Re: [PATCH 1/5] PM / hibernate: Create snapshot keys handler

2018-10-08 Thread joeyli
Hi Any, Jann, On Wed, Oct 03, 2018 at 03:08:12PM -0700, Andy Lutomirski wrote: > On Tue, Oct 2, 2018 at 12:36 PM Jann Horn wrote: > > > > +Andy for opinions on things in write handlers > > +Mimi Zohar as EVM maintainer > > > > On Tue, Oct 2, 2018 at 9:55 AM jo

Re: [PATCH 1/5] PM / hibernate: Create snapshot keys handler

2018-10-02 Thread joeyli
Hi Jann, Thanks for your review and very sorry for my delay! On Thu, Sep 13, 2018 at 04:31:18PM +0200, Jann Horn wrote: > +cc keyrings list > > On Thu, Sep 13, 2018 at 4:08 PM Lee, Chun-Yi wrote: > > This patch adds a snapshot keys handler for using the key retention > > service api to create

Re: [PATCH 1/5] PM / hibernate: Create snapshot keys handler

2018-10-01 Thread joeyli
Hi Yu Chen, Thanks for your review and very sorry for my delay! On Thu, Sep 13, 2018 at 09:58:32PM +0800, Yu Chen wrote: > On Wed, Sep 12, 2018 at 10:23:33PM +0800, Lee, Chun-Yi wrote: > > This patch adds a snapshot keys handler for using the key retention > > service api to create keys for

Re: [PATCH 1/5] PM / hibernate: Create snapshot keys handler

2018-09-13 Thread joeyli
Hi Randy, On Wed, Sep 12, 2018 at 09:27:27AM -0700, Randy Dunlap wrote: > Hi, > > On 9/12/18 7:23 AM, Lee, Chun-Yi wrote: > > diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig > > index 3a6c2f87699e..7c5c30149dbc 100644 > > --- a/kernel/power/Kconfig > > +++ b/kernel/power/Kconfig > > @@

Re: [PATCH 5/5] PM / hibernate: An option to request that snapshot image must be authenticated

2018-09-13 Thread joeyli
Hi Randy, On Wed, Sep 12, 2018 at 09:24:38AM -0700, Randy Dunlap wrote: > Hi, > > On 9/12/18 7:23 AM, Lee, Chun-Yi wrote: > > diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig > > index 7c5c30149dbc..3c998fd6dc4c 100644 > > --- a/kernel/power/Kconfig > > +++ b/kernel/power/Kconfig > > @@

Re: [PATCH] x86/PCI: Claim the resources of firmware enabled IOAPIC before children bus

2018-08-11 Thread joeyli
On Fri, Aug 10, 2018 at 08:58:37AM -0500, Bjorn Helgaas wrote: > On Fri, Aug 10, 2018 at 05:25:01PM +0800, joeyli wrote: > > On Wed, Aug 08, 2018 at 04:23:22PM -0500, Bjorn Helgaas wrote: > > ... [...snip] > > hm... I have another question that it may not relates to this iss

Re: [PATCH] x86/PCI: Claim the resources of firmware enabled IOAPIC before children bus

2018-08-10 Thread joeyli
On Wed, Aug 08, 2018 at 04:23:22PM -0500, Bjorn Helgaas wrote: > On Wed, Aug 08, 2018 at 11:53:18PM +0800, joeyli wrote: > > Hi Bjorn, > > > > First, thanks for your review! > > > > On Mon, Aug 06, 2018 at 04:48:07PM -0500, Bjorn Helgaas wrote: > > > On

Re: [PATCH v2] platform/x86: acer-wmi: refactor function has_cap

2018-08-08 Thread joeyli
Hi Gustavo, Sorry for my delay! On Mon, Aug 06, 2018 at 03:38:32PM -0500, Gustavo A. R. Silva wrote: > Refactor function has_cap in order to avoid returning integer > values, when instead it should return booleans. > > This code was detected with the help of Coccinelle. > > Signed-off-by:

Re: [PATCH] x86/PCI: Claim the resources of firmware enabled IOAPIC before children bus

2018-08-08 Thread joeyli
Hi Bjorn, First, thanks for your review! On Mon, Aug 06, 2018 at 04:48:07PM -0500, Bjorn Helgaas wrote: > On Tue, Jul 24, 2018 at 07:01:44PM +0800, Lee, Chun-Yi wrote: > > I got a machine that the resource of firmware enabled IOAPIC conflicts > > with the resource of a children bus when the PCI

Re: [PATCH 2/3][RFC] PM / Hibernate: Encrypt the snapshot pages before submitted to the block device

2018-07-18 Thread joeyli
On Fri, Jul 13, 2018 at 03:34:25PM +0800, Yu Chen wrote: > Hi, > On Thu, Jul 12, 2018 at 06:10:37PM +0800, joeyli wrote: > > Hi Yu Chen, > > > > Sorry for my delay... > > > > On Fri, Jul 06, 2018 at 11:28:56PM +0800, Yu Chen wrote: [...snip] > >

Re: [PATCH 2/3][RFC] PM / Hibernate: Encrypt the snapshot pages before submitted to the block device

2018-07-12 Thread joeyli
Hi Yu Chen, Sorry for my delay... On Fri, Jul 06, 2018 at 11:28:56PM +0800, Yu Chen wrote: > Hi Joey Lee, > On Fri, Jun 29, 2018 at 08:59:43PM +0800, joeyli wrote: > > On Thu, Jun 28, 2018 at 10:52:07PM +0800, Yu Chen wrote: > > > Hi, > > > On Thu, Jun 28, 2018 at

Re: [PATCH 0/3][RFC] Introduce the in-kernel hibernation encryption

2018-07-05 Thread joeyli
Hi Chen Yu, On Wed, Jun 20, 2018 at 05:39:37PM +0800, Chen Yu wrote: > Hi, > As security becomes more and more important, we add the in-kernel > encryption support for hibernation. > > This prototype is a trial version to implement the hibernation > encryption in the kernel, so that the users

Re: [PATCH 2/3][RFC] PM / Hibernate: Encrypt the snapshot pages before submitted to the block device

2018-06-29 Thread joeyli
On Thu, Jun 28, 2018 at 10:52:07PM +0800, Yu Chen wrote: > Hi, > On Thu, Jun 28, 2018 at 10:28:56PM +0800, joeyli wrote: > > On Thu, Jun 28, 2018 at 09:50:17PM +0800, Yu Chen wrote: > > > Hi, > > > On Thu, Jun 28, 2018 at 09:07:20PM +0800, joeyli wrote: > > >

Re: [PATCH 2/3][RFC] PM / Hibernate: Encrypt the snapshot pages before submitted to the block device

2018-06-28 Thread joeyli
On Thu, Jun 28, 2018 at 09:50:17PM +0800, Yu Chen wrote: > Hi, > On Thu, Jun 28, 2018 at 09:07:20PM +0800, joeyli wrote: > > Hi Chen Yu, > > > > On Wed, Jun 20, 2018 at 05:40:32PM +0800, Chen Yu wrote: > > > Use the helper functions introduced previously to e

Re: [PATCH 2/3][RFC] PM / Hibernate: Encrypt the snapshot pages before submitted to the block device

2018-06-28 Thread joeyli
en encrypted, and vice versa > for the resume process. > I want to suggest my solution that it direct signs/encrypts the memory snapshot image. This solution is already shipped with SLE12 a couple of years: https://github.com/joeyli/linux-s4sign/commits/s4sign-hmac-encrypted-key-v0.2-v4

Re: [PATCH 07/24] hibernate: Disable when the kernel is locked down

2018-05-23 Thread joeyli
n encryption and authentication: https://github.com/joeyli/linux-s4sign/wiki My plan is: - Hibernation encryption: There is a draft patch to encrypt image by ctr(aes). This patch works with the first version of hibernation verification: https://github.com/joeyli/linux-s4sign/commi

Re: [PATCH] efi: Fix the size not consistent issue when unmapping memory map

2018-05-04 Thread joeyli
Hi Ard, On Thu, May 03, 2018 at 02:05:51PM +0200, Ard Biesheuvel wrote: > On 2 May 2018 at 08:17, Lee, Chun-Yi wrote: > > When using kdump, SOMETIMES the "size not consistent" warning message > > shows up when the crash kernel boots with early_ioremap_debug parameter: >

Re: [PATCH] efi: Fix the size not consistent issue when unmapping memory map

2018-04-16 Thread joeyli
On Mon, Apr 16, 2018 at 06:35:22PM -0600, Randy Wright wrote: > On Mon, Apr 16, 2018 at 02:37:38PM +0800, joeyli wrote: > > Hi Randy, > > ... > > Randy, do you want to try Dave's kexec patch on your environment? Please > > remove > > my patch first. > >

Re: [PATCH] efi: Fix the size not consistent issue when unmapping memory map

2018-04-16 Thread joeyli
Hi Randy, On Mon, Apr 16, 2018 at 11:09:04AM +0800, Dave Young wrote: > On 04/16/18 at 10:57am, Dave Young wrote: > > On 04/13/18 at 02:27pm, Lee, Chun-Yi wrote: > > > When using kdump, SOMETIMES the "size not consistent" warning message > > > shows up when the crash kernel boots with

Re: [PATCH] efi: Fix the size not consistent issue when unmapping memory map

2018-04-16 Thread joeyli
On Mon, Apr 16, 2018 at 10:57:34AM +0800, Dave Young wrote: > On 04/13/18 at 02:27pm, Lee, Chun-Yi wrote: > > When using kdump, SOMETIMES the "size not consistent" warning message > > shows up when the crash kernel boots with early_ioremap_debug parameter: > > > > WARNING: CPU: 0 PID: 0 at

Re: [GIT PULL] Kernel lockdown for secure boot

2018-04-09 Thread joeyli
On Sun, Apr 08, 2018 at 08:40:10PM -0700, Alexei Starovoitov wrote: > On Sun, Apr 08, 2018 at 04:07:42PM +0800, joeyli wrote: > > > > > If the only thing that folks are paranoid about is reading > > > arbitrary kernel memory with bpf_probe_read() helper >

Re: [GIT PULL] Kernel lockdown for secure boot

2018-04-08 Thread joeyli
On Tue, Apr 03, 2018 at 07:34:25PM -0700, Alexei Starovoitov wrote: > On Tue, Apr 3, 2018 at 9:26 AM, Andy Lutomirski wrote: > > On Tue, Apr 3, 2018 at 8:41 AM, Alexei Starovoitov > > wrote: > >> On Tue, Apr 03, 2018 at 08:11:07AM -0700, Andy

Re: [GIT PULL] Kernel lockdown for secure boot

2018-04-08 Thread joeyli
and EVM. There have another idea is using a tree to register all sensitive data then blanking them when reading. Here is a very early developing version: https://github.com/joeyli/linux-sensitive_data/commits/sensitive-data-tree-v0.1-v4.15 But this approach causes runtime overhead and all sensiti

Re: An actual suggestion (Re: [GIT PULL] Kernel lockdown for secure boot)

2018-04-04 Thread joeyli
Hi David, On Wed, Apr 04, 2018 at 05:17:24PM +0100, David Howells wrote: > Andy Lutomirski wrote: > > > Since this thread has devolved horribly, I'm going to propose a solution. > > > > 1. Split the "lockdown" state into three levels: (please don't > > bikeshed about the

Re: An actual suggestion (Re: [GIT PULL] Kernel lockdown for secure boot)

2018-04-04 Thread joeyli
On Wed, Apr 04, 2018 at 11:19:27PM +0100, David Howells wrote: > Jann Horn wrote: > > > > Uh, no. bpf, for example, can be used to modify kernel memory. > > > > I'm pretty sure bpf isn't supposed to be able to modify arbitrary > > kernel memory. AFAIU if you can use BPF to

Re: An actual suggestion (Re: [GIT PULL] Kernel lockdown for secure boot)

2018-04-04 Thread joeyli
Hi Andy, On Wed, Apr 04, 2018 at 07:49:12AM -0700, Andy Lutomirski wrote: > Since this thread has devolved horribly, I'm going to propose a solution. ... > 6. There's a way to *decrease* the lockdown level below the configured > value. (This ability itself may be gated by a config option.) >

Re: [PATCH 0/9] KEYS: Blacklisting & UEFI database load

2018-03-27 Thread joeyli
Hi Mimi, On Mon, Mar 19, 2018 at 10:12:03AM -0400, Mimi Zohar wrote: > On Sun, 2018-03-11 at 11:20 +0800, joeyli wrote: > > On Wed, Mar 07, 2018 at 07:28:37AM -0800, James Bottomley wrote: > > > On Wed, 2018-03-07 at 08:18 -0500, Mimi Zohar wrote: > > > > On Tue, 2

Re: [PATCH] ACPI / scan: Send the change uevent with offine environmental data

2018-03-19 Thread joeyli
Hi Rafael, On Mon, Mar 19, 2018 at 11:02:32AM +0100, Rafael J. Wysocki wrote: > On Friday, March 2, 2018 7:35:08 AM CET Lee, Chun-Yi wrote: > > In current design of ACPI container offline, Kernel emits > > KOBJ_CHANGE uevent to user space to indidate that the ejection of > > the container was

Re: [PATCH 4/5] MODSIGN: checking the blacklisted hash before loading a kernel module

2018-03-16 Thread joeyli
On Thu, Mar 15, 2018 at 07:30:26AM -0700, James Bottomley wrote: > On Thu, 2018-03-15 at 14:16 +0800, joeyli wrote: > > On Wed, Mar 14, 2018 at 07:19:25AM -0700, James Bottomley wrote: > > > > > > On Wed, 2018-03-14 at 14:08 +0800, joeyli wrote: > > > > >

Re: [PATCH 4/5] MODSIGN: checking the blacklisted hash before loading a kernel module

2018-03-15 Thread joeyli
On Wed, Mar 14, 2018 at 07:19:25AM -0700, James Bottomley wrote: > On Wed, 2018-03-14 at 14:08 +0800, joeyli wrote: > > On Tue, Mar 13, 2018 at 10:18:35AM -0700, James Bottomley wrote: > > > > > > On Tue, 2018-03-13 at 18:38 +0800, Lee, Chun-Yi wrote: > > >

Re: [PATCH 1/5] MODSIGN: do not load mok when secure boot disabled

2018-03-14 Thread joeyli
Hi Ard, First! Thanks for your review! On Tue, Mar 13, 2018 at 05:25:30PM +, Ard Biesheuvel wrote: > On 13 March 2018 at 10:37, Lee, Chun-Yi wrote: > > The mok can not be trusted when the secure boot is disabled. Which > > means that the kernel embedded certificate

Re: [PATCH 4/5] MODSIGN: checking the blacklisted hash before loading a kernel module

2018-03-14 Thread joeyli
On Tue, Mar 13, 2018 at 10:18:35AM -0700, James Bottomley wrote: > On Tue, 2018-03-13 at 18:38 +0800, Lee, Chun-Yi wrote: > > This patch adds the logic for checking the kernel module's hash > > base on blacklist. The hash must be generated by sha256 and enrolled > > to dbx/mokx. > > > > For

Re: [PATCH 2/5] MODSIGN: print appropriate status message when getting UEFI certificates list

2018-03-13 Thread joeyli
Hi James, Thanks for your review. On Tue, Mar 13, 2018 at 10:17:50AM -0700, James Bottomley wrote: > On Tue, 2018-03-13 at 18:35 +0800, Lee, Chun-Yi wrote: > > When getting certificates list from UEFI variable, the original error > > message shows the state number from UEFI firmware. It's hard

Re: [PATCH 0/9] KEYS: Blacklisting & UEFI database load

2018-03-10 Thread joeyli
On Wed, Mar 07, 2018 at 07:28:37AM -0800, James Bottomley wrote: > On Wed, 2018-03-07 at 08:18 -0500, Mimi Zohar wrote: > > On Tue, 2018-03-06 at 15:05 +0100, Jiri Slaby wrote: > > > what's the status of this please? Distributors (I checked SUSE, > > > RedHat and Ubuntu) have to carry these

Re: [PATCH] ACPI / scan: Send the change uevent with offine environmental data

2018-03-02 Thread joeyli
On Fri, Mar 02, 2018 at 03:00:59PM +0100, Michal Hocko wrote: > On Fri 02-03-18 14:35:08, Lee, Chun-Yi wrote: > > In current design of ACPI container offline, Kernel emits > > KOBJ_CHANGE uevent to user space to indidate that the ejection of > > the container was triggered by platform. (caa73ea15

Re: [PATCH 1/4] MODSIGN: do not load mok when secure boot disabled

2017-11-30 Thread joeyli
Hi James, First, thank you for reviewing and comment! On Thu, Nov 30, 2017 at 07:51:03AM -0800, James Bottomley wrote: > On Wed, 2017-11-29 at 22:11 +0800, Lee, Chun-Yi wrote: > > The mok can not be trusted when the secure boot is disabled. Which > > means that the kernel embedded certificate

Re: [PATCH v2 2/5] mm: memory_hotplug: Remove assumption on memory state before hotremove

2017-11-28 Thread joeyli
On Wed, Nov 29, 2017 at 08:49:13AM +0800, joeyli wrote: > Hi Andrea, > > On Fri, Nov 24, 2017 at 10:22:35AM +, Andrea Reale wrote: > > Resending the patch adding linux-acpi in CC, as suggested by Rafael. > > Everyone else: apologies for the noise. > > >

Re: [PATCH v2 2/5] mm: memory_hotplug: Remove assumption on memory state before hotremove

2017-11-28 Thread joeyli
On Fri, Nov 24, 2017 at 07:17:41PM +0100, Michal Hocko wrote: > On Fri 24-11-17 15:54:59, Andrea Reale wrote: > > On Fri 24 Nov 2017, 16:43, Michal Hocko wrote: > > > On Fri 24-11-17 14:49:17, Andrea Reale wrote: > > > > Hi Rafael, > > > > > > > > On Fri 24 Nov 2017, 15:39, Rafael J. Wysocki

Re: [PATCH v2 2/5] mm: memory_hotplug: Remove assumption on memory state before hotremove

2017-11-28 Thread joeyli
Hi Andrea, On Fri, Nov 24, 2017 at 10:22:35AM +, Andrea Reale wrote: > Resending the patch adding linux-acpi in CC, as suggested by Rafael. > Everyone else: apologies for the noise. > > Commit 242831eb15a0 ("Memory hotplug / ACPI: Simplify memory removal") > introduced an assumption whereas

Re: [PATCH 07/27] kexec_file: Disable at runtime if securelevel has been set

2017-10-28 Thread joeyli
On Fri, Oct 27, 2017 at 03:32:26PM -0400, Mimi Zohar wrote: > On Thu, 2017-10-26 at 10:17 -0400, Mimi Zohar wrote: > > On Thu, 2017-10-26 at 15:42 +0800, joeyli wrote: > > > Hi Mimi, > > > > > > Thank you for reviewing. > > > > > > On M

Re: [PATCH 07/27] kexec_file: Disable at runtime if securelevel has been set

2017-10-26 Thread joeyli
Hi Mimi, Thank you for reviewing. On Mon, Oct 23, 2017 at 11:54:43AM -0400, Mimi Zohar wrote: > On Thu, 2017-10-19 at 15:51 +0100, David Howells wrote: > > From: Chun-Yi Lee > > > > When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image > > through

Re: [PATCH 12/27] x86/msr: Restrict MSR access when the kernel is locked down

2017-10-25 Thread joeyli
Hi David, On Mon, Oct 23, 2017 at 03:49:44PM +0100, David Howells wrote: > Alan Cox wrote: > > > There are a load of standard tools that use this so I think you are going > > to need a whitelist. Can you at least log *which* MSR in the failing case > > so a

Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down

2017-10-25 Thread joeyli
On Mon, Oct 23, 2017 at 03:53:00PM +0100, David Howells wrote: > j...@suse.com wrote: > > > hm... patch 4 only prevents write_mem() but not read_mem(). > > Or I missed anything? > > Actually, yes, as it happens, patch 11 prevents you from even opening /dev/mem > and /dev/kmem by locking down

Re: [PATCH 12/27] x86/msr: Restrict MSR access when the kernel is locked down

2017-10-20 Thread joeyli
On Fri, Oct 20, 2017 at 09:48:16PM +0100, David Howells wrote: > Alan Cox wrote: > > > There are a load of standard tools that use this so I think you are going > > to need a whitelist. Can you at least log *which* MSR in the failing case > > so a whitelist can be

Re: [PATCH 17/27] acpi: Disable APEI error injection if the kernel is locked down

2017-10-20 Thread joeyli
On Thu, Oct 19, 2017 at 03:52:41PM +0100, David Howells wrote: > From: Linn Crosetto > > ACPI provides an error injection mechanism, EINJ, for debugging and testing > the ACPI Platform Error Interface (APEI) and other RAS features. If > supported by the firmware, ACPI

Re: [PATCH 16/27] acpi: Disable ACPI table override if the kernel is locked down

2017-10-20 Thread joeyli
On Thu, Oct 19, 2017 at 03:52:34PM +0100, David Howells wrote: > From: Linn Crosetto > > >From the kernel documentation (initrd_table_override.txt): > > If the ACPI_INITRD_TABLE_OVERRIDE compile option is true, it is possible > to override nearly any ACPI table provided by the

Re: [PATCH 15/27] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down

2017-10-20 Thread joeyli
On Thu, Oct 19, 2017 at 03:52:27PM +0100, David Howells wrote: > From: Josh Boyer > > This option allows userspace to pass the RSDP address to the kernel, which > makes it possible for a user to modify the workings of hardware . Reject > the option when the kernel is locked

Re: [PATCH 14/27] ACPI: Limit access to custom_method when the kernel is locked down

2017-10-20 Thread joeyli
On Thu, Oct 19, 2017 at 03:52:19PM +0100, David Howells wrote: > From: Matthew Garrett > > custom_method effectively allows arbitrary access to system memory, making > it possible for an attacker to circumvent restrictions on module loading. > Disable it if the kernel

Re: [PATCH 13/27] asus-wmi: Restrict debugfs interface when the kernel is locked down

2017-10-20 Thread joeyli
On Thu, Oct 19, 2017 at 03:52:11PM +0100, David Howells wrote: > From: Matthew Garrett > > We have no way of validating what all of the Asus WMI methods do on a given > machine - and there's a risk that some will allow hardware state to be > manipulated in such a way

Re: [PATCH 12/27] x86/msr: Restrict MSR access when the kernel is locked down

2017-10-20 Thread joeyli
On Thu, Oct 19, 2017 at 03:52:04PM +0100, David Howells wrote: > From: Matthew Garrett > > Writing to MSRs should not be allowed if the kernel is locked down, since > it could lead to execution of arbitrary code in kernel mode. Based on a > patch by Kees Cook. > >

Re: [PATCH 11/27] x86: Lock down IO port access when the kernel is locked down

2017-10-20 Thread joeyli
On Thu, Oct 19, 2017 at 03:51:56PM +0100, David Howells wrote: > From: Matthew Garrett > > IO port access would permit users to gain access to PCI configuration > registers, which in turn (on a lot of hardware) give access to MMIO > register space. This would

Re: [PATCH 10/27] PCI: Lock down BAR access when the kernel is locked down

2017-10-20 Thread joeyli
On Thu, Oct 19, 2017 at 03:51:49PM +0100, David Howells wrote: > From: Matthew Garrett > > Any hardware that can potentially generate DMA has to be locked down in > order to avoid it being possible for an attacker to modify kernel code, > allowing them to circumvent

Re: [PATCH 09/27] uswsusp: Disable when the kernel is locked down

2017-10-20 Thread joeyli
On Thu, Oct 19, 2017 at 03:51:42PM +0100, David Howells wrote: > From: Matthew Garrett > > uswsusp allows a user process to dump and then restore kernel state, which > makes it possible to modify the running kernel. Disable this if the kernel > is locked down. > >

Re: [PATCH 08/27] hibernate: Disable when the kernel is locked down

2017-10-20 Thread joeyli
On Thu, Oct 19, 2017 at 03:51:34PM +0100, David Howells wrote: > From: Josh Boyer > > There is currently no way to verify the resume image when returning > from hibernate. This might compromise the signed modules trust model, > so until we can work with signed

Re: [PATCH 06/27] Copy secure_boot flag in boot params across kexec reboot

2017-10-20 Thread joeyli
On Thu, Oct 19, 2017 at 03:51:20PM +0100, David Howells wrote: > From: Dave Young > > Kexec reboot in case secure boot being enabled does not keep the secure > boot mode in new kernel, so later one can load unsigned kernel via legacy > kexec_load. In this state, the system is

Re: [PATCH 05/27] kexec: Disable at runtime if the kernel is locked down

2017-10-20 Thread joeyli
On Thu, Oct 19, 2017 at 03:51:09PM +0100, David Howells wrote: > From: Matthew Garrett > > kexec permits the loading and execution of arbitrary code in ring 0, which > is something that lock-down is meant to prevent. It makes sense to disable > kexec in this

Re: [PATCH 04/27] Restrict /dev/mem and /dev/kmem when the kernel is locked down

2017-10-20 Thread joeyli
Hi David, Thanks for you send out this series. On Thu, Oct 19, 2017 at 03:51:02PM +0100, David Howells wrote: > From: Matthew Garrett > > Allowing users to write to address space makes it possible for the kernel to > be subverted, avoiding module loading

Re: [PATCH 03/27] Enforce module signatures if the kernel is locked down

2017-10-20 Thread joeyli
Hi David, Thanks for you send our this series. On Thu, Oct 19, 2017 at 03:50:55PM +0100, David Howells wrote: > If the kernel is locked down, require that all modules have valid > signatures that we can verify. > > Signed-off-by: David Howells I have reviewed and tested

Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down

2017-10-19 Thread joeyli
Hi Alexei, Thanks for your review! On Thu, Oct 19, 2017 at 03:18:30PM -0700, Alexei Starovoitov wrote: > On Thu, Oct 19, 2017 at 03:52:49PM +0100, David Howells wrote: > > From: Chun-Yi Lee > > > > There are some bpf functions can be used to read kernel memory: > >

Re: Draft manpage explaining kernel lockdown

2017-10-06 Thread joeyli
Hi David, On Thu, Oct 05, 2017 at 12:00:24PM +0100, David Howells wrote: > Hi Ard, Michael, > > Attached is a draft for a manual page (kernel_lockdown.7) that I intend to > point at from messages emitted when the kernel prohibits something because the > kernel is in 'lockdown' mode, typically

Re: [RFC v2 PATCH] x86/boot: Add the secdata section to the setup header

2017-08-19 Thread joeyli
Hi, On Mon, Jul 10, 2017 at 11:24:44AM +0800, Gary Lin wrote: > A new section, secdata, in the setup header is introduced to store the > distro-specific security version which is designed to help the > bootloader to warn the user when loading a less secure or vulnerable > kernel. The secdata

Re: A udev rule to serve the change event of ACPI container?

2017-08-15 Thread joeyli
On Fri, Aug 04, 2017 at 05:06:19PM +0200, Michal Hocko wrote: > On Thu 03-08-17 11:37:37, YASUAKI ISHIMATSU wrote: > > > > > > On 08/02/2017 01:49 AM, joeyli wrote: > > > Hi YASUAKI, > > > > > > On Tue, Aug 01, 2017 at 03:21:38P

Re: A udev rule to serve the change event of ACPI container?

2017-08-03 Thread joeyli
On Thu, Aug 03, 2017 at 11:31:53AM +0200, Michal Hocko wrote: > On Thu 03-08-17 17:22:37, Joey Lee wrote: > > On Wed, Aug 02, 2017 at 11:01:43AM +0200, Michal Hocko wrote: > > > On Mon 31-07-17 15:38:45, Joey Lee wrote: > [...] > > > > So, the behavior is: > > > > > > > > Kernel received ejection

Re: A udev rule to serve the change event of ACPI container?

2017-08-03 Thread joeyli
On Wed, Aug 02, 2017 at 11:01:43AM +0200, Michal Hocko wrote: > On Mon 31-07-17 15:38:45, Joey Lee wrote: > > Hi Michal, > > > > Sorry for my delay... > > > > On Tue, Jul 25, 2017 at 02:48:37PM +0200, Michal Hocko wrote: > > > On Mon 24-07-17 17:29:21, Joey Lee wrote: > [...] > > > > For the

Re: A udev rule to serve the change event of ACPI container?

2017-08-01 Thread joeyli
Hi YASUAKI, On Tue, Aug 01, 2017 at 03:21:38PM -0400, YASUAKI ISHIMATSU wrote: > Hi Joey, > > On 07/23/2017 05:18 AM, joeyli wrote: [...snip] > >>> > >> > >> At least Yasuaki raised similar behavior for container in 2013. > >> It's similar to t

Re: A udev rule to serve the change event of ACPI container?

2017-07-31 Thread joeyli
Hi Michal, Sorry for my delay... On Tue, Jul 25, 2017 at 02:48:37PM +0200, Michal Hocko wrote: > On Mon 24-07-17 17:29:21, Joey Lee wrote: > > On Mon, Jul 24, 2017 at 10:57:02AM +0200, Michal Hocko wrote: > > > On Wed 19-07-17 17:09:10, Joey Lee wrote: > > > > On Mon, Jul 17, 2017 at 11:05:25AM

Re: A udev rule to serve the change event of ACPI container?

2017-07-24 Thread joeyli
On Mon, Jul 24, 2017 at 10:57:02AM +0200, Michal Hocko wrote: > On Wed 19-07-17 17:09:10, Joey Lee wrote: > > On Mon, Jul 17, 2017 at 11:05:25AM +0200, Michal Hocko wrote: > [...] > > > The problem I have with this expectation is that userspace will never > > > have a good atomic view of the whole

Re: A udev rule to serve the change event of ACPI container?

2017-07-24 Thread joeyli
Hi Yasuaki, On Fri, Jul 14, 2017 at 10:44:14PM +0800, joeyli wrote: > On Fri, Jul 14, 2017 at 10:37:13AM +0200, Michal Hocko wrote: > > On Thu 13-07-17 20:45:21, Joey Lee wrote: > > > On Thu, Jul 13, 2017 at 09:06:19AM +0200, Michal Hocko wrote: > > > > On Thu 13-

Re: A udev rule to serve the change event of ACPI container?

2017-07-19 Thread joeyli
On Mon, Jul 17, 2017 at 11:05:25AM +0200, Michal Hocko wrote: > On Fri 14-07-17 22:44:14, Joey Lee wrote: > > On Fri, Jul 14, 2017 at 10:37:13AM +0200, Michal Hocko wrote: > > > On Thu 13-07-17 20:45:21, Joey Lee wrote: > > > > On Thu, Jul 13, 2017 at 09:06:19AM +0200, Michal Hocko wrote: > > > >

Re: A udev rule to serve the change event of ACPI container?

2017-07-14 Thread joeyli
On Fri, Jul 14, 2017 at 10:37:13AM +0200, Michal Hocko wrote: > On Thu 13-07-17 20:45:21, Joey Lee wrote: > > On Thu, Jul 13, 2017 at 09:06:19AM +0200, Michal Hocko wrote: > > > On Thu 13-07-17 14:58:06, Joey Lee wrote: > [...] > > > > If BIOS emits ejection event for a ACPI0004 container, someone

Re: A udev rule to serve the change event of ACPI container?

2017-07-13 Thread joeyli
On Thu, Jul 13, 2017 at 09:06:19AM +0200, Michal Hocko wrote: > On Thu 13-07-17 14:58:06, Joey Lee wrote: > > Hi Michal, > > > > Sorry for my delay. > > > > On Tue, Jul 11, 2017 at 10:25:32AM +0200, Michal Hocko wrote: > > > On Mon 26-06-17 10:59:07, Michal Hocko wrote: > > > > On Mon 26-06-17

Re: A udev rule to serve the change event of ACPI container?

2017-07-13 Thread joeyli
Hi Michal, Sorry for my delay. On Tue, Jul 11, 2017 at 10:25:32AM +0200, Michal Hocko wrote: > On Mon 26-06-17 10:59:07, Michal Hocko wrote: > > On Mon 26-06-17 14:26:57, Joey Lee wrote: > > > Hi all, > > > > > > If ACPI received ejection request for a ACPI container, kernel > > > emits

Re: [RFC PATCH v3] acpi: indicate to platform when hot remove returns busy

2017-07-03 Thread joeyli
On Fri, Jun 30, 2017 at 01:49:07PM +0800, joeyli wrote: > Hi Rafael, > > On Thu, Jun 29, 2017 at 12:13:18AM +0200, Rafael J. Wysocki wrote: > > On Wednesday, June 21, 2017 03:45:44 PM Lee, Chun-Yi wrote: > > > In hotplug logic, it always indicates non-specific failure t

Re: [RFC v2 PATCH] x86/boot: Add the secdata section to the setup header

2017-06-30 Thread joeyli
Hi Ard, On Thu, Jun 01, 2017 at 08:46:26AM +, Ard Biesheuvel wrote: > On 1 June 2017 at 08:11, Gary Lin wrote: > > On Fri, May 12, 2017 at 04:05:34PM +0800, Gary Lin wrote: > >> A new section, secdata, in the setup header is introduced to store the > >> distro-specific

Re: [RFC PATCH v3] acpi: indicate to platform when hot remove returns busy

2017-06-29 Thread joeyli
Hi Rafael, On Thu, Jun 29, 2017 at 12:13:18AM +0200, Rafael J. Wysocki wrote: > On Wednesday, June 21, 2017 03:45:44 PM Lee, Chun-Yi wrote: > > In hotplug logic, it always indicates non-specific failure to > > platform through _OST when handing acpi hot-remove event failed. Then > > platform

Re: [PATCH v2] acpi: handle the acpi hotplug schedule error

2017-06-29 Thread joeyli
Hi Rafael, Thanks for your review. On Thu, Jun 29, 2017 at 12:06:20AM +0200, Rafael J. Wysocki wrote: > On Wednesday, June 21, 2017 03:04:34 PM Lee, Chun-Yi wrote: > > Kernel should decrements the reference count of acpi device > > when the scheduling of acpi hotplug work is failed, and > >

Re: A udev rule to serve the change event of ACPI container?

2017-06-28 Thread joeyli
Hi YASUAKI, Thanks for your response. On Wed, Jun 28, 2017 at 03:53:16PM -0400, YASUAKI ISHIMATSU wrote: > > On 06/26/2017 02:26 AM, joeyli wrote: > > Hi all, > > > > If ACPI received ejection request for a ACPI container, kernel > > emits KOBJ_CHANGE uevent

A udev rule to serve the change event of ACPI container?

2017-06-26 Thread joeyli
Hi all, If ACPI received ejection request for a ACPI container, kernel emits KOBJ_CHANGE uevent when it found online children devices below the acpi container. Base on the description of caa73ea15 kernel patch, user space is expected to offline all devices below the container and the container

Re: [PATCH] acer-wmi: Using zero as the first WMI instance number

2017-06-20 Thread joeyli
On Tue, Jun 20, 2017 at 02:45:56PM -0700, Darren Hart wrote: > On Tue, Jun 20, 2017 at 10:46:12PM +0200, Pali Rohár wrote: > > On Tuesday 20 June 2017 19:22:46 Andy Shevchenko wrote: > > > On Tue, Jun 20, 2017 at 7:48 PM, Pali Rohár > > > wrote: > > > > On Tuesday 20 June

Re: [PATCH] RFC: platform/x86: wmi: Fix check for method instance number

2017-06-19 Thread joeyli
Hi Pali, On Sat, Jun 17, 2017 at 06:47:54PM +0200, Pali Rohár wrote: > > So problematic drivers which use instance=1 without any comments are: > > > > acer-wmi > > asus-wmi > > mxm-wmi > > Adding authors & maintainers of those drivers in loop. > > WMI instance number is indexed from zero

Re: [PATCH v2] acpi: indicate to platform when hot remove returns busy

2017-06-09 Thread joeyli
On Fri, Jun 09, 2017 at 06:36:32PM +0300, Andy Shevchenko wrote: > On Fri, Jun 9, 2017 at 1:54 PM, Lee, Chun-Yi wrote: > > In hotplug logic, it always indicates non-specific failure to > > platform through _OST when handing acpi hot-remove event failed. Then > > platform

Re: [PATCH] platform/x86/acer-wmi: Detect RF Button capability

2017-06-08 Thread joeyli
On Tue, Jun 06, 2017 at 01:07:22PM -0700, João Paulo Rechi Vita wrote: > If a machine reports a RF Button in the communication button device > bitmap, we need to remove it before calling Get Device Status otherwise > it will return the "Undefined device" (0xE2) error code. > > Although this may

Re: [PATCH] acpi: handle the acpi hotplug schedule error

2017-06-07 Thread joeyli
On Wed, Jun 07, 2017 at 01:46:37PM +0300, Andy Shevchenko wrote: > On Wed, Jun 7, 2017 at 1:18 PM, joeyli <j...@suse.com> wrote: > > On Wed, Jun 07, 2017 at 11:36:55AM +0300, Andy Shevchenko wrote: > >> On Wed, Jun 7, 2017 at 9:05 AM, Lee, Chun-Yi <joeyli.ke

Re: [RFC PATCH] acpi: indicate to platform when hot remove returns busy

2017-06-07 Thread joeyli
On Wed, Jun 07, 2017 at 11:50:13AM +0300, Andy Shevchenko wrote: > On Wed, Jun 7, 2017 at 9:07 AM, Lee, Chun-Yi wrote: > > In hotplug logic, it always indicates non-specific failure to > > platform through _OST when handing acpi hot-remove event failed. Then > > platform

Re: [PATCH] acpi: handle the acpi hotplug schedule error

2017-06-07 Thread joeyli
Hi Andy, Thanks for your help to review my patch. On Wed, Jun 07, 2017 at 11:36:55AM +0300, Andy Shevchenko wrote: > On Wed, Jun 7, 2017 at 9:05 AM, Lee, Chun-Yi wrote: > > Kernel should decrements the reference count of acpi device > > when scheduling acpi hotplug

Re: [RFC PATCH] acpi: indicate to platform when hot remove returns busy

2017-06-04 Thread joeyli
On Sun, Jun 04, 2017 at 06:04:53PM +0800, joeyli wrote: > Hi Andy, > > Thanks for your help to review my patch. > > On Sat, Jun 03, 2017 at 08:37:51PM +0300, Andy Shevchenko wrote: > > On Sat, Jun 3, 2017 at 8:20 PM, Lee, Chun-Yi <joeyli.ker...@gmail.com> > &

Re: [RFC PATCH] acpi: indicate to platform when hot remove returns busy

2017-06-04 Thread joeyli
Hi Andy, Thanks for your help to review my patch. On Sat, Jun 03, 2017 at 08:37:51PM +0300, Andy Shevchenko wrote: > On Sat, Jun 3, 2017 at 8:20 PM, Lee, Chun-Yi wrote: > > In hotplug logic, it always indicates non-specific failure to > > platform through _OST when

Re: [PATCH 5/5] Add a sysrq option to exit secure boot mode

2017-05-26 Thread joeyli
Hi, On Wed, May 24, 2017 at 03:46:03PM +0100, David Howells wrote: > From: Kyle McMartin > > Make sysrq+x exit secure boot mode on x86_64, thereby allowing the running > kernel image to be modified. This lifts the lockdown. > > Signed-off-by: Kyle McMartin >

Re: [PATCH 3/5] Add the ability to lock down access to the running kernel image

2017-05-26 Thread joeyli
On Fri, May 26, 2017 at 01:43:12PM +0100, David Howells wrote: > Casey Schaufler wrote: > > > You called out five distinct features in 0/5, so how about > > a bit for each of those? > > Actually, there are more than five in that list - there are three in the first > item

Re: [PATCH 4/5] efi: Lock down the kernel if booted in secure boot mode

2017-05-26 Thread joeyli
On Wed, May 24, 2017 at 03:45:56PM +0100, David Howells wrote: > UEFI Secure Boot provides a mechanism for ensuring that the firmware will > only load signed bootloaders and kernels. Certain use cases may also > require that all kernel modules also be signed. Add a configuration option > that to

Re: [PATCH 3/5] Add the ability to lock down access to the running kernel image

2017-05-26 Thread joeyli
On Wed, May 24, 2017 at 03:45:45PM +0100, David Howells wrote: > Provide a single call to allow kernel code to determine whether the system > should be locked down, thereby disallowing various accesses that might > allow the running kernel image to be changed including the loading of > modules

Re: [PATCH 2/5] efi: Add EFI_SECURE_BOOT bit

2017-05-26 Thread joeyli
On Wed, May 24, 2017 at 03:45:32PM +0100, David Howells wrote: > From: Josh Boyer > > UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit > that can be passed to efi_enabled() to find out whether secure boot is > enabled. > > This will be used

Re: [PATCH 1/5] efi: Move the x86 secure boot switch to generic code

2017-05-26 Thread joeyli
Hi David, On Wed, May 24, 2017 at 03:45:25PM +0100, David Howells wrote: > Move the switch-statement in x86's setup_arch() that inteprets the > secure_boot boot parameter to generic code. > > Suggested-by: Ard Biesheuvel > Signed-off-by: David Howells

Re: [PATCH v2] x86/efi: Disable runtime services on kexec kernel if booted with efi=old_map

2017-05-17 Thread joeyli
On Tue, May 16, 2017 at 06:14:23PM -0700, Sai Praneeth Prakhya wrote: > From: Sai Praneeth > > Booting kexec kernel with "efi=old_map" in kernel command line hits > kernel panic as shown below. > > [0.001000] BUG: unable to handle kernel paging request at

Re: [PATCH] x86/efi: Fix kexec kernel panic when efi=old_map is enabled

2017-05-12 Thread joeyli
On Mon, May 08, 2017 at 12:25:23PM -0700, Sai Praneeth Prakhya wrote: > From: Sai Praneeth > > Booting kexec kernel with "efi=old_map" in kernel command line hits > kernel panic as shown below. > > [0.001000] BUG: unable to handle kernel paging request at

Re: [PATCH 2/2] ACPI / scan: Avoid enumerating devices more than once

2017-04-19 Thread joeyli
On Mon, Apr 17, 2017 at 01:20:48AM +0200, Rafael J. Wysocki wrote: > From: Rafael J. Wysocki > > acpi_bus_attach() does not check the visited flag for devices that > have been enumerated already and some of them may be enumerated > for multiple times as a result,

Re: [PATCH 1/2] ACPI / scan: Apply default enumeration to devices with ACPI drivers

2017-04-19 Thread joeyli
On Mon, Apr 17, 2017 at 01:19:50AM +0200, Rafael J. Wysocki wrote: > From: Rafael J. Wysocki > > The current code in acpi_bus_attach() is inconsistent with respect > to device objects with ACPI drivers bound to them, as it allows > ACPI drivers to bind to device

Re: [PATCH] ACPI: emits change uevents to all physical companion devices of container's children

2017-04-19 Thread joeyli
Hi, On Wed, Apr 19, 2017 at 02:30:18AM +0200, Rafael J. Wysocki wrote: > On Mon, Apr 3, 2017 at 5:55 PM, Lee, Chun-Yi wrote: > > The caa73ea1 patch, "ACPI / hotplug / driver core: Handle containers > > in a special way", introduced the offline callback of acpi

Re: [PATCH 2/3] ACPI: Remove platform devices from a bus on removal

2017-04-19 Thread joeyli
On Wed, Apr 19, 2017 at 02:50:17PM +0800, joeyli wrote: > On Wed, Mar 22, 2017 at 06:33:24PM +0100, Joerg Roedel wrote: > > From: Joerg Roedel <jroe...@suse.de> > > > > The function acpi_bus_attach() creates platform_devices if > > this is specified by t

Re: [PATCH 2/3] ACPI: Remove platform devices from a bus on removal

2017-04-19 Thread joeyli
On Wed, Mar 22, 2017 at 06:33:24PM +0100, Joerg Roedel wrote: > From: Joerg Roedel > > The function acpi_bus_attach() creates platform_devices if > this is specified by the firmware. But in acpi_bus_trim() > these devices are not removed, leaving a dangling reference > to the

  1   2   3   4   >