{"id":811308,"url":"http://patchwork.ozlabs.org/api/covers/811308/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-imx/cover/20170908031616.17916-1-takahiro.akashi@linaro.org/","project":{"id":19,"url":"http://patchwork.ozlabs.org/api/projects/19/?format=json","name":"Linux IMX development","link_name":"linux-imx","list_id":"linux-imx-kernel.lists.patchwork.ozlabs.org","list_email":"linux-imx-kernel@lists.patchwork.ozlabs.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20170908031616.17916-1-takahiro.akashi@linaro.org>","list_archive_url":null,"date":"2017-09-08T03:16:07","name":"[0/9] kexec: add kexec_file_load() support","submitter":{"id":61166,"url":"http://patchwork.ozlabs.org/api/people/61166/?format=json","name":"AKASHI Takahiro","email":"takahiro.akashi@linaro.org"},"mbox":"http://patchwork.ozlabs.org/project/linux-imx/cover/20170908031616.17916-1-takahiro.akashi@linaro.org/mbox/","series":[{"id":2095,"url":"http://patchwork.ozlabs.org/api/series/2095/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-imx/list/?series=2095","date":"2017-09-08T03:16:07","name":"kexec: add kexec_file_load() support","version":1,"mbox":"http://patchwork.ozlabs.org/series/2095/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/covers/811308/comments/","headers":{"Return-Path":"","X-Original-To":"incoming-imx@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming-imx@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=lists.infradead.org\n\t(client-ip=65.50.211.133; helo=bombadil.infradead.org;\n\tenvelope-from=linux-arm-kernel-bounces+incoming-imx=patchwork.ozlabs.org@lists.infradead.org;\n\treceiver=)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=lists.infradead.org\n\theader.i=@lists.infradead.org header.b=\"kcx2locl\"; \n\tdkim=fail reason=\"signature verification failed\" (1024-bit key;\n\tunprotected) header.d=linaro.org header.i=@linaro.org\n\theader.b=\"TIbWpOrV\"; dkim-atps=neutral"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n\t[65.50.211.133])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xpMrh2Wnqz9sPk\n\tfor ;\n\tFri, 8 Sep 2017 13:15:16 +1000 (AEST)","from localhost ([127.0.0.1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))\n\tid 1dq9lA-0002N8-Mj; Fri, 08 Sep 2017 03:15:12 +0000","from mail-pg0-x233.google.com ([2607:f8b0:400e:c05::233])\n\tby bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux))\n\tid 1dq9l6-00014S-KY for linux-arm-kernel@lists.infradead.org;\n\tFri, 08 Sep 2017 03:15:11 +0000","by mail-pg0-x233.google.com with SMTP id q68so2777226pgq.1\n\tfor ;\n\tThu, 07 Sep 2017 20:14:48 -0700 (PDT)","from linaro.org ([121.95.100.191])\n\tby smtp.googlemail.com with ESMTPSA id\n\tr138sm1029343pgr.12.2017.09.07.20.14.47\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tThu, 07 Sep 2017 20:14:47 -0700 (PDT)"],"DKIM-Signature":["v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20170209; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:\n\tList-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date:\n\tSubject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:\n\tResent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:\n\tReferences:List-Owner; bh=sIhRlRKl1i1jKyaZdomxg0zY7WphT0JO1wmoIp2ipRs=;\n\tb=kcx\n\t2loclRbMLCj4zN67dk9CqNDj/PcXNoKwAAwSCKeJwdv1zF/lr4GAmZQcAvRRk5f9+3Feaz5qKPEGl\n\tnMOh8SxxHGVrPmtoKeG8UHqTZT3J41/t33eKzc2j3JyQc8yKcg2GoxPhDsDpXGtcKtOzjzDHwjWHo\n\tkqEXDzM4yLBpTFnVlYC0u5aJIo2Td3C40g+OPcZeviit88VaSY77H2VExH7lUew4uOekhNzhnLFZg\n\tOU4bGdtLJXv1wyJwGvbXLQVb5qszbf2ag0n0mCDGep/VS7LTwLt3nRFhxbuM3gKfSMyBuxsR743M5\n\tQBI8jGi9grjD3dMbDM9JpXI+mvaZiGQ==;","v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;\n\th=from:to:cc:subject:date:message-id;\n\tbh=WqX73MiCOhvE/80J1q+Q8HqQBxgeOOQyRfgRjL0KTbA=;\n\tb=TIbWpOrVcqSzVnZAK/4s2LZNwsAduo91N6goKYlMbBvwHC2+1QVfCu2hnW6Xj8RUTB\n\tsniVyK2td59r003sl5Zzq5quKfzi/kPlyG6fH4QeR9wqbgcXVc+1gfTuC9h4UOVYB2lS\n\tlJI9+NMLX8Ap94BvhgrbjWRHho30DuCtbqzFA="],"X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:from:to:cc:subject:date:message-id;\n\tbh=WqX73MiCOhvE/80J1q+Q8HqQBxgeOOQyRfgRjL0KTbA=;\n\tb=qYAYwbl93GLv7FL0x3vS7+W1ryGGczRfP1nH36xzf8UF+hQQymwsFhujOy/DFNH2fZ\n\t8djQEE/YmDzLJOplk+2asPVdMy2sZAGXWf0zDTPpomLHoTh8Ck5Om+Yaw5VH0mXUT+oT\n\tq4zzjFdGGWQN89Nb/XWKVfyZaykqSDTH2xH+w26GSfXASBIay1mcDJfARgpCYfURDDLD\n\tJs/ZJKjpM6jtCmGfMCF7eK0FhuBQLGO+deT8QiIn4HARlIGHIUPpdnf55JPZkcN/MZkU\n\tY+vAzaAjLgfVc9BnoyjySVBXeK38CAjjmWw9hS1KsWRrwRZN8RrpswWs7s7DnBO0A9hF\n\toENQ==","X-Gm-Message-State":"AHPjjUiY33cAtdhkr2labILeHMAPCYy8lrTOmWjIvFROrAeZO7Cwuqly\n\tD0S83hgcKUfS3SqK","X-Google-Smtp-Source":"ADKCNb6+BnaDuto+BzGVWekDCUndNPMcnz5wf8wsfllGDw1dSz94pA7sjsniP0W0LKDyP9SmmGPDlA==","X-Received":"by 10.84.132.34 with SMTP id 31mr1706223ple.225.1504840487990;\n\tThu, 07 Sep 2017 20:14:47 -0700 (PDT)","From":"AKASHI Takahiro ","To":"catalin.marinas@arm.com, will.deacon@arm.com, bauerman@linux.vnet.ibm.com,\n\tdhowells@redhat.com, vgoyal@redhat.com, herbert@gondor.apana.org.au, \n\tdavem@davemloft.net, akpm@linux-foundation.org, mpe@ellerman.id.au,\n\tdyoung@redhat.com, bhe@redhat.com, arnd@arndb.de,\n\tard.biesheuvel@linaro.org","Subject":"[PATCH 0/9] kexec: add kexec_file_load() support","Date":"Fri, 8 Sep 2017 12:16:07 +0900","Message-Id":"<20170908031616.17916-1-takahiro.akashi@linaro.org>","X-Mailer":"git-send-email 2.14.1","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20170907_201508_746043_CA732F58 ","X-CRM114-Status":"GOOD ( 16.22 )","X-Spam-Score":"-2.0 (--)","X-Spam-Report":"SpamAssassin version 3.4.1 on bombadil.infradead.org summary:\n\tContent analysis details: (-2.0 points)\n\tpts rule name description\n\t---- ----------------------\n\t--------------------------------------------------\n\t-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,\n\tno\n\ttrust [2607:f8b0:400e:c05:0:0:0:233 listed in] [list.dnswl.org]\n\t-0.0 SPF_PASS SPF: sender matches SPF record\n\t-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n\t[score: 0.0000]\n\t-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature\n\t0.1 DKIM_SIGNED Message has a DKIM or DK signature,\n\tnot necessarily valid\n\t-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from\n\tauthor's domain","X-BeenThere":"linux-arm-kernel@lists.infradead.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Cc":"AKASHI Takahiro , kexec@lists.infradead.org, \n\tlinux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org","MIME-Version":"1.0","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"\"linux-arm-kernel\" ","Errors-To":"linux-arm-kernel-bounces+incoming-imx=patchwork.ozlabs.org@lists.infradead.org","List-Id":"linux-imx-kernel.lists.patchwork.ozlabs.org"},"content":"This is the second round of implementing kexec_file_load() support\non arm64.[1]\nMost of the code is based on kexec-tools (along with some kernel code\nfrom x86, which also came from kexec-tools).\n\n\nThis patch series enables us to\n * load the kernel, Image, with kexec_file_load system call, and\n * optionally verify its signature at load time for trusted boot.\n\nTo load the kernel via kexec_file_load system call, a small change\nis also needed to kexec-tools. See [2]. This enables '-s' option.\n\nAs we discussed a long time ago, users may not be allowed to specify\ndevice-tree file of the 2nd kernel explicitly with kexec-tools, therefore\nre-using the blob of the first kernel.\n\nRegarding a signing method, we conform with x86 (or rather Microsoft?)\nstyle of signing since the binary can also be seen as in PE format\n(assuming that CONFIG_EFI is enabled).\n\n Powerpc is also going to support extended-file-attribute-based\n verification[3] with vmlinux, but arm64 doesn't for now partly\n because we don't have TPM-based IMA at this moment.\n\nAccordingly, we can use the existing command, sbsign, to sign the kernel.\n\n $ sbsign --key ${KEY} --cert ${CERT} Image\n\nPlease note that it is totally up to the system what key/certificate is\nused for signing, but one of easy ways to *try* this feature is to turn on\nCONFIG_MODULE_SIG so that we can reuse certs/signing_key.pem as a signing\nkey, KEY and CERT above, for kernel.\n(This also enables CONFIG_CRYPTO_SHA1 by default.)\n\n\nSome concerns(or future works):\n* Even if the kernel is configured with CONFIG_RANDOMIZE_BASE, the 2nd\n kernel won't be placed at a randomized address. We will have to\n add some boot code similar to efi-stub to implement the feature.\n* While big-endian kernel can support kernel signing, I'm not sure that\n Image can be recognized as in PE format because x86 standard only\n defines little-endian-based format.\n* IMA(and file extended attribute)-based kexec\n* vmlinux support\n\n [1] http://git.linaro.org/people/takahiro.akashi/linux-aarch64.git\n\tbranch:arm64/kexec_file\n [2] http://git.linaro.org/people/takahiro.akashi/kexec-tools.git\n\tbranch:arm64/kexec_file\n [3] http://lkml.iu.edu//hypermail/linux/kernel/1707.0/03669.html\n\n\nChanges in v2 (Sep 8, 2017)\n* move core-header-related functions from crash_core.c to kexec_file.c\n* drop hash-check code from purgatory\n* modify purgatory asm to remove arch_kexec_apply_relocations_add()\n* drop older kernel support\n* drop vmlinux support (at least, for this series)\n\nPatch #1 to #4 are all preparatory patches on generic side.\nPatch #5 is purgatory code.\nPatch #6 to #8 are common for enabling kexec_file_load.\nPatch #9 is for 'Image' support.\n\n\nAKASHI Takahiro (9):\n include: pe.h: remove message[] from mz header definition\n resource: add walk_system_ram_res_rev()\n kexec_file: factor out crashdump elf header function from x86\n asm-generic: add kexec_file_load system call to unistd.h\n arm64: kexec_file: create purgatory\n arm64: kexec_file: load initrd, device-tree and purgatory segments\n arm64: kexec_file: set up for crash dump adding elf core header\n arm64: enable KEXEC_FILE config\n arm64: kexec_file: add Image format support\n\n arch/arm64/Kconfig | 29 +++\n arch/arm64/Makefile | 1 +\n arch/arm64/include/asm/kexec.h | 24 ++\n arch/arm64/include/asm/kexec_file.h | 69 ++++++\n arch/arm64/kernel/Makefile | 4 +-\n arch/arm64/kernel/kexec_image.c | 106 +++++++++\n arch/arm64/kernel/machine_kexec_file.c | 413 +++++++++++++++++++++++++++++++++\n arch/arm64/purgatory/Makefile | 24 ++\n arch/arm64/purgatory/entry.S | 55 +++++\n arch/x86/kernel/crash.c | 324 --------------------------\n include/linux/ioport.h | 3 +\n include/linux/kexec.h | 19 ++\n include/linux/pe.h | 2 +-\n include/uapi/asm-generic/unistd.h | 4 +-\n kernel/kexec_file.c | 329 ++++++++++++++++++++++++++\n kernel/resource.c | 59 +++++\n 16 files changed, 1138 insertions(+), 327 deletions(-)\n create mode 100644 arch/arm64/include/asm/kexec_file.h\n create mode 100644 arch/arm64/kernel/kexec_image.c\n create mode 100644 arch/arm64/kernel/machine_kexec_file.c\n create mode 100644 arch/arm64/purgatory/Makefile\n create mode 100644 arch/arm64/purgatory/entry.S"}