2 Commits

Author SHA1 Message Date
Tautschnig, Michael
21532b9e5b scripts: Fix size mismatch of kexec_purgatory_size
bin2c is used to create a valid C file out of a binary file where two
symbols will be globally defined: <name> and <name>_size. <name> is
passed as the first parameter of the host binary.

Building using goto-cc reported that the purgatory binary code (the only
current user of this utility) declares kexec_purgatory_size as 'size_t'
where bin2c generate <name>_size to be 'int' so in a 64-bit host where
sizeof(size_t) > sizeof(int) this type mismatch will always yield the
wrong value for big-endian architectures while for little-endian it will
be wrong if the object laid in memory directly after
kexec_purgatory_size contains non-zero value at the time of reading.

This commit changes <name>_size to be size_t instead.

Note:

Another way to fix the problem is to change the type of
kexec_purgatory_size to be 'int' as there's this check in code:
(kexec_purgatory_size <= 0)

Signed-off-by: Michael Tautschnig <tautschn@amazon.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Acked-by: Dave Young <dyoung@redhat.com>
Signed-off-by: Michal Marek <mmarek@suse.com>
2016-07-22 14:05:40 +02:00
Vivek Goyal
8370edea81 bin2c: move bin2c in scripts/basic
This patch series does not do kernel signature verification yet.  I plan
to post another patch series for that.  Now distributions are already
signing PE/COFF bzImage with PKCS7 signature I plan to parse and verify
those signatures.

Primary goal of this patchset is to prepare groundwork so that kernel
image can be signed and signatures be verified during kexec load.  This
should help with two things.

- It should allow kexec/kdump on secureboot enabled machines.

- In general it can help even without secureboot. By being able to verify
  kernel image signature in kexec, it should help with avoiding module
  signing restrictions. Matthew Garret showed how to boot into a custom
  kernel, modify first kernel's memory and then jump back to old kernel and
  bypass any policy one wants to.

This patch (of 15):

Kexec wants to use bin2c and it wants to use it really early in the build
process. See arch/x86/purgatory/ code in later patches.

So move bin2c in scripts/basic so that it can be built very early and
be usable by arch/x86/purgatory/

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: WANG Chao <chaowang@redhat.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-08 15:57:32 -07:00