mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-30 06:10:56 +00:00
kexec: clean up arch_kexec_kernel_verify_sig
[ Upstream commit 689a71493b
]
Before commit 105e10e2cf1c ("kexec_file: drop weak attribute from
functions"), there was already no arch-specific implementation
of arch_kexec_kernel_verify_sig. With weak attribute dropped by that
commit, arch_kexec_kernel_verify_sig is completely useless. So clean it
up.
Note later patches are dependent on this patch so it should be backported
to the stable tree as well.
Cc: stable@vger.kernel.org
Suggested-by: Eric W. Biederman <ebiederm@xmission.com>
Reviewed-by: Michal Suchanek <msuchanek@suse.de>
Acked-by: Baoquan He <bhe@redhat.com>
Signed-off-by: Coiby Xu <coxu@redhat.com>
[zohar@linux.ibm.com: reworded patch description "Note"]
Link: https://lore.kernel.org/linux-integrity/20220714134027.394370-1-coxu@redhat.com/
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
90341045b5
commit
df036b1605
2 changed files with 13 additions and 25 deletions
|
@ -212,11 +212,6 @@ static inline void *arch_kexec_kernel_image_load(struct kimage *image)
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef CONFIG_KEXEC_SIG
|
|
||||||
int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
|
|
||||||
unsigned long buf_len);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
extern int kexec_add_buffer(struct kexec_buf *kbuf);
|
extern int kexec_add_buffer(struct kexec_buf *kbuf);
|
||||||
int kexec_locate_mem_hole(struct kexec_buf *kbuf);
|
int kexec_locate_mem_hole(struct kexec_buf *kbuf);
|
||||||
|
|
||||||
|
|
|
@ -81,24 +81,6 @@ int kexec_image_post_load_cleanup_default(struct kimage *image)
|
||||||
return image->fops->cleanup(image->image_loader_data);
|
return image->fops->cleanup(image->image_loader_data);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_KEXEC_SIG
|
|
||||||
static int kexec_image_verify_sig_default(struct kimage *image, void *buf,
|
|
||||||
unsigned long buf_len)
|
|
||||||
{
|
|
||||||
if (!image->fops || !image->fops->verify_sig) {
|
|
||||||
pr_debug("kernel loader does not support signature verification.\n");
|
|
||||||
return -EKEYREJECTED;
|
|
||||||
}
|
|
||||||
|
|
||||||
return image->fops->verify_sig(buf, buf_len);
|
|
||||||
}
|
|
||||||
|
|
||||||
int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf, unsigned long buf_len)
|
|
||||||
{
|
|
||||||
return kexec_image_verify_sig_default(image, buf, buf_len);
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Free up memory used by kernel, initrd, and command line. This is temporary
|
* Free up memory used by kernel, initrd, and command line. This is temporary
|
||||||
* memory allocation which is not needed any more after these buffers have
|
* memory allocation which is not needed any more after these buffers have
|
||||||
|
@ -141,13 +123,24 @@ void kimage_file_post_load_cleanup(struct kimage *image)
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_KEXEC_SIG
|
#ifdef CONFIG_KEXEC_SIG
|
||||||
|
static int kexec_image_verify_sig(struct kimage *image, void *buf,
|
||||||
|
unsigned long buf_len)
|
||||||
|
{
|
||||||
|
if (!image->fops || !image->fops->verify_sig) {
|
||||||
|
pr_debug("kernel loader does not support signature verification.\n");
|
||||||
|
return -EKEYREJECTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
return image->fops->verify_sig(buf, buf_len);
|
||||||
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
kimage_validate_signature(struct kimage *image)
|
kimage_validate_signature(struct kimage *image)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf,
|
ret = kexec_image_verify_sig(image, image->kernel_buf,
|
||||||
image->kernel_buf_len);
|
image->kernel_buf_len);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
|
|
||||||
if (sig_enforce) {
|
if (sig_enforce) {
|
||||||
|
|
Loading…
Reference in a new issue