Blame kexec-bzimage-verify-pe-signature-fix.patch
|
Jeremy Cline |
6782776 |
From: Dave Young <dyoung@redhat.com>
|
|
Jeremy Cline |
6782776 |
|
|
Jeremy Cline |
6782776 |
Fix kexec_file_load pefile signature verification
|
|
Jeremy Cline |
6782776 |
|
|
Jeremy Cline |
6782776 |
Similar with Fix-for-module-sig-verification.patch, kexec_file syscall also
|
|
Jeremy Cline |
6782776 |
need pass 1UL to verify_pefile_signature so that secondary keys can be used.
|
|
Jeremy Cline |
6782776 |
|
|
Jeremy Cline |
6782776 |
Fedora bug
|
|
Jeremy Cline |
6782776 |
https://bugzilla.redhat.com/show_bug.cgi?id=1470995
|
|
Jeremy Cline |
6782776 |
|
|
Jeremy Cline |
6782776 |
Latest upstream effort is below:
|
|
Jeremy Cline |
6782776 |
https://www.spinics.net/lists/kernel/msg2825184.html
|
|
Jeremy Cline |
6782776 |
|
|
Jeremy Cline |
6782776 |
Ideally this need an upstream fix, but since nobody response we can workaround
|
|
Jeremy Cline |
6782776 |
it like the module code did.
|
|
Jeremy Cline |
6782776 |
|
|
Jeremy Cline |
6782776 |
Signed-off-by: Dave Young <dyoung@redhat.com>
|
|
Jeremy Cline |
6782776 |
---
|
|
Jeremy Cline |
6782776 |
arch/x86/kernel/kexec-bzimage64.c | 2 +-
|
|
Jeremy Cline |
6782776 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
Jeremy Cline |
6782776 |
|
|
Jeremy Cline |
6782776 |
--- linux-x86.orig/arch/x86/kernel/kexec-bzimage64.c
|
|
Jeremy Cline |
6782776 |
+++ linux-x86/arch/x86/kernel/kexec-bzimage64.c
|
|
Jeremy Cline |
6782776 |
@@ -533,7 +533,7 @@ static int bzImage64_cleanup(void *loade
|
|
Jeremy Cline |
6782776 |
static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len)
|
|
Jeremy Cline |
6782776 |
{
|
|
Jeremy Cline |
6782776 |
return verify_pefile_signature(kernel, kernel_len,
|
|
Jeremy Cline |
6782776 |
- NULL,
|
|
Jeremy Cline |
6782776 |
+ (void *)1UL,
|
|
Jeremy Cline |
6782776 |
VERIFYING_KEXEC_PE_SIGNATURE);
|
|
Jeremy Cline |
6782776 |
}
|
|
Jeremy Cline |
6782776 |
#endif
|
|
Jeremy Cline |
6782776 |
--
|
|
Jeremy Cline |
6782776 |
2.17.0
|