From 8e1678988897ebcc29b318ed78af4808202772df Mon Sep 17 00:00:00 2001
From: Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com>
Date: Tue, 24 Nov 2015 16:19:03 -0500
Subject: KEYS: Use the symbol value for list size, updated by
 scripts/insert-sys-cert

When a certificate is inserted to the image using scripts/writekey, the
value of __cert_list_end does not change. The updated size can be found
out by reading the value pointed by the system_certificate_list_size
symbol.

Signed-off-by: Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com>
Signed-off-by: David Howells <dhowells@redhat.com>
---
 scripts/extract-sys-certs.pl | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/scripts/extract-sys-certs.pl b/scripts/extract-sys-certs.pl
index d476e7d1fd88..8227ca10a494 100755
--- a/scripts/extract-sys-certs.pl
+++ b/scripts/extract-sys-certs.pl
@@ -91,13 +91,15 @@ print "Have $nr_symbols symbols\n";
 
 die "Can't find system certificate list"
     unless (exists($symbols{"__cert_list_start"}) &&
-	    exists($symbols{"__cert_list_end"}));
+	    exists($symbols{"system_certificate_list_size"}));
 
 my $start = Math::BigInt->new($symbols{"__cert_list_start"});
-my $end = Math::BigInt->new($symbols{"__cert_list_end"});
-my $size = $end - $start;
+my $end;
+my $size;
+my $size_sym = Math::BigInt->new($symbols{"system_certificate_list_size"});
 
-printf "Have %u bytes of certs at VMA 0x%x\n", $size, $start;
+open FD, "<$vmlinux" || die $vmlinux;
+binmode(FD);
 
 my $s = undef;
 foreach my $sec (@sections) {
@@ -110,11 +112,24 @@ foreach my $sec (@sections) {
     next unless ($start >= $s_vma);
     next if ($start >= $s_vend);
 
-    die "Cert object partially overflows section $s_name\n"
-	if ($end > $s_vend);
+    die "Certificate list size was not found on the same section\n"
+	if ($size_sym < $s_vma || $size_sym > $s_vend);
 
     die "Cert object in multiple sections: ", $s_name, " and ", $s->{name}, "\n"
 	if ($s);
+
+    my $size_off = $size_sym -$s_vma + $s_foff;
+    my $packed;
+    die $vmlinux if (!defined(sysseek(FD, $size_off, SEEK_SET)));
+    sysread(FD, $packed, 8);
+    $size = unpack 'L!', $packed;
+    $end = $start + $size;
+
+    printf "Have %u bytes of certs at VMA 0x%x\n", $size, $start;
+
+    die "Cert object partially overflows section $s_name\n"
+	if ($end > $s_vend);
+
     $s = $sec;
 }
 
@@ -127,8 +142,6 @@ my $foff = $start - $s->{vma} + $s->{foff};
 
 printf "Certificate list at file offset 0x%x\n", $foff;
 
-open FD, "<$vmlinux" || die $vmlinux;
-binmode(FD);
 die $vmlinux if (!defined(sysseek(FD, $foff, SEEK_SET)));
 my $buf = "";
 my $len = sysread(FD, $buf, $size);
-- 
cgit v1.2.3-59-g8ed1b