From: Coiby Xu <[email protected]>
commit 9ec4ecef0af7790551109283ca039a7c52de343c ("kexec_file,x86,
powerpc: factor out kexec_file_ops functions" allows implementing
the arch-specific implementation of kernel image verification
in kexec_file_ops->verify_sig. Currently, there is no arch-specific
implementation of arch_kexec_kernel_verify_sig. So clean it up.
Suggested-by: Eric W. Biederman <[email protected]>
Signed-off-by: Coiby Xu <[email protected]>
---
include/linux/kexec.h | 4 ----
kernel/kexec_file.c | 34 +++++++++++++---------------------
2 files changed, 13 insertions(+), 25 deletions(-)
diff --git a/include/linux/kexec.h b/include/linux/kexec.h
index 0c994ae37729..755fed183224 100644
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@@ -196,10 +196,6 @@ int arch_kexec_apply_relocations(struct purgatory_info *pi,
const Elf_Shdr *relsec,
const Elf_Shdr *symtab);
int arch_kimage_file_post_load_cleanup(struct kimage *image);
-#ifdef CONFIG_KEXEC_SIG
-int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
- unsigned long buf_len);
-#endif
int arch_kexec_locate_mem_hole(struct kexec_buf *kbuf);
extern int kexec_add_buffer(struct kexec_buf *kbuf);
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index 8347fc158d2b..3720435807eb 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -89,25 +89,6 @@ int __weak arch_kimage_file_post_load_cleanup(struct kimage *image)
return kexec_image_post_load_cleanup_default(image);
}
-#ifdef CONFIG_KEXEC_SIG
-static int kexec_image_verify_sig_default(struct kimage *image, void *buf,
- unsigned long buf_len)
-{
- if (!image->fops || !image->fops->verify_sig) {
- pr_debug("kernel loader does not support signature verification.\n");
- return -EKEYREJECTED;
- }
-
- return image->fops->verify_sig(buf, buf_len);
-}
-
-int __weak arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
- unsigned long buf_len)
-{
- return kexec_image_verify_sig_default(image, buf, buf_len);
-}
-#endif
-
/*
* arch_kexec_apply_relocations_add - apply relocations of type RELA
* @pi: Purgatory to be relocated.
@@ -184,13 +165,24 @@ void kimage_file_post_load_cleanup(struct kimage *image)
}
#ifdef CONFIG_KEXEC_SIG
+static int kexec_image_verify_sig(struct kimage *image, void *buf,
+ unsigned long buf_len)
+{
+ if (!image->fops || !image->fops->verify_sig) {
+ pr_debug("kernel loader does not support signature verification.\n");
+ return -EKEYREJECTED;
+ }
+
+ return image->fops->verify_sig(buf, buf_len);
+}
+
static int
kimage_validate_signature(struct kimage *image)
{
int ret;
- ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf,
- image->kernel_buf_len);
+ ret = kexec_image_verify_sig(image, image->kernel_buf,
+ image->kernel_buf_len);
if (ret) {
if (IS_ENABLED(CONFIG_KEXEC_SIG_FORCE)) {
--
2.34.1
On 03/04/22 at 10:03am, Coiby Xu wrote:
> From: Coiby Xu <[email protected]>
>
> commit 9ec4ecef0af7790551109283ca039a7c52de343c ("kexec_file,x86,
> powerpc: factor out kexec_file_ops functions" allows implementing
> the arch-specific implementation of kernel image verification
> in kexec_file_ops->verify_sig. Currently, there is no arch-specific
> implementation of arch_kexec_kernel_verify_sig. So clean it up.
This is a nice cleanup, while the log may need to be improved. You
should run ./scripts/checkpatch.pl on your patch before sending out.
When we refer to a commit in log, please refer to
Documentation/process/submitting-patches.rst.
>
> Suggested-by: Eric W. Biederman <[email protected]>
> Signed-off-by: Coiby Xu <[email protected]>
> ---
> include/linux/kexec.h | 4 ----
> kernel/kexec_file.c | 34 +++++++++++++---------------------
> 2 files changed, 13 insertions(+), 25 deletions(-)
>
> diff --git a/include/linux/kexec.h b/include/linux/kexec.h
> index 0c994ae37729..755fed183224 100644
> --- a/include/linux/kexec.h
> +++ b/include/linux/kexec.h
> @@ -196,10 +196,6 @@ int arch_kexec_apply_relocations(struct purgatory_info *pi,
> const Elf_Shdr *relsec,
> const Elf_Shdr *symtab);
> int arch_kimage_file_post_load_cleanup(struct kimage *image);
> -#ifdef CONFIG_KEXEC_SIG
> -int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
> - unsigned long buf_len);
> -#endif
> int arch_kexec_locate_mem_hole(struct kexec_buf *kbuf);
>
> extern int kexec_add_buffer(struct kexec_buf *kbuf);
> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
> index 8347fc158d2b..3720435807eb 100644
> --- a/kernel/kexec_file.c
> +++ b/kernel/kexec_file.c
> @@ -89,25 +89,6 @@ int __weak arch_kimage_file_post_load_cleanup(struct kimage *image)
> return kexec_image_post_load_cleanup_default(image);
> }
>
> -#ifdef CONFIG_KEXEC_SIG
> -static int kexec_image_verify_sig_default(struct kimage *image, void *buf,
> - unsigned long buf_len)
> -{
> - if (!image->fops || !image->fops->verify_sig) {
> - pr_debug("kernel loader does not support signature verification.\n");
> - return -EKEYREJECTED;
> - }
> -
> - return image->fops->verify_sig(buf, buf_len);
> -}
> -
> -int __weak arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
> - unsigned long buf_len)
> -{
> - return kexec_image_verify_sig_default(image, buf, buf_len);
> -}
> -#endif
> -
> /*
> * arch_kexec_apply_relocations_add - apply relocations of type RELA
> * @pi: Purgatory to be relocated.
> @@ -184,13 +165,24 @@ void kimage_file_post_load_cleanup(struct kimage *image)
> }
>
> #ifdef CONFIG_KEXEC_SIG
> +static int kexec_image_verify_sig(struct kimage *image, void *buf,
> + unsigned long buf_len)
> +{
> + if (!image->fops || !image->fops->verify_sig) {
> + pr_debug("kernel loader does not support signature verification.\n");
> + return -EKEYREJECTED;
> + }
> +
> + return image->fops->verify_sig(buf, buf_len);
> +}
> +
> static int
> kimage_validate_signature(struct kimage *image)
> {
> int ret;
>
> - ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf,
> - image->kernel_buf_len);
> + ret = kexec_image_verify_sig(image, image->kernel_buf,
> + image->kernel_buf_len);
> if (ret) {
>
> if (IS_ENABLED(CONFIG_KEXEC_SIG_FORCE)) {
> --
> 2.34.1
>
On Thu, Mar 17, 2022 at 08:45:35PM +0800, Baoquan He wrote:
>On 03/04/22 at 10:03am, Coiby Xu wrote:
>> From: Coiby Xu <[email protected]>
>>
>> commit 9ec4ecef0af7790551109283ca039a7c52de343c ("kexec_file,x86,
>> powerpc: factor out kexec_file_ops functions" allows implementing
>> the arch-specific implementation of kernel image verification
>> in kexec_file_ops->verify_sig. Currently, there is no arch-specific
>> implementation of arch_kexec_kernel_verify_sig. So clean it up.
>
>This is a nice cleanup, while the log may need to be improved. You
>should run ./scripts/checkpatch.pl on your patch before sending out.
>When we refer to a commit in log, please refer to
>Documentation/process/submitting-patches.rst.
Thanks for the reminder! I've used git pre-commit hook to run
scripts/checkpatch.pl automatically but obviously this hook doesn't
apply to "git rebase --continue" and currently this no git hook that
for this situation. I'll use the following trick [1] to avoid this
mistake in the future,
$ git rebase -i HEAD~3 --reschedule-failed-exec --exec "git show | perl ./scripts/checkpatch.pl"
[1] https://stackoverflow.com/a/70568833/1203522
--
Best regards,
Coiby
On 03/18/22 at 10:48am, Coiby Xu wrote:
> On Thu, Mar 17, 2022 at 08:45:35PM +0800, Baoquan He wrote:
> > On 03/04/22 at 10:03am, Coiby Xu wrote:
> > > From: Coiby Xu <[email protected]>
> > >
> > > commit 9ec4ecef0af7790551109283ca039a7c52de343c ("kexec_file,x86,
> > > powerpc: factor out kexec_file_ops functions" allows implementing
> > > the arch-specific implementation of kernel image verification
> > > in kexec_file_ops->verify_sig. Currently, there is no arch-specific
> > > implementation of arch_kexec_kernel_verify_sig. So clean it up.
> >
> > This is a nice cleanup, while the log may need to be improved. You
> > should run ./scripts/checkpatch.pl on your patch before sending out.
> > When we refer to a commit in log, please refer to
> > Documentation/process/submitting-patches.rst.
>
> Thanks for the reminder! I've used git pre-commit hook to run
> scripts/checkpatch.pl automatically but obviously this hook doesn't
> apply to "git rebase --continue" and currently this no git hook that
> for this situation. I'll use the following trick [1] to avoid this
> mistake in the future,
> $ git rebase -i HEAD~3 --reschedule-failed-exec --exec "git show | perl ./scripts/checkpatch.pl"
Sorry, Coiby. It could be late yesterday so I was dizzy when writing
down the comment, I didn't make my concern clear. What I meant is
the referenced commit in log should be taken in a standard format.
Abstracted one paragraph of Documentation/process/submitting-patches.rst
here. We usually take the first 12 characters of the commit SHA-1 ID
in log, but not the whole of them.
=====
If you want to refer to a specific commit, don't just refer to the
SHA-1 ID of the commit. Please also include the oneline summary of
the commit, to make it easier for reviewers to know what it is about.
Example::
Commit e21d2170f36602ae2708 ("video: remove unnecessary
platform_set_drvdata()") removed the unnecessary
platform_set_drvdata(), but left the variable "dev" unused,
delete it.
=====
And the right parenthesis enclousing the commit subject is missing.
>
> [1] https://stackoverflow.com/a/70568833/1203522
>
>
> --
> Best regards,
> Coiby
>
On 03/18/22 at 03:18pm, Coiby Xu wrote:
> On Fri, Mar 18, 2022 at 11:27:09AM +0800, Baoquan He wrote:
> > On 03/18/22 at 10:48am, Coiby Xu wrote:
> > > On Thu, Mar 17, 2022 at 08:45:35PM +0800, Baoquan He wrote:
> > > > On 03/04/22 at 10:03am, Coiby Xu wrote:
> > > > > From: Coiby Xu <[email protected]>
> > > > >
> > > > > commit 9ec4ecef0af7790551109283ca039a7c52de343c ("kexec_file,x86,
> > > > > powerpc: factor out kexec_file_ops functions" allows implementing
> > > > > the arch-specific implementation of kernel image verification
> > > > > in kexec_file_ops->verify_sig. Currently, there is no arch-specific
> > > > > implementation of arch_kexec_kernel_verify_sig. So clean it up.
> > > >
> > > > This is a nice cleanup, while the log may need to be improved. You
> > > > should run ./scripts/checkpatch.pl on your patch before sending out.
> > > > When we refer to a commit in log, please refer to
> > > > Documentation/process/submitting-patches.rst.
> > >
> > > Thanks for the reminder! I've used git pre-commit hook to run
> > > scripts/checkpatch.pl automatically but obviously this hook doesn't
> > > apply to "git rebase --continue" and currently this no git hook that
> > > for this situation. I'll use the following trick [1] to avoid this
> > > mistake in the future,
> > > $ git rebase -i HEAD~3 --reschedule-failed-exec --exec "git show | perl ./scripts/checkpatch.pl"
> >
> > Sorry, Coiby. It could be late yesterday so I was dizzy when writing
> > down the comment, I didn't make my concern clear. What I meant is
> > the referenced commit in log should be taken in a standard format.
> > Abstracted one paragraph of Documentation/process/submitting-patches.rst
> > here. We usually take the first 12 characters of the commit SHA-1 ID
> > in log, but not the whole of them.
> >
> > =====
> > If you want to refer to a specific commit, don't just refer to the
> > SHA-1 ID of the commit. Please also include the oneline summary of
> > the commit, to make it easier for reviewers to know what it is about.
> > Example::
> >
> > Commit e21d2170f36602ae2708 ("video: remove unnecessary
> > platform_set_drvdata()") removed the unnecessary
> > platform_set_drvdata(), but left the variable "dev" unused,
> > delete it.
> > =====
> >
> > And the right parenthesis enclousing the commit subject is missing.
>
> Thanks for the detailed explanation! Your message has got across to me
> successfully:) I have ran scripts/checkpatch.pl manually after seeing your
> first reply and checkpatch.pl reported the exact same issues as explained
> by you today. My approach of avoiding making mistakes on format is to run
> checkpatch.pl automatically in the git precommit hook so I don't need to
> remember the details about format. I had expected the git precommit hook
> could help me find the issues pointed out by you but obviously it failed.
> So I tried to find out what's wrong. I think the format issues were
> introduced when doing rebase to improve the old version and the precommit
> hook wasn't triggered in this case. Another thing I still missed is I used
> "git diff --cached | scripts/checkpatch.pl" in the pre-commit hook which
> obviously won't check the format issue in the commit message (it only
> check the format issue in the code). With the two problems resolved, I
> shall not make format mistakes in the future:)
>
> Btw, checkpatch.pl seems to requires referring to a specific commit on
> the same line,
>
> ERROR: Please use git commit description style 'commit <12+ chars of sha1> ("<title line>")' - ie: 'commit 9ec4ecef0af7 ("kexec_file,x86,powerpc: factor out kexec_file_ops functions")'
> #6: commit 9ec4ecef0af7 ("kexec_file,x86, powerpc: factor out
> kexec_file_ops
> functions") allows implementing the arch-specific implementation of kernel
> total: 1 errors, 0 warnings, 61 lines checked
> NOTE: For some of the reported defects, checkpatch may be able to
> mechanically convert to the typical style using --fix or --fix-inplace.
> "[PATCH] kexec: clean up arch_kexec_kernel_verify_sig" has style problems, please review.
> NOTE: If any of the errors are false positives, please report
> them to the maintainer, see CHECKPATCH in MAINTAINERS.
>
> Is this a false positive?
No, it's not. Youp probably copied the commit subject and modified it.
Please copy below two lines into your patch to replace and try again.
commit 9ec4ecef0af7 ("kexec_file,x86,powerpc: factor out kexec_file_ops
functions")
>
> >
> > >
> > > [1] https://stackoverflow.com/a/70568833/1203522
> > >
> > >
> > > --
> > > Best regards,
> > > Coiby
> > >
> >
>
> --
> Best regards,
> Coiby
>
On Fri, Mar 18, 2022 at 11:27:09AM +0800, Baoquan He wrote:
>On 03/18/22 at 10:48am, Coiby Xu wrote:
>> On Thu, Mar 17, 2022 at 08:45:35PM +0800, Baoquan He wrote:
>> > On 03/04/22 at 10:03am, Coiby Xu wrote:
>> > > From: Coiby Xu <[email protected]>
>> > >
>> > > commit 9ec4ecef0af7790551109283ca039a7c52de343c ("kexec_file,x86,
>> > > powerpc: factor out kexec_file_ops functions" allows implementing
>> > > the arch-specific implementation of kernel image verification
>> > > in kexec_file_ops->verify_sig. Currently, there is no arch-specific
>> > > implementation of arch_kexec_kernel_verify_sig. So clean it up.
>> >
>> > This is a nice cleanup, while the log may need to be improved. You
>> > should run ./scripts/checkpatch.pl on your patch before sending out.
>> > When we refer to a commit in log, please refer to
>> > Documentation/process/submitting-patches.rst.
>>
>> Thanks for the reminder! I've used git pre-commit hook to run
>> scripts/checkpatch.pl automatically but obviously this hook doesn't
>> apply to "git rebase --continue" and currently this no git hook that
>> for this situation. I'll use the following trick [1] to avoid this
>> mistake in the future,
>> $ git rebase -i HEAD~3 --reschedule-failed-exec --exec "git show | perl ./scripts/checkpatch.pl"
>
>Sorry, Coiby. It could be late yesterday so I was dizzy when writing
>down the comment, I didn't make my concern clear. What I meant is
>the referenced commit in log should be taken in a standard format.
>Abstracted one paragraph of Documentation/process/submitting-patches.rst
>here. We usually take the first 12 characters of the commit SHA-1 ID
>in log, but not the whole of them.
>
>=====
>If you want to refer to a specific commit, don't just refer to the
>SHA-1 ID of the commit. Please also include the oneline summary of
>the commit, to make it easier for reviewers to know what it is about.
>Example::
>
> Commit e21d2170f36602ae2708 ("video: remove unnecessary
> platform_set_drvdata()") removed the unnecessary
> platform_set_drvdata(), but left the variable "dev" unused,
> delete it.
>=====
>
>And the right parenthesis enclousing the commit subject is missing.
Thanks for the detailed explanation! Your message has got across to me
successfully:) I have ran scripts/checkpatch.pl manually after seeing your
first reply and checkpatch.pl reported the exact same issues as explained
by you today. My approach of avoiding making mistakes on format is to run
checkpatch.pl automatically in the git precommit hook so I don't need to
remember the details about format. I had expected the git precommit hook
could help me find the issues pointed out by you but obviously it failed.
So I tried to find out what's wrong. I think the format issues were
introduced when doing rebase to improve the old version and the precommit
hook wasn't triggered in this case. Another thing I still missed is I used
"git diff --cached | scripts/checkpatch.pl" in the pre-commit hook which
obviously won't check the format issue in the commit message (it only
check the format issue in the code). With the two problems resolved, I
shall not make format mistakes in the future:)
Btw, checkpatch.pl seems to requires referring to a specific commit on
the same line,
ERROR: Please use git commit description style 'commit <12+ chars of sha1> ("<title line>")' - ie: 'commit 9ec4ecef0af7 ("kexec_file,x86,powerpc: factor out kexec_file_ops functions")'
#6:
commit 9ec4ecef0af7 ("kexec_file,x86, powerpc: factor out kexec_file_ops
functions") allows implementing the arch-specific implementation of kernel
total: 1 errors, 0 warnings, 61 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
"[PATCH] kexec: clean up arch_kexec_kernel_verify_sig" has style problems, please review.
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
Is this a false positive?
>
>>
>> [1] https://stackoverflow.com/a/70568833/1203522
>>
>>
>> --
>> Best regards,
>> Coiby
>>
>
--
Best regards,
Coiby
On Fri, Mar 18, 2022 at 04:54:01PM +0800, Baoquan He wrote:
[...]
>> Btw, checkpatch.pl seems to requires referring to a specific commit on
>> the same line,
>>
>> ERROR: Please use git commit description style 'commit <12+ chars of sha1> ("<title line>")' - ie: 'commit 9ec4ecef0af7 ("kexec_file,x86,powerpc: factor out kexec_file_ops functions")'
>> #6: commit 9ec4ecef0af7 ("kexec_file,x86, powerpc: factor out
>> kexec_file_ops
>> functions") allows implementing the arch-specific implementation of kernel
>> total: 1 errors, 0 warnings, 61 lines checked
>> NOTE: For some of the reported defects, checkpatch may be able to
>> mechanically convert to the typical style using --fix or --fix-inplace.
>> "[PATCH] kexec: clean up arch_kexec_kernel_verify_sig" has style problems, please review.
>> NOTE: If any of the errors are false positives, please report
>> them to the maintainer, see CHECKPATCH in MAINTAINERS.
>>
>> Is this a false positive?
>
>No, it's not. Youp probably copied the commit subject and modified it.
>Please copy below two lines into your patch to replace and try again.
>
>commit 9ec4ecef0af7 ("kexec_file,x86,powerpc: factor out kexec_file_ops
>functions")
Yes, you are right. I unintentionally changed the subject. I've sent
v4 to fix this commit reference issue and other checkpatch.pl warnings.
Thanks!
--
Best regards,
Coiby