#!/usr/bin/perl -w # # extract-mod-sig # # Reads the module file and writes out some or all of the signature # section to stdout. Part is the bit to be written and is one of: # # -0: The unsigned module, no signature data at all # -a: All of the signature data, including magic number # -d: Just the descriptor values as a sequence of numbers # -n: Just the signer's name # -k: Just the key ID # -s: Just the crypto signature or PKCS#7 message # use strict; die "Format: $0 -[0adnks] module-file >out\n" if ($#ARGV != 1); my $part = $ARGV[0]; my $modfile = $ARGV[1]; my $magic_number = "~Module signature appended~\n"; # # Read the module contents # open FD, "<$modfile" || die $modfile; binmode(FD); my @st = stat(FD); die "$modfile" unless (@st); my $buf = ""; my $len = sysread(FD, $buf, $st[7]); die "$modfile" unless (defined($len)); die "Short read on $modfile\n" unless ($len == $st[7]); close(FD) || die $modfile; print STDERR "Read ", $len, " bytes from module file\n"; die "The file is too short to have a sig magic number and descriptor\n" if ($len < 12 + length($magic_number)); # # Check for the magic number and extract the information block # my $p = $len - length($magic_number); my $raw_magic = substr($buf, $p); die "Magic number not found at $len\n" if ($raw_magic ne $magic_number); print STDERR "Found magic number at $len\n"; $p -= 12; my $raw_info = substr($buf, $p, 12); my @info = unpack("CCCCCxxxN", $raw_info); my ($algo, $hash, $id_type, $name_len, $kid_len, $sig_len) = @info; if ($id_type == 0) { print STDERR "Found PGP key identifier\n"; } elsif ($id_type == 1) { print STDERR "Found X.509 cert identifier\n"; } elsif ($id_type == 2) { print STDERR "Found PKCS#7/CMS encapsulation\n"; } else { print STDERR "Found unsupported identifier type $id_type\n"; } # # Extract the three pieces of info data # die "Insufficient name+kid+sig data in file\n" unless ($p >= $name_len + $kid_len + $sig_len); $p -= $sig_len; my $raw_sig = substr($buf, $p, $sig_len); $p -= $kid_len; my $raw_kid = substr($buf, $p, $kid_len); $p -= $name_len; my $raw_name = substr($buf, $p, $name_len); my $module_len = $p; if ($sig_len > 0) { print STDERR "Found $sig_len bytes of signature ["; my $n = $sig_len > 16 ? 16 : $sig_len; foreach my $i (unpack("C" x $n, substr($raw_sig, 0, $n))) { printf STDERR "%02x", $i; } print STDERR "]\n"; } if ($kid_len > 0) { print STDERR "Found $kid_len bytes of key identifier ["; my $n = $kid_len > 16 ? 16 : $kid_len; foreach my $i (unpack("C" x $n, substr($raw_kid, 0, $n))) { printf STDERR "%02x", $i; } print STDERR "]\n"; } if ($name_len > 0) { print STDERR "Found $name_len bytes of signer's name [$raw_name]\n"; } # # Produce the requested output # if ($part eq "-0") { # The unsigned module, no signature data at all binmode(STDOUT); print substr($buf, 0, $module_len); } elsif ($part eq "-a") { # All of the signature data, including magic number binmode(STDOUT); print substr($buf, $module_len); } elsif ($part eq "-d") { # Just the descriptor values as a sequence of numbers print join(" ", @info), "\n"; } elsif ($part eq "-n") { # Just the signer's name print STDERR "No signer's name for PKCS#7 message type sig\n" if ($id_type == 2); binmode(STDOUT); print $raw_name; } elsif ($part eq "-k") { # Just the key identifier print STDERR "No key ID for PKCS#7 message type sig\n" if ($id_type == 2); binmode(STDOUT); print $raw_kid; } elsif ($part eq "-s") { # Just the crypto signature or PKCS#7 message binmode(STDOUT); print $raw_sig; } ion>space:mode:
authorArd Biesheuvel <ard.biesheuvel@linaro.org>2017-02-01 17:45:02 +0000
committerIngo Molnar <mingo@kernel.org>2017-02-01 21:17:49 +0100
commitc8f325a59cfc718d13a50fbc746ed9b415c25e92 (patch)
treed53fbdac9d0781e39a13b2ac6b2bd258cf3b4140 /include/net/nexthop.h
parentbf29bddf0417a4783da3b24e8c9e017ac649326f (diff)
efi/fdt: Avoid FDT manipulation after ExitBootServices()
Some AArch64 UEFI implementations disable the MMU in ExitBootServices(), after which unaligned accesses to RAM are no longer supported. Commit: abfb7b686a3e ("efi/libstub/arm*: Pass latest memory map to the kernel") fixed an issue in the memory map handling of the stub FDT code, but inadvertently created an issue with such firmware, by moving some of the FDT manipulation to after the invocation of ExitBootServices(). Given that the stub's libfdt implementation uses the ordinary, accelerated string functions, which rely on hardware handling of unaligned accesses, manipulating the FDT with the MMU off may result in alignment faults. So fix the situation by moving the update_fdt_memmap() call into the callback function invoked by efi_exit_boot_services() right before it calls the ExitBootServices() UEFI service (which is arguably a better place for it anyway) Note that disabling the MMU in ExitBootServices() is not compliant with the UEFI spec, and carries great risk due to the fact that switching from cached to uncached memory accesses halfway through compiler generated code (i.e., involving a stack) can never be done in a way that is architecturally safe. Fixes: abfb7b686a3e ("efi/libstub/arm*: Pass latest memory map to the kernel") Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Tested-by: Riku Voipio <riku.voipio@linaro.org> Cc: <stable@vger.kernel.org> Cc: mark.rutland@arm.com Cc: linux-efi@vger.kernel.org Cc: matt@codeblueprint.co.uk Cc: leif.lindholm@linaro.org Cc: linux-arm-kernel@lists.infradead.org Link: http://lkml.kernel.org/r/1485971102-23330-2-git-send-email-ard.biesheuvel@linaro.org Signed-off-by: Ingo Molnar <mingo@kernel.org>
Diffstat (limited to 'include/net/nexthop.h')