from:"Michal Suchánek"

Re: [PATCH] kexec: do KEXEC_FILE_LOAD and fallback to KEXEC_LOAD if not supported.

2018-02-24 Thread Michal Suchánek

Hello, On Sat, 24 Feb 2018 10:19:09 +0800 Baoquan He wrote: > Hi Petr, > > On 02/23/18 at 09:29am, Petr Tesarik wrote: > > Hi Baoquan, > > > > On Fri, 23 Feb 2018 07:20:43 +0800 > > Baoquan He wrote: > > > > > Hi Michal, > > > > > > On 02/22/18 at

Re: [PATCH] kexec: do KEXEC_FILE_LOAD and fallback to KEXEC_LOAD if not supported.

2018-02-23 Thread Michal Suchánek

On Fri, 23 Feb 2018 07:20:43 +0800 Baoquan He wrote: > Hi Michal, > > On 02/22/18 at 11:24pm, Michal Suchanek wrote: > > The new KEXEC_FILE_LOAD is preferred in the case the platform > > supports it because it allows kexec in locked down secure boot mode. > > > > However, some

Re: [PATCH 4/5] kexec: fallback to KEXEC_LOAD when KEXEC_FILE_LOAD is not supported.

2018-03-13 Thread Michal Suchánek

On Fri, 2 Mar 2018 13:44:58 +0100 Simon Horman wrote: > On Mon, Feb 26, 2018 at 01:00:37PM +0100, Michal Suchanek wrote: > > Not all architectures implement KEXEC_FILE_LOAD. However, on some > > archiectures KEXEC_FILE_LOAD is required when secure boot is > > enabled in

Re: [PATCH v4 5/5] kexec: document -s, -c and -a options.

2018-03-14 Thread Michal Suchánek

On Wed, 14 Mar 2018 11:41:30 +0800 Dave Young wrote: > On 03/06/18 at 02:15pm, Michal Suchanek wrote: > > Signed-off-by: Michal Suchanek > > --- > > kexec/kexec.8 | 15 +++ > > 1 file changed, 15 insertions(+) > > > > diff --git

Re: [PATCH v4 4/5] kexec: add option to fall back to KEXEC_LOAD when KEXEC_FILE_LOAD is not supported.

2018-03-14 Thread Michal Suchánek

On Wed, 14 Mar 2018 11:22:40 +0800 Dave Young wrote: > On 03/06/18 at 02:15pm, Michal Suchanek wrote: > > Not all architectures implement KEXEC_FILE_LOAD. However, on some > > archiectures KEXEC_FILE_LOAD is required when secure boot is > > enabled in locked-down mode.

Re: [PATCH v4 2/5] kexec: do not special-case the -s option

2018-03-15 Thread Michal Suchánek

On Thu, 15 Mar 2018 11:38:30 +0100 Simon Horman wrote: > On Tue, Mar 06, 2018 at 02:15:53PM +0100, Michal Suchanek wrote: > > It is parsed separately to save a few CPU cycles when setting up > > other options but it just complicates the code. So fold it back and > > set up

Re: [PATCH v4 5/5] kexec: document -s, -c and -a options.

2018-03-15 Thread Michal Suchánek

On Wed, 14 Mar 2018 11:43:55 +0800 Dave Young wrote: > On 03/06/18 at 02:15pm, Michal Suchanek wrote: > > Signed-off-by: Michal Suchanek > > --- > > kexec/kexec.8 | 15 +++ > > 1 file changed, 15 insertions(+) > > > > diff --git

Re: [PATCH v4 5/5] kexec: document -s, -c and -a options.

2018-03-15 Thread Michal Suchánek

On Wed, 14 Mar 2018 15:50:31 +0800 Dave Young <dyo...@redhat.com> wrote: > On 03/14/18 at 08:25am, Michal Suchánek wrote: > > On Wed, 14 Mar 2018 11:41:30 +0800 > > Dave Young <dyo...@redhat.com> wrote: > > > > > On 03/06/18 at 02:15pm, Michal Sucha

kexec --status not supported with kexec_file_load syscall

2018-04-13 Thread Michal Suchánek

Hello, while looking at the code I noticed --status always uses kexec_load. So with kernels that implement only kexec_file_load this option will not work. It has been pointed out that this configuration is possible to select in Kconfig. Thanks Michal

Re: [PATCH v5 4/5] kexec: Add option to fall back to KEXEC_LOAD when KEXEC_FILE_LOAD is not supported

2018-03-27 Thread Michal Suchánek

On Tue, 27 Mar 2018 18:06:19 +0800 Dave Young <dyo...@redhat.com> wrote: > On 03/26/18 at 07:38pm, Michal Suchánek wrote: > > On Mon, 26 Mar 2018 17:12:10 +0800 > > Dave Young <dyo...@redhat.com> wrote: > > > > > On 03/26/18 at 05:08pm, Dave You

Re: [PATCH v5 4/5] kexec: Add option to fall back to KEXEC_LOAD when KEXEC_FILE_LOAD is not supported

2018-03-26 Thread Michal Suchánek

On Mon, 26 Mar 2018 17:12:10 +0800 Dave Young wrote: > On 03/26/18 at 05:08pm, Dave Young wrote: > > On 03/20/18 at 04:56pm, Michal Suchanek wrote: > > > Not all architectures implement KEXEC_FILE_LOAD. However, on some > > > archiectures KEXEC_FILE_LOAD is required when

Re: [PATCH v5 4/5] kexec: Add option to fall back to KEXEC_LOAD when KEXEC_FILE_LOAD is not supported

2018-03-26 Thread Michal Suchánek

On Mon, 26 Mar 2018 15:52:39 -0300 Thiago Jung Bauermann <bauer...@linux.vnet.ibm.com> wrote: > Michal Suchánek <msucha...@suse.de> writes: > > > On Mon, 26 Mar 2018 17:12:10 +0800 > > Dave Young <dyo...@redhat.com> wrote: > > > >> On 03/26/18

Re: [PATCH v5 1/5] kexec: Return -ENOSYS when kexec does not know how to call KEXEC_FILE_LOAD

2018-03-26 Thread Michal Suchánek

On Mon, 26 Mar 2018 15:53:24 +0800 Dave Young wrote: > Hi Simon > On 03/26/18 at 09:25am, Simon Horman wrote: > > Hi Michal, thanks for the updated patches. > > > > Dave, are you planning to review this series? > > > > I have same concern as I commented in last versioni,

Re: [PATCH v4 5/5] kexec: document -s, -c and -a options.

2018-03-16 Thread Michal Suchánek

On Fri, 16 Mar 2018 14:51:14 +0800 Dave Young <dyo...@redhat.com> wrote: > On 03/15/18 at 12:44pm, Michal Suchánek wrote: > > On Wed, 14 Mar 2018 15:50:31 +0800 > > Dave Young <dyo...@redhat.com> wrote: > > > > > On 03/14/18 at 08:25am, Michal Suchán

Re: [PATCH v4 2/5] kexec: do not special-case the -s option

2018-03-16 Thread Michal Suchánek

On Fri, 16 Mar 2018 12:20:25 +0100 Simon Horman <ho...@verge.net.au> wrote: > On Thu, Mar 15, 2018 at 12:13:18PM +0100, Michal Suchánek wrote: > > On Thu, 15 Mar 2018 11:38:30 +0100 > > Simon Horman <ho...@verge.net.au> wrote: > > > > > &g

Re: [PATCH v4 4/5] kexec: add option to fall back to KEXEC_LOAD when KEXEC_FILE_LOAD is not supported.

2018-03-16 Thread Michal Suchánek

On Fri, 16 Mar 2018 14:45:02 +0800 Dave Young <dyo...@redhat.com> wrote: > On 03/15/18 at 12:06pm, Michal Suchánek wrote: > > On Wed, 14 Mar 2018 11:21:59 +0800 > > Dave Young <dyo...@redhat.com> wrote: > > > > > It looks to me it is enough only c

Re: [PATCH 4/5] kexec: fallback to KEXEC_LOAD when KEXEC_FILE_LOAD is not supported.

2018-03-05 Thread Michal Suchánek

On Fri, 2 Mar 2018 17:17:06 +0800 Dave Young wrote: > On 02/26/18 at 01:00pm, Michal Suchanek wrote: > > Not all architectures implement KEXEC_FILE_LOAD. However, on some > > archiectures KEXEC_FILE_LOAD is required when secure boot is > > enabled in locked-down mode.

Re: [PATCH] kexec: do KEXEC_FILE_LOAD and fallback to KEXEC_LOAD if not supported.

2018-02-27 Thread Michal Suchánek

> > > > > > > On 02/26/18 at 01:08pm, Michal Suchánek wrote: > > > > > On Mon, 26 Feb 2018 09:45:15 +0800 > > > > > Dave Young <dyo...@redhat.com> wrote: > > > > > > > > > > > On 02/24/18 at 05:

Re: [PATCH 4/5] kexec: fallback to KEXEC_LOAD when KEXEC_FILE_LOAD is not supported.

2018-02-28 Thread Michal Suchánek

On Mon, 26 Feb 2018 13:00:37 +0100 Michal Suchanek wrote: > Not all architectures implement KEXEC_FILE_LOAD. However, on some > archiectures KEXEC_FILE_LOAD is required when secure boot is enabled > in locked-down mode. Previously users had to select the > KEXEC_FILE_LOAD

Re: [PATCH v3 4/5] kexec: fallback to KEXEC_LOAD when KEXEC_FILE_LOAD is not supported.

2018-03-02 Thread Michal Suchánek

On Fri, 2 Mar 2018 14:33:02 +0100 Michal Suchanek wrote: > Not all architectures implement KEXEC_FILE_LOAD. However, on some > archiectures KEXEC_FILE_LOAD is required when secure boot is enabled > in locked-down mode. Previously users had to select the > KEXEC_FILE_LOAD

Re: [PATCH 4/5] kexec: fallback to KEXEC_LOAD when KEXEC_FILE_LOAD is not supported.

2018-03-02 Thread Michal Suchánek

On Fri, 2 Mar 2018 13:46:10 +0100 Simon Horman <ho...@verge.net.au> wrote: > On Fri, Mar 02, 2018 at 01:32:52PM +0100, Michal Suchánek wrote: > > On Fri, 2 Mar 2018 17:24:19 +0800 > > Dave Young <dyo...@redhat.com> wrote: > > > > > On

Re: [PATCH 2/5] kexec: do not special-case the -s option

2018-03-02 Thread Michal Suchánek

On Fri, 2 Mar 2018 13:36:16 +0100 Simon Horman wrote: > On Mon, Feb 26, 2018 at 01:00:35PM +0100, Michal Suchanek wrote: > > It is parsed separately to save a few CPU cycles when setting up > > other options but it just complicates the code. So fold it back and > > set up all

Re: [PATCH 1/5] kexec: Return -ENOSYS when kexec does not know how to call KEXEC_FILE_LOAD

2018-03-02 Thread Michal Suchánek

On Fri, 2 Mar 2018 13:34:45 +0100 Simon Horman wrote: > On Mon, Feb 26, 2018 at 01:00:34PM +0100, Michal Suchanek wrote: > > When the kernel does not know a syscall number it returns -ENOSYS > > but when kexec does not know a syscall number it returns -1. Return > > -ENOSYS

Re: [PATCH makedumpfile] Align PMD_SECTION_MASK with PHYS_MASK

2020-03-17 Thread Michal Suchánek

On Tue, Mar 17, 2020 at 02:14:22PM +, HAGIO KAZUHITO(萩尾一仁) wrote: > Hi Michal, > > Thank you for the patch. > > > -Original Message- > > Reportedly on some arm64 systems makedumpfile loops forever exhausting > > all memory when filtering kernel core. It turns out the reason is it >

Re: [PATCH makedumpfile] Align PMD_SECTION_MASK with PHYS_MASK

2020-03-17 Thread Michal Suchánek

On Wed, Mar 18, 2020 at 01:49:05AM +0530, Bhupesh Sharma wrote: > On Wed, Mar 18, 2020 at 1:05 AM Michal Suchánek wrote: > > > > On Tue, Mar 17, 2020 at 02:14:22PM +, HAGIO KAZUHITO(萩尾一仁) wrote: > > > Hi Michal, > > > > > > Thank you for the

Re: [PATCHv5 2/2] powerpc/pseries: update device tree before ejecting hotplug uevents

2021-04-15 Thread Michal Suchánek

Hello, On Wed, Apr 14, 2021 at 11:08:19AM +0800, Pingfan Liu wrote: > On Sat, Apr 10, 2021 at 12:33 AM Michal Suchánek wrote: > > > > Hello, > > > > On Fri, Aug 28, 2020 at 04:10:09PM +0800, Pingfan Liu wrote: > > > On Thu, Aug 27, 2020 at 3:53 PM Laurent Dufo

Re: [PATCHv5 2/2] powerpc/pseries: update device tree before ejecting hotplug uevents

2021-04-09 Thread Michal Suchánek

Hello, On Fri, Aug 28, 2020 at 04:10:09PM +0800, Pingfan Liu wrote: > On Thu, Aug 27, 2020 at 3:53 PM Laurent Dufour wrote: > > > > Le 10/08/2020 à 10:52, Pingfan Liu a écrit : > > > A bug is observed on pseries by taking the following steps on rhel: > > > -1. drmgr -c mem -r -q 5 > > > -2. echo

Re: [PATCH v2 0/6] KEXEC_SIG with appended signature

2021-12-01 Thread Michal Suchánek

Hello, On Wed, Dec 01, 2021 at 10:37:47AM +0800, Baoquan He wrote: > Hi, > > On 11/25/21 at 07:02pm, Michal Suchanek wrote: > > Hello, > > > > This is resend of the KEXEC_SIG patchset. > > > > The first patch is new because it'a a cleanup that does not require any > > change to the module

Re: [PATCH v2 0/6] KEXEC_SIG with appended signature

2021-12-09 Thread Michal Suchánek

Hello, On Wed, Dec 08, 2021 at 08:50:54PM -0500, Nayna wrote: > > On 11/25/21 13:02, Michal Suchanek wrote: > > Hello, > > Hi Michael, > > > > > This is resend of the KEXEC_SIG patchset. > > > > The first patch is new because it'a a cleanup that does not require any > > change to the module

Re: [PATCH v2 0/6] KEXEC_SIG with appended signature

2021-12-07 Thread Michal Suchánek

On Tue, Dec 07, 2021 at 05:10:14PM +0100, Philipp Rudo wrote: > Hi Michal, > > i finally had the time to take a closer look at the series. Except for > the nit in patch 4 and my personal preference in patch 6 the code looks > good to me. > > What I don't like are the commit messages on the first

Re: [PATCH v2 6/6] module: Move duplicate mod_check_sig users code to mod_parse_sig

2021-12-13 Thread Michal Suchánek

Hello, On Tue, Dec 07, 2021 at 05:10:34PM +0100, Philipp Rudo wrote: > Hi Michal, > > On Thu, 25 Nov 2021 19:02:44 +0100 > Michal Suchanek wrote: > > > Multiple users of mod_check_sig check for the marker, then call > > mod_check_sig, extract signature length, and remove the signature. > > >

Re: [PATCH v2 2/6] powerpc/kexec_file: Add KEXEC_SIG support.

2021-12-13 Thread Michal Suchánek

Hello, On Sun, Dec 12, 2021 at 07:46:53PM -0500, Nayna wrote: > > On 11/25/21 13:02, Michal Suchanek wrote: > > Copy the code from s390x > > > > Signed-off-by: Michal Suchanek > > --- > > arch/powerpc/Kconfig| 11 +++ > > arch/powerpc/kexec/elf_64.c | 36

Re: [PATCH v2 2/6] powerpc/kexec_file: Add KEXEC_SIG support.

2021-12-09 Thread Michal Suchánek

Hello, On Wed, Dec 08, 2021 at 08:51:47PM -0500, Nayna wrote: > > On 11/25/21 13:02, Michal Suchanek wrote: > > Copy the code from s390x > > > > Signed-off-by: Michal Suchanek > > --- > > arch/powerpc/Kconfig| 11 +++ > > arch/powerpc/kexec/elf_64.c | 36

Re: [PATCH v5 2/6] powerpc/kexec_file: Add KEXEC_SIG support.

2022-02-14 Thread Michal Suchánek

Hello, On Mon, Feb 14, 2022 at 10:14:16AM -0500, Mimi Zohar wrote: > Hi Michal, > > On Sun, 2022-02-13 at 21:59 -0500, Mimi Zohar wrote: > > > > > On Tue, 2022-01-11 at 12:37 +0100, Michal Suchanek wrote: > > > diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig > > > index

Re: [PATCH v5 3/6] kexec_file: Don't opencode appended signature verification.

2022-02-03 Thread Michal Suchánek

Hello, thanks for the review. On Tue, Jan 25, 2022 at 12:15:56PM -0800, Luis Chamberlain wrote: > On Tue, Jan 11, 2022 at 12:37:45PM +0100, Michal Suchanek wrote: > > diff --git a/include/linux/verification.h b/include/linux/verification.h > > index a655923335ae..32db9287a7b0 100644 > > ---

Re: [PATCH v5 2/6] powerpc/kexec_file: Add KEXEC_SIG support.

2022-02-09 Thread Michal Suchánek

Hello, On Wed, Feb 09, 2022 at 07:44:15AM +0100, Paul Menzel wrote: > Dear Michal, > > > Thank you for the patch. > > > Am 11.01.22 um 12:37 schrieb Michal Suchanek: > > Could you please remove the dot/period at the end of the git commit message > summary? Sure > > Copy the code from s390x

Re: [PATCH v5 0/3] use more system keyrings to verify arm64 kdump kernel image signature

2022-04-11 Thread Michal Suchánek

On Mon, Apr 11, 2022 at 09:52:18AM +0800, Coiby Xu wrote: > On Mon, Apr 11, 2022 at 09:13:32AM +0800, Baoquan He wrote: > > On 04/08/22 at 10:59am, Michal Suchánek wrote: > > > On Fri, Apr 08, 2022 at 03:17:19PM +0800, Baoquan He wrote: > > > > Hi Coiby, > >

Re: [PATCH v5 2/3] kexec, KEYS: make the code in bzImage64_verify_sig generic

2022-04-11 Thread Michal Suchánek

On Fri, Apr 01, 2022 at 09:31:17AM +0800, Coiby Xu wrote: > The code in bzImage64_verify_sig could make use of system keyrings s/could make/makes/ > including .buitin_trusted_keys, .secondary_trusted_keys and .platform > keyring to verify signed kernel image as PE file. Make it generic so > both

Re: [PATCH v5 1/3] kexec: clean up arch_kexec_kernel_verify_sig

2022-04-11 Thread Michal Suchánek

On Fri, Apr 01, 2022 at 09:31:16AM +0800, Coiby Xu wrote: > Currently there is no arch-specific implementation of > arch_kexec_kernel_verify_sig. Even if we want to add an implementation > for an architecture in the future, we can simply use "(struct > kexec_file_ops*)->verify_sig". So clean it

Re: [PATCH v5 3/3] arm64: kexec_file: use more system keyrings to verify kernel image signature

2022-04-11 Thread Michal Suchánek

On Fri, Apr 01, 2022 at 09:31:18AM +0800, Coiby Xu wrote: > Currently, a problem faced by arm64 is if a kernel image is signed by a > MOK key, loading it via the kexec_file_load() system call would be > rejected with the error "Lockdown: kexec: kexec of unsigned images is > restricted; see man

Re: [PATCH v5 0/3] use more system keyrings to verify arm64 kdump kernel image signature

2022-04-08 Thread Michal Suchánek

On Fri, Apr 08, 2022 at 03:17:19PM +0800, Baoquan He wrote: > Hi Coiby, > > On 04/01/22 at 09:31am, Coiby Xu wrote: > > Currently, a problem faced by arm64 is if a kernel image is signed by a > > MOK key, loading it via the kexec_file_load() system call would be > > rejected with the error

Re: [PATCH 0/4] Unifrom keyring support across architectures and functions

2022-04-08 Thread Michal Suchánek

On Fri, Apr 08, 2022 at 03:47:04PM +0800, Coiby Xu wrote: > Hi Michal, > > As mentioned by Baoquan, I have a patch set "[PATCH v5 0/3] use more > system keyrings to verify arm64 kdump kernel image signature" [1]. The > differences between your patch set and mine are as follows, - my patch set >

Re: [PATCH v8 4/4] kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification

2022-05-19 Thread Michal Suchánek

On Thu, May 19, 2022 at 10:22:15PM +0800, Baoquan He wrote: > On 05/19/22 at 07:56am, Mimi Zohar wrote: > > [Cc'ing Jarkko, linux-integrity] > > > > On Thu, 2022-05-19 at 08:39 +0800, Baoquan He wrote: > > > On 05/18/22 at 01:29pm, Heiko Carstens wrote: > > > > On Thu, May 12, 2022 at 03:01:23PM

Re: [PATCH v8 3/4] arm64: kexec_file: use more system keyrings to verify kernel image signature

2022-06-17 Thread Michal Suchánek

Hello, On Thu, Jun 09, 2022 at 07:15:27PM -0400, Mimi Zohar wrote: > On Thu, 2022-05-12 at 15:01 +0800, Coiby Xu wrote: > > Currently, a problem faced by arm64 is if a kernel image is signed by a > > MOK key, loading it via the kexec_file_load() system call would be > > rejected with the error

Re: [PATCH 5.15 0/6] arm64: kexec_file: use more system keyrings to verify kernel image signature + dependencies

2022-09-27 Thread Michal Suchánek

On Tue, Sep 27, 2022 at 11:39:52AM +0900, AKASHI Takahiro wrote: > On Mon, Sep 26, 2022 at 09:40:25AM +0200, Michal Such??nek wrote: > > On Mon, Sep 26, 2022 at 08:47:32AM +0200, Greg Kroah-Hartman wrote: > > > On Sat, Sep 24, 2022 at 01:55:23PM +0200, Michal Suchánek wrote: >

Re: [PATCH 5.15 0/6] arm64: kexec_file: use more system keyrings to verify kernel image signature + dependencies

2022-09-26 Thread Michal Suchánek

On Mon, Sep 26, 2022 at 08:47:32AM +0200, Greg Kroah-Hartman wrote: > On Sat, Sep 24, 2022 at 01:55:23PM +0200, Michal Suchánek wrote: > > On Sat, Sep 24, 2022 at 12:13:34PM +0200, Greg Kroah-Hartman wrote: > > > On Sat, Sep 24, 2022 at 11:45:21AM +0200, Michal Suchánek wrote: &

Re: [PATCH 5.15 0/6] arm64: kexec_file: use more system keyrings to verify kernel image signature + dependencies

2022-09-23 Thread Michal Suchánek

Hello, On Fri, Sep 23, 2022 at 03:03:36PM -0400, Mimi Zohar wrote: > On Fri, 2022-09-23 at 19:10 +0200, Michal Suchanek wrote: > > Hello, > > > > this is backport of commit 0d519cadf751 > > ("arm64: kexec_file: use more system keyrings to verify kernel image > > signature") > > to table 5.15

Re: [PATCH 5.15 0/6] arm64: kexec_file: use more system keyrings to verify kernel image signature + dependencies

2022-09-24 Thread Michal Suchánek

On Sat, Sep 24, 2022 at 12:13:34PM +0200, Greg Kroah-Hartman wrote: > On Sat, Sep 24, 2022 at 11:45:21AM +0200, Michal Suchánek wrote: > > On Sat, Sep 24, 2022 at 11:19:19AM +0200, Greg Kroah-Hartman wrote: > > > On Fri, Sep 23, 2022 at 07:10:28PM +0200, Michal Suchanek wr

Re: [PATCH 5.15 0/6] arm64: kexec_file: use more system keyrings to verify kernel image signature + dependencies

2022-09-24 Thread Michal Suchánek

On Sat, Sep 24, 2022 at 11:19:19AM +0200, Greg Kroah-Hartman wrote: > On Fri, Sep 23, 2022 at 07:10:28PM +0200, Michal Suchanek wrote: > > Hello, > > > > this is backport of commit 0d519cadf751 > > ("arm64: kexec_file: use more system keyrings to verify kernel image > > signature") > > to table

Re: [PATCH 5.15 0/6] arm64: kexec_file: use more system keyrings to verify kernel image signature + dependencies

2022-09-24 Thread Michal Suchánek

On Fri, Sep 23, 2022 at 09:16:50PM +0200, Michal Suchánek wrote: > Hello, > > On Fri, Sep 23, 2022 at 03:03:36PM -0400, Mimi Zohar wrote: > > On Fri, 2022-09-23 at 19:10 +0200, Michal Suchanek wrote: > > > Hello, > > > > > > this is backport of commit 0

50 matches

Mail list logo