Re: [PATCH v11 0/8] powerpc: Implement kexec_file_load()

From: Mimi Zohar
Date: Wed Nov 30 2016 - 08:04:42 EST

Next message: Michal Hocko: "Re: [PATCH] mm: page_alloc: High-order per-cpu page allocator v3"
Previous message: Linus Walleij: "Re: [PATCH 3/3] iio: st_pressure: Support i2c probe using acpi"
In reply to: Michael Ellerman: "Re: [PATCH v11 0/8] powerpc: Implement kexec_file_load()"
Next in thread: Mimi Zohar: "Re: [PATCH v11 0/8] powerpc: Implement kexec_file_load()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2016-11-30 at 15:52 +1100, Michael Ellerman wrote:
> Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> writes:
>
> > On Tue, 29 Nov 2016 23:45:46 +1100 Michael Ellerman <mpe@xxxxxxxxxxxxxx> wrote:
> >
> >> This is v11 of the kexec_file_load() for powerpc series.
> >>
> >> I've stripped this down to the minimum we need, so we can get this in for 4.10.
> >> Any additions can come later incrementally.
> >
> > This made a bit of a mess of Mimi's series "ima: carry the
> > measurement list across kexec v10".
>
> Urk, sorry about that. I didn't realise there was a big dependency
> between them, but I guess I should have tried to do the rebase.
>
> > powerpc-ima-get-the-kexec-buffer-passed-by-the-previous-kernel.patch
> > ima-on-soft-reboot-restore-the-measurement-list.patch
> > ima-permit-duplicate-measurement-list-entries.patch
> > ima-maintain-memory-size-needed-for-serializing-the-measurement-list.patch
> > powerpc-ima-send-the-kexec-buffer-to-the-next-kernel.patch
> > ima-on-soft-reboot-save-the-measurement-list.patch
> > ima-store-the-builtin-custom-template-definitions-in-a-list.patch
> > ima-support-restoring-multiple-template-formats.patch
> > ima-define-a-canonical-binary_runtime_measurements-list-format.patch
> > ima-platform-independent-hash-value.patch
> >
> > I made the syntactic fixes but I won't be testing it.

Dmitry Kasatkin's acked-by needs to be included for the IMA patches.

> Thanks.
>
> TBH I don't know how to test the IMA part, I'm relying on Thiago and
> Mimi to do that.

It should be straight forward. Enable CONFIG_IMA_KEXEC to carry the
measurements from one kernel to the next. Use a kexec_file_load version
of kexec to boot the next kernel. On the boot command line add
"ima_tcb" or "ima_policy=ima_tcb".

If the measurements were carried across kexec, the IMA measurement list
<securityfs>/ima/ascii_runtime_measurements should contain an initial
"boot_aggregate", as the first record, and a "boot_aggregate", as a
delimiter, for each subsequent kexec.

> >> If no one objects I'll merge this via the powerpc tree. The three kexec patches
> >> have been acked by Dave Young (since forever), and have been in linux-next (via
> >> akpm's tree) also for a long time.
> >
> > OK, I'll wait for these to appear in -next and I will await advice on
>
> Thanks. I'll let them stew for a few more hours and then put them in my
> next for tomorrows linux-next.

Thaigo tested the patches yesterday. Everything seemed fine. After
cherry picking the kexec_file_load() patches and rebasing the
restore_kexec patches on top of it in my tree, there were some problems.
Perhaps there is some dependencies that I'm missing.

Mimi

Next message: Michal Hocko: "Re: [PATCH] mm: page_alloc: High-order per-cpu page allocator v3"
Previous message: Linus Walleij: "Re: [PATCH 3/3] iio: st_pressure: Support i2c probe using acpi"
In reply to: Michael Ellerman: "Re: [PATCH v11 0/8] powerpc: Implement kexec_file_load()"
Next in thread: Mimi Zohar: "Re: [PATCH v11 0/8] powerpc: Implement kexec_file_load()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]