean it up. Reviewed-by: Michal Suchanek <msuchanek@suse.de> > > Suggested-by: Eric W. Biederman <ebiederm@xmission.com> > Signed-off-by: Coiby Xu <coxu@redhat.com> > --- > include/linux/kexec.h | 4 ---- > kernel/kexec_file.c | 34 +++++++++++++--------------------- > 2 files changed, 13 insertions(+), 25 deletions(-) > > diff --git a/include/linux/kexec.h b/include/linux/kexec.h > index 0c994ae37729..755fed183224 100644 > --- a/include/linux/kexec.h > +++ b/include/linux/kexec.h > @@ -196,10 +196,6 @@ int arch_kexec_apply_relocations(struct purgatory_info *pi, > const Elf_Shdr *relsec, > const Elf_Shdr *symtab); > int arch_kimage_file_post_load_cleanup(struct kimage *image); > -#ifdef CONFIG_KEXEC_SIG > -int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf, > - unsigned long buf_len); > -#endif > int arch_kexec_locate_mem_hole(struct kexec_buf *kbuf); > > extern int kexec_add_buffer(struct kexec_buf *kbuf); > diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c > index 8347fc158d2b..3720435807eb 100644 > --- a/kernel/kexec_file.c > +++ b/kernel/kexec_file.c > @@ -89,25 +89,6 @@ int __weak arch_kimage_file_post_load_cleanup(struct kimage *image) > return kexec_image_post_load_cleanup_default(image); > } > > -#ifdef CONFIG_KEXEC_SIG > -static int kexec_image_verify_sig_default(struct kimage *image, void *buf, > - unsigned long buf_len) > -{ > - if (!image->fops || !image->fops->verify_sig) { > - pr_debug("kernel loader does not support signature verification.\n"); > - return -EKEYREJECTED; > - } > - > - return image->fops->verify_sig(buf, buf_len); > -} > - > -int __weak arch_kexec_kernel_verify_sig(struct kimage *image, void *buf, > - unsigned long buf_len) > -{ > - return kexec_image_verify_sig_default(image, buf, buf_len); > -} > -#endif > - > /* > * arch_kexec_apply_relocations_add - apply relocations of type RELA > * @pi: Purgatory to be relocated. > @@ -184,13 +165,24 @@ void kimage_file_post_load_cleanup(struct kimage *image) > } > > #ifdef CONFIG_KEXEC_SIG > +static int kexec_image_verify_sig(struct kimage *image, void *buf, > + unsigned long buf_len) > +{ > + if (!image->fops || !image->fops->verify_sig) { > + pr_debug("kernel loader does not support signature verification.\n"); > + return -EKEYREJECTED; > + } > + > + return image->fops->verify_sig(buf, buf_len); > +} > + > static int > kimage_validate_signature(struct kimage *image) > { > int ret; > > - ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf, > - image->kernel_buf_len); > + ret = kexec_image_verify_sig(image, image->kernel_buf, > + image->kernel_buf_len); > if (ret) { > > if (IS_ENABLED(CONFIG_KEXEC_SIG_FORCE)) { > -- > 2.34.1 >
diff --git a/include/linux/kexec.h b/include/linux/kexec.h index 0c994ae37729..755fed183224 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -196,10 +196,6 @@ int arch_kexec_apply_relocations(struct purgatory_info *pi, const Elf_Shdr *relsec, const Elf_Shdr *symtab); int arch_kimage_file_post_load_cleanup(struct kimage *image); -#ifdef CONFIG_KEXEC_SIG -int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf, - unsigned long buf_len); -#endif int arch_kexec_locate_mem_hole(struct kexec_buf *kbuf); extern int kexec_add_buffer(struct kexec_buf *kbuf); diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index 8347fc158d2b..3720435807eb 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -89,25 +89,6 @@ int __weak arch_kimage_file_post_load_cleanup(struct kimage *image) return kexec_image_post_load_cleanup_default(image); } -#ifdef CONFIG_KEXEC_SIG -static int kexec_image_verify_sig_default(struct kimage *image, void *buf, - unsigned long buf_len) -{ - if (!image->fops || !image->fops->verify_sig) { - pr_debug("kernel loader does not support signature verification.\n"); - return -EKEYREJECTED; - } - - return image->fops->verify_sig(buf, buf_len); -} - -int __weak arch_kexec_kernel_verify_sig(struct kimage *image, void *buf, - unsigned long buf_len) -{ - return kexec_image_verify_sig_default(image, buf, buf_len); -} -#endif - /* * arch_kexec_apply_relocations_add - apply relocations of type RELA * @pi: Purgatory to be relocated. @@ -184,13 +165,24 @@ void kimage_file_post_load_cleanup(struct kimage *image) } #ifdef CONFIG_KEXEC_SIG +static int kexec_image_verify_sig(struct kimage *image, void *buf, + unsigned long buf_len) +{ + if (!image->fops || !image->fops->verify_sig) { + pr_debug("kernel loader does not support signature verification.\n"); + return -EKEYREJECTED; + } + + return image->fops->verify_sig(buf, buf_len); +} + static int kimage_validate_signature(struct kimage *image) { int ret; - ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf, - image->kernel_buf_len); + ret = kexec_image_verify_sig(image, image->kernel_buf, + image->kernel_buf_len); if (ret) { if (IS_ENABLED(CONFIG_KEXEC_SIG_FORCE)) {
Currently there is no arch-specific implementation of arch_kexec_kernel_verify_sig. Even if we want to add an implementation for an architecture in the future, we can simply use "(struct kexec_file_ops*)->verify_sig". So clean it up. Suggested-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Coiby Xu <coxu@redhat.com> --- include/linux/kexec.h | 4 ---- kernel/kexec_file.c | 34 +++++++++++++--------------------- 2 files changed, 13 insertions(+), 25 deletions(-)