kexec_file.c - OpenGrok cross reference for /linux/kernel/kexec

Deleted Added

sdiffudifftextold (08987822..)new (aefcf2f4..)

kexec_file.c (0898782247ae533d1f4e47a06bc5d4870931b284)	kexec_file.c (aefcf2f4b58155d27340ba5f9ddbe9513da8286d)
1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * kexec: kexec_file_load system call 4 * 5 * Copyright (C) 2014 Red Hat Inc. 6 * Authors: 7 * Vivek Goyal <vgoyal@redhat.com> 8 / --- 74 unchanged lines hidden* (view full) --- 83 return image->fops->cleanup(image->image_loader_data); 84} 85 86int __weak arch_kimage_file_post_load_cleanup(struct kimage *image) 87{ 88 return kexec_image_post_load_cleanup_default(image); 89} 90	1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * kexec: kexec_file_load system call 4 * 5 * Copyright (C) 2014 Red Hat Inc. 6 * Authors: 7 * Vivek Goyal <vgoyal@redhat.com> 8 / --- 74 unchanged lines hidden* (view full) --- 83 return image->fops->cleanup(image->image_loader_data); 84} 85 86int __weak arch_kimage_file_post_load_cleanup(struct kimage *image) 87{ 88 return kexec_image_post_load_cleanup_default(image); 89} 90
91#ifdef CONFIG_KEXEC_VERIFY_SIG	91#ifdef CONFIG_KEXEC_SIG
92static int kexec_image_verify_sig_default(struct kimage image, void buf, 93 unsigned long buf_len) 94{ 95 if (!image->fops \|\| !image->fops->verify_sig) { 96 pr_debug("kernel loader does not support signature verification.\n"); 97 return -EKEYREJECTED; 98 } 99 --- 72 unchanged lines hidden (view full) --- 172 * Above call should have called into bootloader to free up 173 * any data stored in kimage->image_loader_data. It should 174 * be ok now to free it up. 175 */ 176 kfree(image->image_loader_data); 177 image->image_loader_data = NULL; 178} 179	92static int kexec_image_verify_sig_default(struct kimage image, void buf, 93 unsigned long buf_len) 94{ 95 if (!image->fops \|\| !image->fops->verify_sig) { 96 pr_debug("kernel loader does not support signature verification.\n"); 97 return -EKEYREJECTED; 98 } 99 --- 72 unchanged lines hidden (view full) --- 172 * Above call should have called into bootloader to free up 173 * any data stored in kimage->image_loader_data. It should 174 * be ok now to free it up. 175 */ 176 kfree(image->image_loader_data); 177 image->image_loader_data = NULL; 178} 179
	180#ifdef CONFIG_KEXEC_SIG 181static int 182kimage_validate_signature(struct kimage image) 183{ 184 const char reason; 185 int ret; 186 187 ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf, 188 image->kernel_buf_len); 189 switch (ret) { 190 case 0: 191 break; 192 193 /* Certain verification errors are non-fatal if we're not 194 * checking errors, provided we aren't mandating that there 195 * must be a valid signature. 196 / 197 case -ENODATA: 198 reason = "kexec of unsigned image"; 199 goto decide; 200 case -ENOPKG: 201 reason = "kexec of image with unsupported crypto"; 202 goto decide; 203 case -ENOKEY: 204 reason = "kexec of image with unavailable key"; 205 decide: 206 if (IS_ENABLED(CONFIG_KEXEC_SIG_FORCE)) { 207 pr_notice("%s rejected\n", reason); 208 return ret; 209 } 210 211 / If IMA is guaranteed to appraise a signature on the kexec 212 * image, permit it even if the kernel is otherwise locked 213 * down. 214 / 215 if (!ima_appraise_signature(READING_KEXEC_IMAGE) && 216 security_locked_down(LOCKDOWN_KEXEC)) 217 return -EPERM; 218 219 return 0; 220 221 / All other errors are fatal, including nomem, unparseable 222 * signatures and signature check failures - even if signatures 223 * aren't required. 224 */ 225 default: 226 pr_notice("kernel signature verification failed (%d).\n", ret); 227 } 228 229 return ret; 230} 231#endif 232
180/* 181 * In file mode list of segments is prepared by kernel. Copy relevant 182 * data from user space, do error checking, prepare segment list 183 / 184static int 185kimage_file_prepare_segments(struct kimage image, int kernel_fd, int initrd_fd, 186 const char __user *cmdline_ptr, 187 unsigned long cmdline_len, unsigned flags) 188{	233/* 234 * In file mode list of segments is prepared by kernel. Copy relevant 235 * data from user space, do error checking, prepare segment list 236 / 237static int 238kimage_file_prepare_segments(struct kimage image, int kernel_fd, int initrd_fd, 239 const char __user *cmdline_ptr, 240 unsigned long cmdline_len, unsigned flags) 241{
189 int ret = 0;	242 int ret;
190 void ldata; 191 loff_t size; 192 193 ret = kernel_read_file_from_fd(kernel_fd, &image->kernel_buf, 194 &size, INT_MAX, READING_KEXEC_IMAGE); 195 if (ret) 196 return ret; 197 image->kernel_buf_len = size; 198 199 / Call arch image probe handlers */ 200 ret = arch_kexec_kernel_image_probe(image, image->kernel_buf, 201 image->kernel_buf_len); 202 if (ret) 203 goto out; 204	243 void ldata; 244 loff_t size; 245 246 ret = kernel_read_file_from_fd(kernel_fd, &image->kernel_buf, 247 &size, INT_MAX, READING_KEXEC_IMAGE); 248 if (ret) 249 return ret; 250 image->kernel_buf_len = size; 251 252 / Call arch image probe handlers */ 253 ret = arch_kexec_kernel_image_probe(image, image->kernel_buf, 254 image->kernel_buf_len); 255 if (ret) 256 goto out; 257
205#ifdef CONFIG_KEXEC_VERIFY_SIG 206 ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf, 207 image->kernel_buf_len); 208 if (ret) { 209 pr_debug("kernel signature verification failed.\n");	258#ifdef CONFIG_KEXEC_SIG 259 ret = kimage_validate_signature(image); 260 261 if (ret)
210 goto out;	262 goto out;
211 } 212 pr_debug("kernel signature verification successful.\n");
213#endif 214 /* It is possible that there no initramfs is being loaded / 215 if (!(flags & KEXEC_FILE_NO_INITRAMFS)) { 216 ret = kernel_read_file_from_fd(initrd_fd, &image->initrd_buf, 217 &size, INT_MAX, 218 READING_KEXEC_INITRAMFS); 219 if (ret) 220 goto out; --- 1067 unchanged lines hidden* ---	263#endif 264 /* It is possible that there no initramfs is being loaded / 265 if (!(flags & KEXEC_FILE_NO_INITRAMFS)) { 266 ret = kernel_read_file_from_fd(initrd_fd, &image->initrd_buf, 267 &size, INT_MAX, 268 READING_KEXEC_INITRAMFS); 269 if (ret) 270 goto out; --- 1067 unchanged lines hidden* ---