Re: [PATCH v2 0/6] kexec_file: Add buffer hand-over for the next kernel
On 08/13/16 at 12:18am, Thiago Jung Bauermann wrote: > Hello, > > This patch series implements a mechanism which allows the kernel to pass > on a buffer to the kernel that will be kexec'd. This buffer is passed > as a segment which is added to the kimage when it is being prepared > by kexec_file_load. > > How the second kernel is informed of this buffer is architecture-specific. > On powerpc, this is done via the device tree, by checking > the properties /chosen/linux,kexec-handover-buffer-start and > /chosen/linux,kexec-handover-buffer-end, which is analogous to how the > kernel finds the initrd. > > This is needed because the Integrity Measurement Architecture subsystem > needs to preserve its measurement list accross the kexec reboot. The > following patch series for the IMA subsystem uses this feature for that > purpose: > > https://lists.infradead.org/pipermail/kexec/2016-August/016745.html > > This is so that IMA can implement trusted boot support on the OpenPower > platform, because on such systems an intermediary Linux instance running > as part of the firmware is used to boot the target operating system via > kexec. Using this mechanism, IMA on this intermediary instance can > hand over to the target OS the measurements of the components that were > used to boot it. > > Because there could be additional measurement events between the > kexec_file_load call and the actual reboot, IMA needs a way to update the > buffer with those additional events before rebooting. One can minimize > the interval between the kexec_file_load and the reboot syscalls, but as > small as it can be, there is always the possibility that the measurement > list will be out of date at the time of reboot. > > To address this issue, this patch series also introduces > kexec_update_segment, which allows a reboot notifier to change the > contents of the image segment during the reboot process. > > Patch 5 makes kimage_load_normal_segment and kexec_update_segment share > code. It's not much code that they can share though, so I'm not sure if > the result is actually better. > > The last patch is not intended to be merged, it just demonstrates how > this feature can be used. > > This series applies on top of v5 of the "kexec_file_load implementation > for PowerPC" patch series (which applies on top of v4.8-rc1): > > https://lists.infradead.org/pipermail/kexec/2016-August/016843.html I'm trying to review your patches, but seems I can not apply them cleanly to mainline kernel or v4.8-rc1 Apply the kexec_file_load series failed as below on v4.8-rc1: Applying: kexec_file: Allow arch-specific memory walking for kexec_add_buffer error: patch failed: include/linux/kexec.h:149 error: include/linux/kexec.h: patch does not apply Patch failed at 0001 kexec_file: Allow arch-specific memory walking for kexec_add_buffer The copy of the patch that failed is found in: .git/rebase-apply/patch When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". What is the order of your patch series of the three patchset? [PATCH v2 0/2] extend kexec_file_load system call [PATCH v5 00/13] kexec_file_load implementation for PowerPC [PATCH v2 0/6] kexec_file: Add buffer hand-over for the next kernel Do they depend on other patches? Thanks Dave ___ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec
Re: [PATCH v2 0/6] kexec_file: Add buffer hand-over for the next kernel
Hello Dave, Am Mittwoch, 17 August 2016, 10:52:26 schrieb Dave Young: > On 08/13/16 at 12:18am, Thiago Jung Bauermann wrote: > > This series applies on top of v5 of the "kexec_file_load implementation > > for PowerPC" patch series (which applies on top of v4.8-rc1): > > > > https://lists.infradead.org/pipermail/kexec/2016-August/016843.html > > I'm trying to review your patches, but seems I can not apply them > cleanly to mainline kernel or v4.8-rc1 Strange, I just did a test using the patches I received via the kexec mailing list, and git am applied them cleanly on v4.8-rc1. > Apply the kexec_file_load series failed as below on v4.8-rc1: > > Applying: kexec_file: Allow arch-specific memory walking for > kexec_add_buffer > error: patch failed: include/linux/kexec.h:149 > error: include/linux/kexec.h: patch does not apply > Patch failed at 0001 kexec_file: Allow arch-specific memory walking for > kexec_add_buffer > The copy of the patch that failed is found in: .git/rebase-apply/patch > When you have resolved this problem, run "git am --continue". > If you prefer to skip this patch, run "git am --skip" instead. > To restore the original branch and stop patching, run "git am --abort". > > What is the order of your patch series of the three patchset? > > [PATCH v2 0/2] extend kexec_file_load system call > [PATCH v5 00/13] kexec_file_load implementation for PowerPC > [PATCH v2 0/6] kexec_file: Add buffer hand-over for the next kernel Yes, that is correct. > Do they depend on other patches? No, they apply directly on v4.8-rc1. I just published a branch with the patches, if you want you can use that instead. The branch is called kexec-patches and is at the repo g...@github.com:bauermann/linux -- []'s Thiago Jung Bauermann IBM Linux Technology Center ___ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec
[PATCH v2 0/6] kexec_file: Add buffer hand-over for the next kernel
Hello, This patch series implements a mechanism which allows the kernel to pass on a buffer to the kernel that will be kexec'd. This buffer is passed as a segment which is added to the kimage when it is being prepared by kexec_file_load. How the second kernel is informed of this buffer is architecture-specific. On powerpc, this is done via the device tree, by checking the properties /chosen/linux,kexec-handover-buffer-start and /chosen/linux,kexec-handover-buffer-end, which is analogous to how the kernel finds the initrd. This is needed because the Integrity Measurement Architecture subsystem needs to preserve its measurement list accross the kexec reboot. The following patch series for the IMA subsystem uses this feature for that purpose: https://lists.infradead.org/pipermail/kexec/2016-August/016745.html This is so that IMA can implement trusted boot support on the OpenPower platform, because on such systems an intermediary Linux instance running as part of the firmware is used to boot the target operating system via kexec. Using this mechanism, IMA on this intermediary instance can hand over to the target OS the measurements of the components that were used to boot it. Because there could be additional measurement events between the kexec_file_load call and the actual reboot, IMA needs a way to update the buffer with those additional events before rebooting. One can minimize the interval between the kexec_file_load and the reboot syscalls, but as small as it can be, there is always the possibility that the measurement list will be out of date at the time of reboot. To address this issue, this patch series also introduces kexec_update_segment, which allows a reboot notifier to change the contents of the image segment during the reboot process. Patch 5 makes kimage_load_normal_segment and kexec_update_segment share code. It's not much code that they can share though, so I'm not sure if the result is actually better. The last patch is not intended to be merged, it just demonstrates how this feature can be used. This series applies on top of v5 of the "kexec_file_load implementation for PowerPC" patch series (which applies on top of v4.8-rc1): https://lists.infradead.org/pipermail/kexec/2016-August/016843.html Changes for v2: - Rebased on v5 of kexec_file_load implementation for PowerPC patch series. - Patch "kexec_file: Add buffer hand-over support for the next kernel" - Changed kexec_add_handover_buffer to receive a struct kexec_buf, as suggested by Dave Young. - Patch "powerpc: kexec_file: Add buffer hand-over support for the next kernel" - Moved setup_handover_buffer from kexec_elf_64.c to machine_kexec_64.c. - Call setup_handover_buffer from setup_new_fdt instead of elf64_load. - Changed kexec_get_handover_buffer to read from the expanded device tree instead of the flattened device tree. - Patch "kexec_file: Add mechanism to update kexec segments.": - Removed unnecessary "#include " in kexec_file.c. - Round up memsz argument to PAGE_SIZE. - Check if kexec_image is NULL in kexec_update_segment. - Patch "IMA: Demonstration code for kexec buffer passing." - Avoid registering reboot notifier again if kexec_file_load is called more than once. Thiago Jung Bauermann (6): kexec_file: Add buffer hand-over support for the next kernel powerpc: kexec_file: Add buffer hand-over support for the next kernel kexec_file: Allow skipping checksum calculation for some segments. kexec_file: Add mechanism to update kexec segments. kexec: Share logic to copy segment page contents. IMA: Demonstration code for kexec buffer passing. arch/powerpc/include/asm/kexec.h | 12 +- arch/powerpc/kernel/kexec_elf_64.c | 8 +- arch/powerpc/kernel/machine_kexec_64.c | 114 - arch/x86/kernel/crash.c| 4 +- arch/x86/kernel/kexec-bzimage64.c | 6 +- include/linux/ima.h| 11 ++ include/linux/kexec.h | 37 +- kernel/kexec_core.c| 216 ++--- kernel/kexec_file.c| 91 -- security/integrity/ima/ima.h | 5 + security/integrity/ima/ima_init.c | 26 security/integrity/ima/ima_template.c | 85 + 12 files changed, 546 insertions(+), 69 deletions(-) -- 1.9.1 ___ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec
