kexec: clean up arch_kexec_kernel_verify_sig
Before commit 105e10e2cf1c ("kexec_file: drop weak attribute from
functions"), there was already no arch-specific implementation
of arch_kexec_kernel_verify_sig. With weak attribute dropped by that
commit, arch_kexec_kernel_verify_sig is completely useless. So clean it
up.
Note later patches are dependent on this patch so it should be backported
to the stable tree as well.
Cc: stable@vger.kernel.org
Suggested-by: Eric W. Biederman <ebiederm@xmission.com>
Reviewed-by: Michal Suchanek <msuchanek@suse.de>
Acked-by: Baoquan He <bhe@redhat.com>
Signed-off-by: Coiby Xu <coxu@redhat.com>
[zohar@linux.ibm.com: reworded patch description "Note"]
Link: https://lore.kernel.org/linux-integrity/20220714134027.394370-1-coxu@redhat.com/
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Coiby Xu
Mimi Zohar
parent
0738eceb62
commit
689a71493b
@ -212,11 +212,6 @@ static inline void *arch_kexec_kernel_image_load(struct kimage *image)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_KEXEC_SIG
|
||||
int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
|
||||
unsigned long buf_len);
|
||||
#endif
|
||||
|
||||
extern int kexec_add_buffer(struct kexec_buf *kbuf);
|
||||
int kexec_locate_mem_hole(struct kexec_buf *kbuf);
|
||||
|
||||
|
||||
@ -81,24 +81,6 @@ int kexec_image_post_load_cleanup_default(struct kimage *image)
|
||||
return image->fops->cleanup(image->image_loader_data);
|
||||
}
|
||||
|
||||
#ifdef CONFIG_KEXEC_SIG
|
||||
static int kexec_image_verify_sig_default(struct kimage *image, void *buf,
|
||||
unsigned long buf_len)
|
||||
{
|
||||
if (!image->fops || !image->fops->verify_sig) {
|
||||
pr_debug("kernel loader does not support signature verification.\n");
|
||||
return -EKEYREJECTED;
|
||||
}
|
||||
|
||||
return image->fops->verify_sig(buf, buf_len);
|
||||
}
|
||||
|
||||
int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf, unsigned long buf_len)
|
||||
{
|
||||
return kexec_image_verify_sig_default(image, buf, buf_len);
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Free up memory used by kernel, initrd, and command line. This is temporary
|
||||
* memory allocation which is not needed any more after these buffers have
|
||||
@ -141,13 +123,24 @@ void kimage_file_post_load_cleanup(struct kimage *image)
|
||||
}
|
||||
|
||||
#ifdef CONFIG_KEXEC_SIG
|
||||
static int kexec_image_verify_sig(struct kimage *image, void *buf,
|
||||
unsigned long buf_len)
|
||||
{
|
||||
if (!image->fops || !image->fops->verify_sig) {
|
||||
pr_debug("kernel loader does not support signature verification.\n");
|
||||
return -EKEYREJECTED;
|
||||
}
|
||||
|
||||
return image->fops->verify_sig(buf, buf_len);
|
||||
}
|
||||
|
||||
static int
|
||||
kimage_validate_signature(struct kimage *image)
|
||||
{
|
||||
int ret;
|
||||
|
||||
ret = arch_kexec_kernel_verify_sig(image, image->kernel_buf,
|
||||
image->kernel_buf_len);
|
||||
ret = kexec_image_verify_sig(image, image->kernel_buf,
|
||||
image->kernel_buf_len);
|
||||
if (ret) {
|
||||
|
||||
if (sig_enforce) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user