Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2532771imm; Thu, 16 Aug 2018 11:01:48 -0700 (PDT) X-Google-Smtp-Source: AA+uWPyJ9Vkt5dfJCEkSgJirV8ZPWZ3uZ4zEl3pY3M+xRBh2DyBazK59DmSCxRwQEy8HV6StIVyb X-Received: by 2002:a62:6602:: with SMTP id a2-v6mr33333481pfc.159.1534442508401; Thu, 16 Aug 2018 11:01:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1534442508; cv=none; d=google.com; s=arc-20160816; b=Whp/xyOcsCHaaBPwdOc9j6KsT0lWQJ3aaMxeFSqW/heOJall7encgk3wZJAc4MzYlg p2NPH/voo8vGH1GqScdLlz/mbyMvQX/3qBhfDJurraurIyNVfRVyerqumhB9OkG1B31G BBdg+mn/cxBnHlzZSNlUSptvOO0P5CN+7938+NuibyXlY2Bx5C2Li/uOqTME0X1hfF8d fhgt8ljQB70NXpuClO3lXwUg7hPzXFc4sM5+eCQEClmqhpI7xlkxYtyhs2ikZYHEtbok uJWkLtyfMLZ3JjXJx7XFVR4wtsGyNajhL6wOPVTbjTiB1Zz2b4TOEV1R4bdGDQNlWojK 0U8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date :arc-authentication-results; bh=XGvfaTSu290SbhN5K1uxh4+AQaSd5xn4AK6puAJbTW4=; b=Xvhur3yTrd7paaeZs8KjCKb2fjCIK8qa4X/Lnlp93XFfxkbMPyOTKeCQTz3UnLGBZe KxtqHzM1u7eJ6QoWNCXjJYUeJNg5us9bug1pjZPmhy4CTAT7MqHVlsGHlUP6YoA8EcpB r9aRZtuKhRoRFIhlpLIujbKfyQ4QYzk1x84/bQ2FfmeEEPLyl64x+Jx+HGCFRR69GgJ3 1Emp5gNcp1hayDclV2luLscEHi8Ctc0pAw5yPg46j1GYFmFB/HonsdGHvLWiAQ0a+fe6 2vauFZAWzlpeEBZdUEB1JXNxvMcErqSa+bJy1qcY/6brYGEE4DJysi06Sfcoc93zhBul GZ7w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i3-v6si22128985pld.454.2018.08.16.11.01.33; Thu, 16 Aug 2018 11:01:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391437AbeHPPo5 (ORCPT + 99 others); Thu, 16 Aug 2018 11:44:57 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:50730 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726062AbeHPPo5 (ORCPT ); Thu, 16 Aug 2018 11:44:57 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id DDB392635A; Thu, 16 Aug 2018 12:46:34 +0000 (UTC) Received: from horse.redhat.com (unknown [10.18.25.234]) by smtp.corp.redhat.com (Postfix) with ESMTP id BF3272026D7E; Thu, 16 Aug 2018 12:46:32 +0000 (UTC) Received: by horse.redhat.com (Postfix, from userid 10451) id 86E2022425E; Thu, 16 Aug 2018 08:46:32 -0400 (EDT) Date: Thu, 16 Aug 2018 08:46:32 -0400 From: Vivek Goyal To: Dave Young Cc: Yannik Sembritzki , Linus Torvalds , David Howells , Thomas Gleixner , Ingo Molnar , Peter Anvin , the arch/x86 maintainers , Linux Kernel Mailing List , Baoquan He , Justin Forbes , Peter Jones , James Bottomley , Matthew Garrett Subject: Re: [PATCH 2/2] [FIXED v2] Replace magic for trusting the secondary keyring with #define Message-ID: <20180816124632.GA24061@redhat.com> References: <20180815194244.29564-3-yannik@sembritzki.me> <201808160443.5h16PxVs%fengguang.wu@intel.com> <1bfa03ed-c9f8-d0f2-700c-c93e96d5b99c@sembritzki.me> <20180816011106.GC5915@dhcp-128-65.nay.redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20180816011106.GC5915@dhcp-128-65.nay.redhat.com> User-Agent: Mutt/1.9.1 (2017-09-22) X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Thu, 16 Aug 2018 12:46:34 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Thu, 16 Aug 2018 12:46:34 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'vgoyal@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Aug 16, 2018 at 09:11:06AM +0800, Dave Young wrote: > On 08/16/18 at 12:07am, Yannik Sembritzki wrote: > > Signed-off-by: Yannik Sembritzki > > --- > > ?arch/x86/kernel/kexec-bzimage64.c?????? | 2 +- > > ?certs/system_keyring.c????????????????? | 3 ++- > > ?crypto/asymmetric_keys/pkcs7_key_type.c | 2 +- > > ?include/linux/verification.h??????????? | 3 +++ > > ?4 files changed, 7 insertions(+), 3 deletions(-) > > > > diff --git a/arch/x86/kernel/kexec-bzimage64.c > > b/arch/x86/kernel/kexec-bzimage64.c > > index 74628275..97d199a3 100644 > > --- a/arch/x86/kernel/kexec-bzimage64.c > > +++ b/arch/x86/kernel/kexec-bzimage64.c > > @@ -532,7 +532,7 @@ static int bzImage64_cleanup(void *loader_data) > > ?static int bzImage64_verify_sig(const char *kernel, unsigned long > > kernel_len) > > ?{ > > ??? ?return verify_pefile_signature(kernel, kernel_len, > > -?? ??? ??? ??? ??????? ((struct key *)1UL), > > +?? ??? ??? ??? ??????? TRUST_SECONDARY_KEYRING, > > Instead of fix your 1st patch in 2nd patch, I would suggest to > switch the patch order. In 1st patch change the common code to use > the new macro and in 2nd patch you can directly fix the kexec code > with TRUST_SECONDARY_KEYRING. I agree. It looks cleaner that first patch change the common code and introduce the macro to replace 1UL. And second patch makes use of that macro in kexec bzImage64 verification. Thanks Vivek