10 Nov, 2020
1 commit
-
Sparse gets cross about us returning 0 from image_load(), which has a
return type of 'void *':>> arch/arm64/kernel/kexec_image.c:130:16: sparse: sparse: Using plain integer as NULL pointer
Return NULL instead, as we don't use the return value for anything if it
does not indicate an error.Cc: Benjamin Gwin
Reported-by: kernel test robot
Fixes: 108aa503657e ("arm64: kexec_file: try more regions if loading segments fails")
Link: https://lore.kernel.org/r/202011091736.T0zH8kaC-lkp@intel.com
Signed-off-by: Will Deacon
06 Nov, 2020
1 commit
-
It's possible that the first region picked for the new kernel will make
it impossible to fit the other segments in the required 32GB window,
especially if we have a very large initrd.Instead of giving up, we can keep testing other regions for the kernel
until we find one that works.Suggested-by: Ryan O'Leary
Signed-off-by: Benjamin Gwin
Link: https://lore.kernel.org/r/20201103201106.2397844-1-bgwin@google.com
Signed-off-by: Will Deacon
09 Jan, 2020
1 commit
-
Enabling crash dump (kdump) includes
* prepare contents of ELF header of a core dump file, /proc/vmcore,
using crash_prepare_elf64_headers(), and
* add two device tree properties, "linux,usable-memory-range" and
"linux,elfcorehdr", which represent respectively a memory range
to be used by crash dump kernel and the header's locationSigned-off-by: AKASHI Takahiro
Cc: Catalin Marinas
Cc: Will Deacon
Reviewed-by: James Morse
Tested-and-reviewed-by: Bhupesh Sharma
Signed-off-by: Will Deacon
05 Aug, 2019
1 commit
-
With commit b6664ba42f14 ("s390, kexec_file: drop arch_kexec_mem_walk()"),
we introduced the KEXEC_BUF_MEM_UNKNOWN macro. If kexec_buf.mem is set
to this value, kexec_locate_mem_hole() will try to allocate free memory.While other arch(s) like s390 and x86_64 already use this macro to
initialize kexec_buf.mem with, arm64 uses an equivalent value of 0.
Replace it with KEXEC_BUF_MEM_UNKNOWN, to keep the convention of
initializing 'kxec_buf.mem' consistent across various archs.Cc: takahiro.akashi@linaro.org
Cc: james.morse@arm.com
Reviewed-by: Matthias Brugger
Signed-off-by: Bhupesh Sharma
Signed-off-by: Will Deacon
15 Jun, 2019
1 commit
-
The documentation is in a format that is very close to ReST format.
The conversion is actually:
- add blank lines in order to identify paragraphs;
- fixing tables markups;
- adding some lists markups;
- marking literal blocks;
- adjust some title markups.At its new index.rst, let's add a :orphan: while this is not linked to
the main index.rst file, in order to avoid build warnings.Signed-off-by: Mauro Carvalho Chehab
Signed-off-by: Jonathan Corbet
09 Jun, 2019
1 commit
-
Mostly due to x86 and acpi conversion, several documentation
links are still pointing to the old file. Fix them.Signed-off-by: Mauro Carvalho Chehab
Reviewed-by: Wolfram Sang
Reviewed-by: Sven Van Asbroeck
Reviewed-by: Bhupesh Sharma
Acked-by: Mark Brown
Signed-off-by: Jonathan Corbet
07 Dec, 2018
1 commit
-
Now that kexec_walk_memblock() can do the crash-kernel placement itself
architectures that don't support kdump via kexe_file_load() need to
explicitly forbid it.We don't support this on arm64 until the kernel can add the elfcorehdr
and usable-memory-range fields to the DT. Without these the crash-kernel
overwrites the previous kernel's memory during startup.Add a check to refuse crash image loading.
Reviewed-by: Bhupesh Sharma
Signed-off-by: James Morse
Signed-off-by: Will Deacon
06 Dec, 2018
2 commits
-
With this patch, kernel verification can be done without IMA security
subsystem enabled. Turn on CONFIG_KEXEC_VERIFY_SIG instead.On x86, a signature is embedded into a PE file (Microsoft's format) header
of binary. Since arm64's "Image" can also be seen as a PE file as far as
CONFIG_EFI is enabled, we adopt this format for kernel signing.You can create a signed kernel image with:
$ sbsign --key ${KEY} --cert ${CERT} ImageSigned-off-by: AKASHI Takahiro
Cc: Catalin Marinas
Cc: Will Deacon
Reviewed-by: James Morse
[will: removed useless pr_debug()]
Signed-off-by: Will Deacon -
This patch provides kexec_file_ops for "Image"-format kernel. In this
implementation, a binary is always loaded with a fixed offset identified
in text_offset field of its header.Regarding signature verification for trusted boot, this patch doesn't
contains CONFIG_KEXEC_VERIFY_SIG support, which is to be added later
in this series, but file-attribute-based verification is still a viable
option by enabling IMA security subsystem.You can sign(label) a to-be-kexec'ed kernel image on target file system
with:
$ evmctl ima_sign --key /path/to/private_key.pem ImageOn live system, you must have IMA enforced with, at least, the following
security policy:
"appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig"See more details about IMA here:
https://sourceforge.net/p/linux-ima/wiki/Home/Signed-off-by: AKASHI Takahiro
Cc: Catalin Marinas
Cc: Will Deacon
Reviewed-by: James Morse
Signed-off-by: Will Deacon