{"id":814217,"url":"http://patchwork.ozlabs.org/api/covers/814217/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-imx/cover/20170915105932.25338-1-takahiro.akashi@linaro.org/","project":{"id":19,"url":"http://patchwork.ozlabs.org/api/projects/19/?format=json","name":"Linux IMX development","link_name":"linux-imx","list_id":"linux-imx-kernel.lists.patchwork.ozlabs.org","list_email":"linux-imx-kernel@lists.patchwork.ozlabs.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20170915105932.25338-1-takahiro.akashi@linaro.org>","list_archive_url":null,"date":"2017-09-15T10:59:22","name":"[v3,00/10] arm64: kexec: add kexec_file_load() support","submitter":{"id":61166,"url":"http://patchwork.ozlabs.org/api/people/61166/?format=json","name":"AKASHI Takahiro","email":"takahiro.akashi@linaro.org"},"mbox":"http://patchwork.ozlabs.org/project/linux-imx/cover/20170915105932.25338-1-takahiro.akashi@linaro.org/mbox/","series":[{"id":3281,"url":"http://patchwork.ozlabs.org/api/series/3281/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-imx/list/?series=3281","date":"2017-09-15T10:59:22","name":"arm64: kexec: add kexec_file_load() support","version":3,"mbox":"http://patchwork.ozlabs.org/series/3281/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/covers/814217/comments/","headers":{"Return-Path":"","X-Original-To":"incoming-imx@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming-imx@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=lists.infradead.org\n\t(client-ip=65.50.211.133; helo=bombadil.infradead.org;\n\tenvelope-from=linux-arm-kernel-bounces+incoming-imx=patchwork.ozlabs.org@lists.infradead.org;\n\treceiver=)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=lists.infradead.org\n\theader.i=@lists.infradead.org header.b=\"Q7AMWoS/\"; \n\tdkim=fail reason=\"signature verification failed\" (1024-bit key;\n\tunprotected) header.d=linaro.org header.i=@linaro.org\n\theader.b=\"hil0uE/o\"; dkim-atps=neutral"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n\t[65.50.211.133])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xtsng1wndz9t2h\n\tfor ;\n\tFri, 15 Sep 2017 20:58:15 +1000 (AEST)","from localhost ([127.0.0.1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))\n\tid 1dsoK3-0000Dq-8V; Fri, 15 Sep 2017 10:58:11 +0000","from mail-pg0-x22c.google.com ([2607:f8b0:400e:c05::22c])\n\tby bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux))\n\tid 1dsoJy-00008x-55 for linux-arm-kernel@lists.infradead.org;\n\tFri, 15 Sep 2017 10:58:08 +0000","by mail-pg0-x22c.google.com with SMTP id m30so1308162pgn.6\n\tfor ;\n\tFri, 15 Sep 2017 03:57:44 -0700 (PDT)","from linaro.org ([121.95.100.191])\n\tby smtp.googlemail.com with ESMTPSA id\n\tk82sm1796120pfj.66.2017.09.15.03.57.42\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tFri, 15 Sep 2017 03:57:43 -0700 (PDT)"],"DKIM-Signature":["v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20170209; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:\n\tList-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date:\n\tSubject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:\n\tResent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:\n\tReferences:List-Owner; bh=dCIRRCww00JIUinbTCX91KFI/NUoLHou0fDOosg0HTU=;\n\tb=Q7A\n\tMWoS/eeJOZ3dRvU2PnLTjVIbXUzIz6U7YabacuEGSHSmVc1eXW8Pb87w+lZ3H/s4iAmRz6KR4a8rR\n\tbiB3J8ucCAGwfTcSYijZx9ikMA/yDmjHv4imI1F57uCHgoDhvNagqfkK4gcZfnpuSdJF59fqDj6I2\n\tTxJzzgxhAko1CBwn1Zv/9RQP+G8UsFqfUG199xhmenr2vuKIIHSr6DfBGT2kl/5PU0BwJ8HHD0rus\n\tOg1xwVOCIeNLb3RiSznG3bm/TvX0Zpg/1OWwvEztYGztYvxDfgn4zZNANtbRMKz4ineJZuwCci+Bt\n\tO8XKtrKn+o4EdHMAGhfV9lwXTKNCnow==;","v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;\n\th=from:to:cc:subject:date:message-id;\n\tbh=G8IuSGIeoIG2NL5VJhAfjDVujUmkg9tHs8XQYoklK0k=;\n\tb=hil0uE/ooAOvElwCGpagIzt9G8AJ5ryZgh3dePrT06k7pvXUzma1ncP6zmQfZURZNe\n\tIetWltPzT1/DJ/k/OHsLx3AD/GwH0FSYFzuXxj4xnGXuumlCaTXgELLHmRcA4yIA5fNP\n\tbFXc8wrZu4p88TkNwLK0fAiwfVnfyByQZhhgI="],"X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:from:to:cc:subject:date:message-id;\n\tbh=G8IuSGIeoIG2NL5VJhAfjDVujUmkg9tHs8XQYoklK0k=;\n\tb=GyxjjahmsExNgZETdczWCh76M9c2z6f/+ErYHpCoPdKVr/U0mpoVloJlDVOwpA26g+\n\trSZOIM0TMcMM+Q1G7T67kZI6AOGh0JJn87+PG6BYWKlL/xXwFJFrsxHYBW7gijlDGbXT\n\tGk/hgzIbRWQIaxdt2oZ0BM52S50RGkC2g14zvjobO8/nVQxCqHa91DCZEdcBY9Ji5D+2\n\tQEdi8V4cmy1A9XRpHM2EOsfaPTZIpUcvbEXs26ZqKMBF976M8uwEXH2yNHGCzuc16J8G\n\t+hOUe+NQlqda3DCTf9y5mx+XOx6dcQGubQP0VZ7IQk6g48K7B1Pl6ilkayK8VKuli/LY\n\tgdCg==","X-Gm-Message-State":"AHPjjUgEzU8HxhH3il0OgvKAVC815Qcllk/Ro/XkXL/wnXh5Dy7tuXky\n\tj+wKVHtRBAq3hV01","X-Google-Smtp-Source":"ADKCNb76z8mkjUy0bSxf2hZ5fhuz+vo/loaM/wNpztiY746CBurRY70tLnl2NybGDv7M1vHNR9GtIA==","X-Received":"by 10.98.138.17 with SMTP id y17mr17081365pfd.149.1505473064081; \n\tFri, 15 Sep 2017 03:57:44 -0700 (PDT)","From":"AKASHI Takahiro ","To":"catalin.marinas@arm.com, will.deacon@arm.com, bauerman@linux.vnet.ibm.com,\n\tdhowells@redhat.com, vgoyal@redhat.com, herbert@gondor.apana.org.au, \n\tdavem@davemloft.net, akpm@linux-foundation.org, mpe@ellerman.id.au,\n\tdyoung@redhat.com, bhe@redhat.com, arnd@arndb.de,\n\tard.biesheuvel@linaro.org","Subject":"[PATCH v3 00/10] arm64: kexec: add kexec_file_load() support","Date":"Fri, 15 Sep 2017 19:59:22 +0900","Message-Id":"<20170915105932.25338-1-takahiro.akashi@linaro.org>","X-Mailer":"git-send-email 2.14.1","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20170915_035806_367428_FCDA4D79 ","X-CRM114-Status":"GOOD ( 16.26 )","X-Spam-Score":"-2.0 (--)","X-Spam-Report":"SpamAssassin version 3.4.1 on bombadil.infradead.org summary:\n\tContent analysis details: (-2.0 points)\n\tpts rule name description\n\t---- ----------------------\n\t--------------------------------------------------\n\t-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,\n\tno\n\ttrust [2607:f8b0:400e:c05:0:0:0:22c listed in] [list.dnswl.org]\n\t-0.0 SPF_PASS SPF: sender matches SPF record\n\t-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n\t[score: 0.0000]\n\t-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature\n\t0.1 DKIM_SIGNED Message has a DKIM or DK signature,\n\tnot necessarily valid\n\t-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from\n\tauthor's domain","X-BeenThere":"linux-arm-kernel@lists.infradead.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Cc":"AKASHI Takahiro , kexec@lists.infradead.org, \n\tlinux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org","MIME-Version":"1.0","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"\"linux-arm-kernel\" ","Errors-To":"linux-arm-kernel-bounces+incoming-imx=patchwork.ozlabs.org@lists.infradead.org","List-Id":"linux-imx-kernel.lists.patchwork.ozlabs.org"},"content":"This is the third round of implementing kexec_file_load() support\non arm64.[1]\nMost of the code is based on kexec-tools (along with some kernel code\nfrom x86, which also came from kexec-tools).\n\n\nThis patch series enables us to\n * load the kernel, Image, with kexec_file_load system call, and\n * optionally verify its signature at load time for trusted boot.\n\nTo load the kernel via kexec_file_load system call, a small change\nis also needed to kexec-tools. See [2]. This enables '-s' option.\n\nAs we discussed a long time ago, users may not be allowed to specify\ndevice-tree file of the 2nd kernel explicitly with kexec-tools, hence\nre-using the blob of the first kernel.\n\nRegarding a signing method, we conform with x86 (or rather Microsoft?)\nstyle of signing since the binary can also be seen as in PE format\n(assuming that CONFIG_EFI is enabled).\n\n Powerpc is also going to support extended-file-attribute-based\n verification[3] with vmlinux, but arm64 doesn't for now partly\n because we don't have TPM-based IMA at this moment.\n\nAccordingly, we can use the existing command, sbsign, to sign the kernel.\n\n $ sbsign --key ${KEY} --cert ${CERT} Image\n\nPlease note that it is totally up to the system what key/certificate is\nused for signing, but one of easy ways to *try* this feature is to turn on\nCONFIG_MODULE_SIG so that we can reuse certs/signing_key.pem as a signing\nkey, KEY and CERT above, for kernel.\n(This also enables CONFIG_CRYPTO_SHA1 by default.)\n\n\nSome concerns(or future works):\n* Even if the kernel is configured with CONFIG_RANDOMIZE_BASE, the 2nd\n kernel won't be placed at a randomized address. We will have to\n add some boot code similar to efi-stub to implement the feature.\n* While big-endian kernel can support kernel signing, I'm not sure that\n Image can be recognized as in PE format because x86 standard only\n defines little-endian-based format.\n* IMA(and extended file attribute)-based kexec\n* vmlinux support\n\n [1] http://git.linaro.org/people/takahiro.akashi/linux-aarch64.git\n\tbranch:arm64/kexec_file\n [2] http://git.linaro.org/people/takahiro.akashi/kexec-tools.git\n\tbranch:arm64/kexec_file\n [3] http://lkml.iu.edu//hypermail/linux/kernel/1707.0/03669.html\n\n\nChanges in v3 (Sep 15, 2017)\n* fix kbuild test error\n* factor out arch_kexec_kernel_*() & arch_kimage_file_post_load_cleanup()\n* remove CONFIG_CRASH_CORE guard from kexec_file.c\n* add vmapped kernel region to vmcore for gdb backtracing\n (see prepare_elf64_headers())\n* merge asm/kexec_file.h into asm/kexec.h\n* and some cleanups\n\nChanges in v2 (Sep 8, 2017)\n* move core-header-related functions from crash_core.c to kexec_file.c\n* drop hash-check code from purgatory\n* modify purgatory asm to remove arch_kexec_apply_relocations_add()\n* drop older kernel support\n* drop vmlinux support (at least, for this series)\n\nPatch #1 to #5 are all preparatory patches on generic side.\nPatch #6 is purgatory code.\nPatch #7 to #9 are common for enabling kexec_file_load.\nPatch #10 is for 'Image' support.\n\nAKASHI Takahiro (10):\n include: pe.h: remove message[] from mz header definition\n resource: add walk_system_ram_res_rev()\n kexec_file: factor out arch_kexec_kernel_*() from x86, powerpc\n kexec_file: factor out crashdump elf header function from x86\n asm-generic: add kexec_file_load system call to unistd.h\n arm64: kexec_file: create purgatory\n arm64: kexec_file: load initrd, device-tree and purgatory segments\n arm64: kexec_file: set up for crash dump adding elf core header\n arm64: enable KEXEC_FILE config\n arm64: kexec_file: add Image format support\n\n arch/arm64/Kconfig | 29 +++\n arch/arm64/Makefile | 1 +\n arch/arm64/include/asm/kexec.h | 93 +++++++\n arch/arm64/kernel/Makefile | 4 +-\n arch/arm64/kernel/kexec_image.c | 105 ++++++++\n arch/arm64/kernel/machine_kexec_file.c | 365 ++++++++++++++++++++++++++++\n arch/arm64/purgatory/Makefile | 24 ++\n arch/arm64/purgatory/entry.S | 55 +++++\n arch/powerpc/include/asm/kexec.h | 4 +\n arch/powerpc/kernel/machine_kexec_file_64.c | 36 +--\n arch/x86/kernel/crash.c | 324 ------------------------\n arch/x86/kernel/machine_kexec_64.c | 59 +----\n include/linux/ioport.h | 3 +\n include/linux/kexec.h | 43 +++-\n include/linux/pe.h | 2 +-\n include/uapi/asm-generic/unistd.h | 4 +-\n kernel/kexec_file.c | 360 ++++++++++++++++++++++++++-\n kernel/kexec_internal.h | 20 ++\n kernel/resource.c | 59 +++++\n 19 files changed, 1156 insertions(+), 434 deletions(-)\n create mode 100644 arch/arm64/kernel/kexec_image.c\n create mode 100644 arch/arm64/kernel/machine_kexec_file.c\n create mode 100644 arch/arm64/purgatory/Makefile\n create mode 100644 arch/arm64/purgatory/entry.S"}