FAILED: patch "[PATCH] arm64: kexec_file: use more system keyrings to verify kernel" failed to apply to 5.15-stable tree
The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to stable@vger.kernel.org.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 0d519cadf75184a24313568e7f489a7fc9b1be3b Mon Sep 17 00:00:00 2001 From: Coiby Xu coxu@redhat.com Date: Thu, 14 Jul 2022 21:40:26 +0800 Subject: [PATCH] arm64: kexec_file: use more system keyrings to verify kernel image signature
Currently, when loading a kernel image via the kexec_file_load() system call, arm64 can only use the .builtin_trusted_keys keyring to verify a signature whereas x86 can use three more keyrings i.e. .secondary_trusted_keys, .machine and .platform keyrings. For example, one resulting problem is kexec'ing a kernel image would be rejected with the error "Lockdown: kexec: kexec of unsigned images is restricted; see man kernel_lockdown.7".
This patch set enables arm64 to make use of the same keyrings as x86 to verify the signature kexec'ed kernel image.
Fixes: 732b7b93d849 ("arm64: kexec_file: add kernel signature verification support") Cc: stable@vger.kernel.org # 105e10e2cf1c: kexec_file: drop weak attribute from functions Cc: stable@vger.kernel.org # 34d5960af253: kexec: clean up arch_kexec_kernel_verify_sig Cc: stable@vger.kernel.org # 83b7bb2d49ae: kexec, KEYS: make the code in bzImage64_verify_sig generic Acked-by: Baoquan He bhe@redhat.com Cc: kexec@lists.infradead.org Cc: keyrings@vger.kernel.org Cc: linux-security-module@vger.kernel.org Co-developed-by: Michal Suchanek msuchanek@suse.de Signed-off-by: Michal Suchanek msuchanek@suse.de Acked-by: Will Deacon will@kernel.org Signed-off-by: Coiby Xu coxu@redhat.com Signed-off-by: Mimi Zohar zohar@linux.ibm.com
diff --git a/arch/arm64/kernel/kexec_image.c b/arch/arm64/kernel/kexec_image.c index 9ec34690e255..5ed6a585f21f 100644 --- a/arch/arm64/kernel/kexec_image.c +++ b/arch/arm64/kernel/kexec_image.c @@ -14,7 +14,6 @@ #include <linux/kexec.h> #include <linux/pe.h> #include <linux/string.h> -#include <linux/verification.h> #include <asm/byteorder.h> #include <asm/cpufeature.h> #include <asm/image.h> @@ -130,18 +129,10 @@ static void *image_load(struct kimage *image, return NULL; }
-#ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG -static int image_verify_sig(const char *kernel, unsigned long kernel_len) -{ - return verify_pefile_signature(kernel, kernel_len, NULL, - VERIFYING_KEXEC_PE_SIGNATURE); -} -#endif - const struct kexec_file_ops kexec_image_ops = { .probe = image_probe, .load = image_load, #ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG - .verify_sig = image_verify_sig, + .verify_sig = kexec_kernel_verify_pe_sig, #endif };
Hi Greg,
This patch depends on three prerequisites. This full list of commit ids should be backported is shown below,
1. 65d9a9a60fd7 ("kexec_file: drop weak attribute from functions") 2. 689a71493bd2 ("kexec: clean up arch_kexec_kernel_verify_sig") 3. c903dae8941d ("kexec, KEYS: make the code in bzImage64_verify_sig generic") 4. 0d519cadf751 ("arm64: kexec_file: use more system keyrings to verify kernel image signature")
And I can confirm they can be applied to linux-5.15.y branch successfully, $ git checkout -b arm_key_5.15.y stable/linux-5.15.y branch 'arm_key_5.15.y' set up to track 'stable/linux-5.15.y'. Switched to a new branch 'arm_key_5.15.y' $ git cherry-pick 65d9a9a60fd7 689a71493bd2 c903dae8941d 0d519cadf751 Auto-merging arch/arm64/include/asm/kexec.h Auto-merging arch/powerpc/include/asm/kexec.h Auto-merging arch/s390/include/asm/kexec.h Auto-merging arch/x86/include/asm/kexec.h Auto-merging include/linux/kexec.h Auto-merging kernel/kexec_file.c [arm_key_5.15.y 7c7844771360] kexec_file: drop weak attribute from functions Author: Naveen N. Rao naveen.n.rao@linux.vnet.ibm.com Date: Fri Jul 1 13:04:04 2022 +0530 6 files changed, 61 insertions(+), 40 deletions(-) Auto-merging include/linux/kexec.h Auto-merging kernel/kexec_file.c [arm_key_5.15.y 4283e2681d86] kexec: clean up arch_kexec_kernel_verify_sig Date: Thu Jul 14 21:40:24 2022 +0800 2 files changed, 13 insertions(+), 25 deletions(-) Auto-merging include/linux/kexec.h Auto-merging kernel/kexec_file.c [arm_key_5.15.y c0cf50b9056f] kexec, KEYS: make the code in bzImage64_verify_sig generic Date: Thu Jul 14 21:40:25 2022 +0800 3 files changed, 25 insertions(+), 19 deletions(-) [arm_key_5.15.y 40b98256cb89] arm64: kexec_file: use more system keyrings to verify kernel image signature Date: Thu Jul 14 21:40:26 2022 +0800 1 file changed, 1 insertion(+), 10 deletions(-)
On Mon, Aug 15, 2022 at 05:33:05PM +0200, gregkh@linuxfoundation.org wrote:
The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to stable@vger.kernel.org.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 0d519cadf75184a24313568e7f489a7fc9b1be3b Mon Sep 17 00:00:00 2001 From: Coiby Xu coxu@redhat.com Date: Thu, 14 Jul 2022 21:40:26 +0800 Subject: [PATCH] arm64: kexec_file: use more system keyrings to verify kernel image signature
Currently, when loading a kernel image via the kexec_file_load() system call, arm64 can only use the .builtin_trusted_keys keyring to verify a signature whereas x86 can use three more keyrings i.e. .secondary_trusted_keys, .machine and .platform keyrings. For example, one resulting problem is kexec'ing a kernel image would be rejected with the error "Lockdown: kexec: kexec of unsigned images is restricted; see man kernel_lockdown.7".
This patch set enables arm64 to make use of the same keyrings as x86 to verify the signature kexec'ed kernel image.
Fixes: 732b7b93d849 ("arm64: kexec_file: add kernel signature verification support") Cc: stable@vger.kernel.org # 105e10e2cf1c: kexec_file: drop weak attribute from functions Cc: stable@vger.kernel.org # 34d5960af253: kexec: clean up arch_kexec_kernel_verify_sig Cc: stable@vger.kernel.org # 83b7bb2d49ae: kexec, KEYS: make the code in bzImage64_verify_sig generic Acked-by: Baoquan He bhe@redhat.com Cc: kexec@lists.infradead.org Cc: keyrings@vger.kernel.org Cc: linux-security-module@vger.kernel.org Co-developed-by: Michal Suchanek msuchanek@suse.de Signed-off-by: Michal Suchanek msuchanek@suse.de Acked-by: Will Deacon will@kernel.org Signed-off-by: Coiby Xu coxu@redhat.com Signed-off-by: Mimi Zohar zohar@linux.ibm.com
diff --git a/arch/arm64/kernel/kexec_image.c b/arch/arm64/kernel/kexec_image.c index 9ec34690e255..5ed6a585f21f 100644 --- a/arch/arm64/kernel/kexec_image.c +++ b/arch/arm64/kernel/kexec_image.c @@ -14,7 +14,6 @@ #include <linux/kexec.h> #include <linux/pe.h> #include <linux/string.h> -#include <linux/verification.h> #include <asm/byteorder.h> #include <asm/cpufeature.h> #include <asm/image.h> @@ -130,18 +129,10 @@ static void *image_load(struct kimage *image, return NULL; }
-#ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG -static int image_verify_sig(const char *kernel, unsigned long kernel_len) -{
- return verify_pefile_signature(kernel, kernel_len, NULL,
VERIFYING_KEXEC_PE_SIGNATURE);-} -#endif
const struct kexec_file_ops kexec_image_ops = { .probe = image_probe, .load = image_load, #ifdef CONFIG_KEXEC_IMAGE_VERIFY_SIG
- .verify_sig = image_verify_sig,
- .verify_sig = kexec_kernel_verify_pe_sig,
#endif };
On Thu, Aug 18, 2022 at 12:09:38PM +0800, Coiby Xu wrote:
Hi Greg,
This patch depends on three prerequisites. This full list of commit ids should be backported is shown below,
- 65d9a9a60fd7 ("kexec_file: drop weak attribute from functions")
- 689a71493bd2 ("kexec: clean up arch_kexec_kernel_verify_sig")
- c903dae8941d ("kexec, KEYS: make the code in bzImage64_verify_sig generic")
- 0d519cadf751 ("arm64: kexec_file: use more system keyrings to verify kernel image signature")
And I can confirm they can be applied to linux-5.15.y branch successfully, $ git checkout -b arm_key_5.15.y stable/linux-5.15.y branch 'arm_key_5.15.y' set up to track 'stable/linux-5.15.y'. Switched to a new branch 'arm_key_5.15.y' $ git cherry-pick 65d9a9a60fd7 689a71493bd2 c903dae8941d 0d519cadf751 Auto-merging arch/arm64/include/asm/kexec.h Auto-merging arch/powerpc/include/asm/kexec.h Auto-merging arch/s390/include/asm/kexec.h Auto-merging arch/x86/include/asm/kexec.h Auto-merging include/linux/kexec.h Auto-merging kernel/kexec_file.c [arm_key_5.15.y 7c7844771360] kexec_file: drop weak attribute from functions Author: Naveen N. Rao naveen.n.rao@linux.vnet.ibm.com Date: Fri Jul 1 13:04:04 2022 +0530 6 files changed, 61 insertions(+), 40 deletions(-) Auto-merging include/linux/kexec.h Auto-merging kernel/kexec_file.c [arm_key_5.15.y 4283e2681d86] kexec: clean up arch_kexec_kernel_verify_sig Date: Thu Jul 14 21:40:24 2022 +0800 2 files changed, 13 insertions(+), 25 deletions(-) Auto-merging include/linux/kexec.h Auto-merging kernel/kexec_file.c [arm_key_5.15.y c0cf50b9056f] kexec, KEYS: make the code in bzImage64_verify_sig generic Date: Thu Jul 14 21:40:25 2022 +0800 3 files changed, 25 insertions(+), 19 deletions(-) [arm_key_5.15.y 40b98256cb89] arm64: kexec_file: use more system keyrings to verify kernel image signature Date: Thu Jul 14 21:40:26 2022 +0800 1 file changed, 1 insertion(+), 10 deletions(-)
thanks, now queued up.
greg k-h
On Fri, Aug 19, 2022 at 04:41:15PM +0200, Greg KH wrote:
On Thu, Aug 18, 2022 at 12:09:38PM +0800, Coiby Xu wrote:
Hi Greg,
This patch depends on three prerequisites. This full list of commit ids should be backported is shown below,
- 65d9a9a60fd7 ("kexec_file: drop weak attribute from functions")
- 689a71493bd2 ("kexec: clean up arch_kexec_kernel_verify_sig")
- c903dae8941d ("kexec, KEYS: make the code in bzImage64_verify_sig generic")
- 0d519cadf751 ("arm64: kexec_file: use more system keyrings to verify kernel image signature")
And I can confirm they can be applied to linux-5.15.y branch successfully, $ git checkout -b arm_key_5.15.y stable/linux-5.15.y branch 'arm_key_5.15.y' set up to track 'stable/linux-5.15.y'. Switched to a new branch 'arm_key_5.15.y' $ git cherry-pick 65d9a9a60fd7 689a71493bd2 c903dae8941d 0d519cadf751 Auto-merging arch/arm64/include/asm/kexec.h Auto-merging arch/powerpc/include/asm/kexec.h Auto-merging arch/s390/include/asm/kexec.h Auto-merging arch/x86/include/asm/kexec.h Auto-merging include/linux/kexec.h Auto-merging kernel/kexec_file.c [arm_key_5.15.y 7c7844771360] kexec_file: drop weak attribute from functions Author: Naveen N. Rao naveen.n.rao@linux.vnet.ibm.com Date: Fri Jul 1 13:04:04 2022 +0530 6 files changed, 61 insertions(+), 40 deletions(-) Auto-merging include/linux/kexec.h Auto-merging kernel/kexec_file.c [arm_key_5.15.y 4283e2681d86] kexec: clean up arch_kexec_kernel_verify_sig Date: Thu Jul 14 21:40:24 2022 +0800 2 files changed, 13 insertions(+), 25 deletions(-) Auto-merging include/linux/kexec.h Auto-merging kernel/kexec_file.c [arm_key_5.15.y c0cf50b9056f] kexec, KEYS: make the code in bzImage64_verify_sig generic Date: Thu Jul 14 21:40:25 2022 +0800 3 files changed, 25 insertions(+), 19 deletions(-) [arm_key_5.15.y 40b98256cb89] arm64: kexec_file: use more system keyrings to verify kernel image signature Date: Thu Jul 14 21:40:26 2022 +0800 1 file changed, 1 insertion(+), 10 deletions(-)
thanks, now queued up.
Nope, it causes build breakages in powerpc :(
See: https://lore.kernel.org/r/YwC6eQjx8xC9y3LD@debian and https://lore.kernel.org/r/CA+G9fYtXnZP2vdAi4eU_ApC_YFz6TqTd6Eh5Mumb2=0Y_dK5Y...
for the reports. I'm dropping these from 5.15.y now, please fix this up and resend if you want them included.
thanks,
greg k-h
On Sat, Aug 20, 2022 at 08:20:15PM +0200, Greg KH wrote:
On Fri, Aug 19, 2022 at 04:41:15PM +0200, Greg KH wrote:
On Thu, Aug 18, 2022 at 12:09:38PM +0800, Coiby Xu wrote:
Hi Greg,
This patch depends on three prerequisites. This full list of commit ids should be backported is shown below,
- 65d9a9a60fd7 ("kexec_file: drop weak attribute from functions")
- 689a71493bd2 ("kexec: clean up arch_kexec_kernel_verify_sig")
- c903dae8941d ("kexec, KEYS: make the code in bzImage64_verify_sig generic")
- 0d519cadf751 ("arm64: kexec_file: use more system keyrings to verify kernel image signature")
And I can confirm they can be applied to linux-5.15.y branch successfully, $ git checkout -b arm_key_5.15.y stable/linux-5.15.y branch 'arm_key_5.15.y' set up to track 'stable/linux-5.15.y'. Switched to a new branch 'arm_key_5.15.y' $ git cherry-pick 65d9a9a60fd7 689a71493bd2 c903dae8941d 0d519cadf751 Auto-merging arch/arm64/include/asm/kexec.h Auto-merging arch/powerpc/include/asm/kexec.h Auto-merging arch/s390/include/asm/kexec.h Auto-merging arch/x86/include/asm/kexec.h Auto-merging include/linux/kexec.h Auto-merging kernel/kexec_file.c [arm_key_5.15.y 7c7844771360] kexec_file: drop weak attribute from functions Author: Naveen N. Rao naveen.n.rao@linux.vnet.ibm.com Date: Fri Jul 1 13:04:04 2022 +0530 6 files changed, 61 insertions(+), 40 deletions(-) Auto-merging include/linux/kexec.h Auto-merging kernel/kexec_file.c [arm_key_5.15.y 4283e2681d86] kexec: clean up arch_kexec_kernel_verify_sig Date: Thu Jul 14 21:40:24 2022 +0800 2 files changed, 13 insertions(+), 25 deletions(-) Auto-merging include/linux/kexec.h Auto-merging kernel/kexec_file.c [arm_key_5.15.y c0cf50b9056f] kexec, KEYS: make the code in bzImage64_verify_sig generic Date: Thu Jul 14 21:40:25 2022 +0800 3 files changed, 25 insertions(+), 19 deletions(-) [arm_key_5.15.y 40b98256cb89] arm64: kexec_file: use more system keyrings to verify kernel image signature Date: Thu Jul 14 21:40:26 2022 +0800 1 file changed, 1 insertion(+), 10 deletions(-)
thanks, now queued up.
Nope, it causes build breakages in powerpc :(
s390
See: https://lore.kernel.org/r/YwC6eQjx8xC9y3LD@debian and https://lore.kernel.org/r/CA+G9fYtXnZP2vdAi4eU_ApC_YFz6TqTd6Eh5Mumb2=0Y_dK5Y...
for the reports. I'm dropping these from 5.15.y now, please fix this up and resend if you want them included.
The offending function was removed in 5.16 by commit 277c8389386e ("s390/kexec_file: move kernel image size check")
Thanks
Michal
On Sun, Aug 21, 2022 at 09:24:10AM +0200, Michal Suchánek wrote:
On Sat, Aug 20, 2022 at 08:20:15PM +0200, Greg KH wrote:
On Fri, Aug 19, 2022 at 04:41:15PM +0200, Greg KH wrote:
On Thu, Aug 18, 2022 at 12:09:38PM +0800, Coiby Xu wrote:
Hi Greg,
This patch depends on three prerequisites. This full list of commit ids should be backported is shown below,
- 65d9a9a60fd7 ("kexec_file: drop weak attribute from functions")
- 689a71493bd2 ("kexec: clean up arch_kexec_kernel_verify_sig")
- c903dae8941d ("kexec, KEYS: make the code in bzImage64_verify_sig generic")
- 0d519cadf751 ("arm64: kexec_file: use more system keyrings to verify kernel image signature")
And I can confirm they can be applied to linux-5.15.y branch successfully, $ git checkout -b arm_key_5.15.y stable/linux-5.15.y branch 'arm_key_5.15.y' set up to track 'stable/linux-5.15.y'. Switched to a new branch 'arm_key_5.15.y' $ git cherry-pick 65d9a9a60fd7 689a71493bd2 c903dae8941d 0d519cadf751 Auto-merging arch/arm64/include/asm/kexec.h Auto-merging arch/powerpc/include/asm/kexec.h Auto-merging arch/s390/include/asm/kexec.h Auto-merging arch/x86/include/asm/kexec.h Auto-merging include/linux/kexec.h Auto-merging kernel/kexec_file.c [arm_key_5.15.y 7c7844771360] kexec_file: drop weak attribute from functions Author: Naveen N. Rao naveen.n.rao@linux.vnet.ibm.com Date: Fri Jul 1 13:04:04 2022 +0530 6 files changed, 61 insertions(+), 40 deletions(-) Auto-merging include/linux/kexec.h Auto-merging kernel/kexec_file.c [arm_key_5.15.y 4283e2681d86] kexec: clean up arch_kexec_kernel_verify_sig Date: Thu Jul 14 21:40:24 2022 +0800 2 files changed, 13 insertions(+), 25 deletions(-) Auto-merging include/linux/kexec.h Auto-merging kernel/kexec_file.c [arm_key_5.15.y c0cf50b9056f] kexec, KEYS: make the code in bzImage64_verify_sig generic Date: Thu Jul 14 21:40:25 2022 +0800 3 files changed, 25 insertions(+), 19 deletions(-) [arm_key_5.15.y 40b98256cb89] arm64: kexec_file: use more system keyrings to verify kernel image signature Date: Thu Jul 14 21:40:26 2022 +0800 1 file changed, 1 insertion(+), 10 deletions(-)
thanks, now queued up.
Nope, it causes build breakages in powerpc :(
s390
See: https://lore.kernel.org/r/YwC6eQjx8xC9y3LD@debian and https://lore.kernel.org/r/CA+G9fYtXnZP2vdAi4eU_ApC_YFz6TqTd6Eh5Mumb2=0Y_dK5Y...
for the reports. I'm dropping these from 5.15.y now, please fix this up and resend if you want them included.
The offending function was removed in 5.16 by commit 277c8389386e ("s390/kexec_file: move kernel image size check")
Great, then someone needs to send me a backported, and tested, set of patches and I will be glad to queue them up.
thanks,
greg k-h
On Mon, Aug 22, 2022 at 09:30:12AM +0200, Greg KH wrote:
On Sun, Aug 21, 2022 at 09:24:10AM +0200, Michal Suchánek wrote:
On Sat, Aug 20, 2022 at 08:20:15PM +0200, Greg KH wrote:
On Fri, Aug 19, 2022 at 04:41:15PM +0200, Greg KH wrote:
On Thu, Aug 18, 2022 at 12:09:38PM +0800, Coiby Xu wrote:
Hi Greg,
This patch depends on three prerequisites. This full list of commit ids should be backported is shown below,
- 65d9a9a60fd7 ("kexec_file: drop weak attribute from functions")
- 689a71493bd2 ("kexec: clean up arch_kexec_kernel_verify_sig")
- c903dae8941d ("kexec, KEYS: make the code in bzImage64_verify_sig generic")
- 0d519cadf751 ("arm64: kexec_file: use more system keyrings to verify kernel image signature")
And I can confirm they can be applied to linux-5.15.y branch successfully, $ git checkout -b arm_key_5.15.y stable/linux-5.15.y branch 'arm_key_5.15.y' set up to track 'stable/linux-5.15.y'. Switched to a new branch 'arm_key_5.15.y' $ git cherry-pick 65d9a9a60fd7 689a71493bd2 c903dae8941d 0d519cadf751 Auto-merging arch/arm64/include/asm/kexec.h Auto-merging arch/powerpc/include/asm/kexec.h Auto-merging arch/s390/include/asm/kexec.h Auto-merging arch/x86/include/asm/kexec.h Auto-merging include/linux/kexec.h Auto-merging kernel/kexec_file.c [arm_key_5.15.y 7c7844771360] kexec_file: drop weak attribute from functions Author: Naveen N. Rao naveen.n.rao@linux.vnet.ibm.com Date: Fri Jul 1 13:04:04 2022 +0530 6 files changed, 61 insertions(+), 40 deletions(-) Auto-merging include/linux/kexec.h Auto-merging kernel/kexec_file.c [arm_key_5.15.y 4283e2681d86] kexec: clean up arch_kexec_kernel_verify_sig Date: Thu Jul 14 21:40:24 2022 +0800 2 files changed, 13 insertions(+), 25 deletions(-) Auto-merging include/linux/kexec.h Auto-merging kernel/kexec_file.c [arm_key_5.15.y c0cf50b9056f] kexec, KEYS: make the code in bzImage64_verify_sig generic Date: Thu Jul 14 21:40:25 2022 +0800 3 files changed, 25 insertions(+), 19 deletions(-) [arm_key_5.15.y 40b98256cb89] arm64: kexec_file: use more system keyrings to verify kernel image signature Date: Thu Jul 14 21:40:26 2022 +0800 1 file changed, 1 insertion(+), 10 deletions(-)
thanks, now queued up.
Nope, it causes build breakages in powerpc :(
s390
See: https://lore.kernel.org/r/YwC6eQjx8xC9y3LD@debian and https://lore.kernel.org/r/CA+G9fYtXnZP2vdAi4eU_ApC_YFz6TqTd6Eh5Mumb2=0Y_dK5Y...
for the reports. I'm dropping these from 5.15.y now, please fix this up and resend if you want them included.
The offending function was removed in 5.16 by commit 277c8389386e ("s390/kexec_file: move kernel image size check")
Great, then someone needs to send me a backported, and tested, set of patches and I will be glad to queue them up.
It would apply cleanly to 5.15 if it weren't for previous backport of
commit 4aa9340584e3 ("s390/kexec: fix memory leak of ipl report buffer")
adds a function below the one that's supposed to be removed.
Thanks
Michal
linux-stable-mirror@lists.linaro.org
-
Coiby Xu -
Greg KH -
gregkh@linuxfoundation.org
-
Michal Suchánek