* [v1 PATCH 1/2] Refactoring carrying over IMA measuremnet logs over Kexec.
@ 2020-06-07 23:33 ` Prakhar Srivastava
0 siblings, 0 replies; 26+ messages in thread
From: Prakhar Srivastava @ 2020-06-07 23:33 UTC (permalink / raw)
To: linux-arm-kernel, linux-kernel, linuxppc-dev, devicetree,
linux-integrity, linux-security-module
Cc: kstewart, mark.rutland, catalin.marinas, bhsharma, tao.li, zohar,
paulus, vincenzo.frascino, frowand.list, nramas, mpe, masahiroy,
jmorris, takahiro.akashi, benh, serge, pasha.tatashin, will,
prsriva, robh+dt, hsinyi, tusharsu, tglx, allison,
christophe.leroy, mbrugger, balajib, dmitry.kasatkin, james.morse,
gregkh
This patch moves the non-architecture specific code out of powerpc and
adds to security/ima.
Update the arm64 and powerpc kexec file load paths to carry the IMA measurement
logs.
Signed-off-by: Prakhar Srivastava <prsriva@linux.microsoft.com>
---
arch/arm64/Kconfig | 1 +
arch/arm64/include/asm/ima.h | 24 ++++
arch/arm64/include/asm/kexec.h | 3 +
arch/arm64/kernel/machine_kexec_file.c | 47 ++++++--
arch/powerpc/include/asm/ima.h | 9 --
arch/powerpc/kexec/ima.c | 117 +------------------
security/integrity/ima/ima_kexec.c | 151 +++++++++++++++++++++++++
7 files changed, 219 insertions(+), 133 deletions(-)
create mode 100644 arch/arm64/include/asm/ima.h
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 5d513f461957..3d544e2e25e6 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1070,6 +1070,7 @@ config KEXEC
config KEXEC_FILE
bool "kexec file based system call"
select KEXEC_CORE
+ select HAVE_IMA_KEXEC
help
This is new version of kexec system call. This system call is
file based and takes file descriptors as system call argument
diff --git a/arch/arm64/include/asm/ima.h b/arch/arm64/include/asm/ima.h
new file mode 100644
index 000000000000..8946bae8baa2
--- /dev/null
+++ b/arch/arm64/include/asm/ima.h
@@ -0,0 +1,24 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _ASM_ARCH_IMA_H
+#define _ASM_ARCH_IMA_H
+
+struct kimage;
+
+#ifdef CONFIG_IMA_KEXEC
+int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
+ size_t size);
+
+int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node);
+#else
+static inline int arch_ima_add_kexec_buffer(struct kimage *image,
+ unsigned long load_addr, size_t size)
+{
+ return 0;
+}
+static inline int setup_ima_buffer(const struct kimage *image, void *fdt,
+ int chosen_node)
+{
+ return 0;
+}
+#endif /* CONFIG_IMA_KEXEC */
+#endif /* _ASM_ARCH_IMA_H */
diff --git a/arch/arm64/include/asm/kexec.h b/arch/arm64/include/asm/kexec.h
index d24b527e8c00..7bd60c185ad3 100644
--- a/arch/arm64/include/asm/kexec.h
+++ b/arch/arm64/include/asm/kexec.h
@@ -100,6 +100,9 @@ struct kimage_arch {
void *elf_headers;
unsigned long elf_headers_mem;
unsigned long elf_headers_sz;
+
+ phys_addr_t ima_buffer_addr;
+ size_t ima_buffer_size;
};
extern const struct kexec_file_ops kexec_image_ops;
diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c
index b40c3b0def92..1e9007c926db 100644
--- a/arch/arm64/kernel/machine_kexec_file.c
+++ b/arch/arm64/kernel/machine_kexec_file.c
@@ -24,20 +24,37 @@
#include <asm/byteorder.h>
/* relevant device tree properties */
-#define FDT_PROP_KEXEC_ELFHDR "linux,elfcorehdr"
-#define FDT_PROP_MEM_RANGE "linux,usable-memory-range"
-#define FDT_PROP_INITRD_START "linux,initrd-start"
-#define FDT_PROP_INITRD_END "linux,initrd-end"
-#define FDT_PROP_BOOTARGS "bootargs"
-#define FDT_PROP_KASLR_SEED "kaslr-seed"
-#define FDT_PROP_RNG_SEED "rng-seed"
-#define RNG_SEED_SIZE 128
+#define FDT_PROP_KEXEC_ELFHDR "linux,elfcorehdr"
+#define FDT_PROP_MEM_RANGE "linux,usable-memory-range"
+#define FDT_PROP_INITRD_START "linux,initrd-start"
+#define FDT_PROP_INITRD_END "linux,initrd-end"
+#define FDT_PROP_BOOTARGS "bootargs"
+#define FDT_PROP_KASLR_SEED "kaslr-seed"
+#define FDT_PROP_RNG_SEED "rng-seed"
+#define FDT_PROP_IMA_KEXEC_BUFFER "linux,ima-kexec-buffer"
+#define RNG_SEED_SIZE 128
const struct kexec_file_ops * const kexec_file_loaders[] = {
&kexec_image_ops,
NULL
};
+/**
+ * arch_ima_add_kexec_buffer - do arch-specific steps to add the IMA buffer
+ *
+ * Architectures should use this function to pass on the IMA buffer
+ * information to the next kernel.
+ *
+ * Return: 0 on success, negative errno on error.
+ */
+int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
+ size_t size)
+{
+ image->arch.ima_buffer_addr = load_addr;
+ image->arch.ima_buffer_size = size;
+ return 0;
+}
+
int arch_kimage_file_post_load_cleanup(struct kimage *image)
{
vfree(image->arch.dtb);
@@ -66,6 +83,9 @@ static int setup_dtb(struct kimage *image,
if (ret && ret != -FDT_ERR_NOTFOUND)
goto out;
ret = fdt_delprop(dtb, off, FDT_PROP_MEM_RANGE);
+ if (ret && ret != -FDT_ERR_NOTFOUND)
+ goto out;
+ ret = fdt_delprop(dtb, off, FDT_PROP_IMA_KEXEC_BUFFER);
if (ret && ret != -FDT_ERR_NOTFOUND)
goto out;
@@ -119,6 +139,17 @@ static int setup_dtb(struct kimage *image,
goto out;
}
+ if (image->arch.ima_buffer_size > 0) {
+
+ ret = fdt_appendprop_addrrange(dtb, 0, off,
+ FDT_PROP_IMA_KEXEC_BUFFER,
+ image->arch.ima_buffer_addr,
+ image->arch.ima_buffer_size);
+ if (ret)
+ return (ret == -FDT_ERR_NOSPACE ? -ENOMEM : -EINVAL);
+
+ }
+
/* add kaslr-seed */
ret = fdt_delprop(dtb, off, FDT_PROP_KASLR_SEED);
if (ret == -FDT_ERR_NOTFOUND)
diff --git a/arch/powerpc/include/asm/ima.h b/arch/powerpc/include/asm/ima.h
index ead488cf3981..80b83881fa03 100644
--- a/arch/powerpc/include/asm/ima.h
+++ b/arch/powerpc/include/asm/ima.h
@@ -4,15 +4,6 @@
struct kimage;
-int ima_get_kexec_buffer(void **addr, size_t *size);
-int ima_free_kexec_buffer(void);
-
-#ifdef CONFIG_IMA
-void remove_ima_buffer(void *fdt, int chosen_node);
-#else
-static inline void remove_ima_buffer(void *fdt, int chosen_node) {}
-#endif
-
#ifdef CONFIG_IMA_KEXEC
int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
size_t size);
diff --git a/arch/powerpc/kexec/ima.c b/arch/powerpc/kexec/ima.c
index 720e50e490b6..537e4f82a050 100644
--- a/arch/powerpc/kexec/ima.c
+++ b/arch/powerpc/kexec/ima.c
@@ -12,121 +12,6 @@
#include <linux/memblock.h>
#include <linux/libfdt.h>
-static int get_addr_size_cells(int *addr_cells, int *size_cells)
-{
- struct device_node *root;
-
- root = of_find_node_by_path("/");
- if (!root)
- return -EINVAL;
-
- *addr_cells = of_n_addr_cells(root);
- *size_cells = of_n_size_cells(root);
-
- of_node_put(root);
-
- return 0;
-}
-
-static int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr,
- size_t *size)
-{
- int ret, addr_cells, size_cells;
-
- ret = get_addr_size_cells(&addr_cells, &size_cells);
- if (ret)
- return ret;
-
- if (len < 4 * (addr_cells + size_cells))
- return -ENOENT;
-
- *addr = of_read_number(prop, addr_cells);
- *size = of_read_number(prop + 4 * addr_cells, size_cells);
-
- return 0;
-}
-
-/**
- * ima_get_kexec_buffer - get IMA buffer from the previous kernel
- * @addr: On successful return, set to point to the buffer contents.
- * @size: On successful return, set to the buffer size.
- *
- * Return: 0 on success, negative errno on error.
- */
-int ima_get_kexec_buffer(void **addr, size_t *size)
-{
- int ret, len;
- unsigned long tmp_addr;
- size_t tmp_size;
- const void *prop;
-
- prop = of_get_property(of_chosen, "linux,ima-kexec-buffer", &len);
- if (!prop)
- return -ENOENT;
-
- ret = do_get_kexec_buffer(prop, len, &tmp_addr, &tmp_size);
- if (ret)
- return ret;
-
- *addr = __va(tmp_addr);
- *size = tmp_size;
-
- return 0;
-}
-
-/**
- * ima_free_kexec_buffer - free memory used by the IMA buffer
- */
-int ima_free_kexec_buffer(void)
-{
- int ret;
- unsigned long addr;
- size_t size;
- struct property *prop;
-
- prop = of_find_property(of_chosen, "linux,ima-kexec-buffer", NULL);
- if (!prop)
- return -ENOENT;
-
- ret = do_get_kexec_buffer(prop->value, prop->length, &addr, &size);
- if (ret)
- return ret;
-
- ret = of_remove_property(of_chosen, prop);
- if (ret)
- return ret;
-
- return memblock_free(addr, size);
-
-}
-
-/**
- * remove_ima_buffer - remove the IMA buffer property and reservation from @fdt
- *
- * The IMA measurement buffer is of no use to a subsequent kernel, so we always
- * remove it from the device tree.
- */
-void remove_ima_buffer(void *fdt, int chosen_node)
-{
- int ret, len;
- unsigned long addr;
- size_t size;
- const void *prop;
-
- prop = fdt_getprop(fdt, chosen_node, "linux,ima-kexec-buffer", &len);
- if (!prop)
- return;
-
- ret = do_get_kexec_buffer(prop, len, &addr, &size);
- fdt_delprop(fdt, chosen_node, "linux,ima-kexec-buffer");
- if (ret)
- return;
-
- ret = delete_fdt_mem_rsv(fdt, addr, size);
- if (!ret)
- pr_debug("Removed old IMA buffer reservation.\n");
-}
-
#ifdef CONFIG_IMA_KEXEC
/**
* arch_ima_add_kexec_buffer - do arch-specific steps to add the IMA buffer
@@ -179,7 +64,7 @@ int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
int ret, addr_cells, size_cells, entry_size;
u8 value[16];
- remove_ima_buffer(fdt, chosen_node);
+// remove_ima_buffer(fdt, chosen_node);
if (!image->arch.ima_buffer_size)
return 0;
diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
index 121de3e04af2..36887ed4ff82 100644
--- a/security/integrity/ima/ima_kexec.c
+++ b/security/integrity/ima/ima_kexec.c
@@ -10,8 +10,159 @@
#include <linux/seq_file.h>
#include <linux/vmalloc.h>
#include <linux/kexec.h>
+#include <linux/of.h>
+#include <linux/memblock.h>
+#include <linux/libfdt.h>
#include "ima.h"
+static int get_addr_size_cells(int *addr_cells, int *size_cells)
+{
+ struct device_node *root;
+
+ root = of_find_node_by_path("/");
+ if (!root)
+ return -EINVAL;
+
+ *addr_cells = of_n_addr_cells(root);
+ *size_cells = of_n_size_cells(root);
+
+ of_node_put(root);
+
+ return 0;
+}
+
+static int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr,
+ size_t *size)
+{
+ int ret, addr_cells, size_cells;
+
+ ret = get_addr_size_cells(&addr_cells, &size_cells);
+ if (ret)
+ return ret;
+
+ if (len < 4 * (addr_cells + size_cells))
+ return -ENOENT;
+
+ *addr = of_read_number(prop, addr_cells);
+ *size = of_read_number(prop + 4 * addr_cells, size_cells);
+
+ return 0;
+}
+
+/**
+ * ima_get_kexec_buffer - get IMA buffer from the previous kernel
+ * @addr: On successful return, set to point to the buffer contents.
+ * @size: On successful return, set to the buffer size.
+ *
+ * Return: 0 on success, negative errno on error.
+ */
+int ima_get_kexec_buffer(void **addr, size_t *size)
+{
+ int ret, len;
+ unsigned long tmp_addr;
+ size_t tmp_size;
+ const void *prop;
+
+ prop = of_get_property(of_chosen, "linux,ima-kexec-buffer", &len);
+ if (!prop)
+ return -ENOENT;
+
+ ret = do_get_kexec_buffer(prop, len, &tmp_addr, &tmp_size);
+ if (ret)
+ return ret;
+
+ *addr = __va(tmp_addr);
+ *size = tmp_size;
+
+ return 0;
+}
+
+/**
+ * delete_fdt_mem_rsv - delete memory reservation with given address and size
+ *
+ * Return: 0 on success, or negative errno on error.
+ */
+int delete_fdt_mem_rsv(void *fdt, unsigned long start, unsigned long size)
+{
+ int i, ret, num_rsvs = fdt_num_mem_rsv(fdt);
+
+ for (i = 0; i < num_rsvs; i++) {
+ uint64_t rsv_start, rsv_size;
+
+ ret = fdt_get_mem_rsv(fdt, i, &rsv_start, &rsv_size);
+ if (ret) {
+ pr_err("Malformed device tree.\n");
+ return -EINVAL;
+ }
+
+ if (rsv_start == start && rsv_size == size) {
+ ret = fdt_del_mem_rsv(fdt, i);
+ if (ret) {
+ pr_err("Error deleting device tree reservation.\n");
+ return -EINVAL;
+ }
+
+ return 0;
+ }
+ }
+
+ return -ENOENT;
+}
+
+/**
+ * ima_free_kexec_buffer - free memory used by the IMA buffer
+ */
+int ima_free_kexec_buffer(void)
+{
+ int ret;
+ unsigned long addr;
+ size_t size;
+ struct property *prop;
+
+ prop = of_find_property(of_chosen, "linux,ima-kexec-buffer", NULL);
+ if (!prop)
+ return -ENOENT;
+
+ ret = do_get_kexec_buffer(prop->value, prop->length, &addr, &size);
+ if (ret)
+ return ret;
+
+ ret = of_remove_property(of_chosen, prop);
+ if (ret)
+ return ret;
+
+ return memblock_free(addr, size);
+
+}
+
+/**
+ * remove_ima_buffer - remove the IMA buffer property and reservation from @fdt
+ *
+ * The IMA measurement buffer is of no use to a subsequent kernel, so we always
+ * remove it from the device tree.
+ */
+void remove_ima_buffer(void *fdt, int chosen_node)
+{
+ int ret, len;
+ unsigned long addr;
+ size_t size;
+ const void *prop;
+
+ prop = fdt_getprop(fdt, chosen_node, "linux,ima-kexec-buffer", &len);
+ if (!prop)
+ return;
+
+ ret = do_get_kexec_buffer(prop, len, &addr, &size);
+ fdt_delprop(fdt, chosen_node, "linux,ima-kexec-buffer");
+ if (ret)
+ return;
+
+ ret = delete_fdt_mem_rsv(fdt, addr, size);
+ if (!ret)
+ pr_debug("Removed old IMA buffer reservation.\n");
+}
+
+
#ifdef CONFIG_IMA_KEXEC
static int ima_dump_measurement_list(unsigned long *buffer_size, void **buffer,
unsigned long segment_size)
--
2.25.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 26+ messages in thread* [v1 PATCH 1/2] Refactoring carrying over IMA measuremnet logs over Kexec.
@ 2020-06-07 23:33 ` Prakhar Srivastava
0 siblings, 0 replies; 26+ messages in thread
From: Prakhar Srivastava @ 2020-06-07 23:33 UTC (permalink / raw)
To: linux-arm-kernel, linux-kernel, linuxppc-dev, devicetree,
linux-integrity, linux-security-module
Cc: kstewart, mark.rutland, catalin.marinas, bhsharma, tao.li, zohar,
paulus, vincenzo.frascino, frowand.list, nramas, masahiroy,
jmorris, takahiro.akashi, serge, pasha.tatashin, will, prsriva,
robh+dt, hsinyi, tusharsu, tglx, allison, christophe.leroy,
mbrugger, balajib, dmitry.kasatkin, james.morse, gregkh
This patch moves the non-architecture specific code out of powerpc and
adds to security/ima.
Update the arm64 and powerpc kexec file load paths to carry the IMA measurement
logs.
Signed-off-by: Prakhar Srivastava <prsriva@linux.microsoft.com>
---
arch/arm64/Kconfig | 1 +
arch/arm64/include/asm/ima.h | 24 ++++
arch/arm64/include/asm/kexec.h | 3 +
arch/arm64/kernel/machine_kexec_file.c | 47 ++++++--
arch/powerpc/include/asm/ima.h | 9 --
arch/powerpc/kexec/ima.c | 117 +------------------
security/integrity/ima/ima_kexec.c | 151 +++++++++++++++++++++++++
7 files changed, 219 insertions(+), 133 deletions(-)
create mode 100644 arch/arm64/include/asm/ima.h
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 5d513f461957..3d544e2e25e6 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1070,6 +1070,7 @@ config KEXEC
config KEXEC_FILE
bool "kexec file based system call"
select KEXEC_CORE
+ select HAVE_IMA_KEXEC
help
This is new version of kexec system call. This system call is
file based and takes file descriptors as system call argument
diff --git a/arch/arm64/include/asm/ima.h b/arch/arm64/include/asm/ima.h
new file mode 100644
index 000000000000..8946bae8baa2
--- /dev/null
+++ b/arch/arm64/include/asm/ima.h
@@ -0,0 +1,24 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _ASM_ARCH_IMA_H
+#define _ASM_ARCH_IMA_H
+
+struct kimage;
+
+#ifdef CONFIG_IMA_KEXEC
+int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
+ size_t size);
+
+int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node);
+#else
+static inline int arch_ima_add_kexec_buffer(struct kimage *image,
+ unsigned long load_addr, size_t size)
+{
+ return 0;
+}
+static inline int setup_ima_buffer(const struct kimage *image, void *fdt,
+ int chosen_node)
+{
+ return 0;
+}
+#endif /* CONFIG_IMA_KEXEC */
+#endif /* _ASM_ARCH_IMA_H */
diff --git a/arch/arm64/include/asm/kexec.h b/arch/arm64/include/asm/kexec.h
index d24b527e8c00..7bd60c185ad3 100644
--- a/arch/arm64/include/asm/kexec.h
+++ b/arch/arm64/include/asm/kexec.h
@@ -100,6 +100,9 @@ struct kimage_arch {
void *elf_headers;
unsigned long elf_headers_mem;
unsigned long elf_headers_sz;
+
+ phys_addr_t ima_buffer_addr;
+ size_t ima_buffer_size;
};
extern const struct kexec_file_ops kexec_image_ops;
diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c
index b40c3b0def92..1e9007c926db 100644
--- a/arch/arm64/kernel/machine_kexec_file.c
+++ b/arch/arm64/kernel/machine_kexec_file.c
@@ -24,20 +24,37 @@
#include <asm/byteorder.h>
/* relevant device tree properties */
-#define FDT_PROP_KEXEC_ELFHDR "linux,elfcorehdr"
-#define FDT_PROP_MEM_RANGE "linux,usable-memory-range"
-#define FDT_PROP_INITRD_START "linux,initrd-start"
-#define FDT_PROP_INITRD_END "linux,initrd-end"
-#define FDT_PROP_BOOTARGS "bootargs"
-#define FDT_PROP_KASLR_SEED "kaslr-seed"
-#define FDT_PROP_RNG_SEED "rng-seed"
-#define RNG_SEED_SIZE 128
+#define FDT_PROP_KEXEC_ELFHDR "linux,elfcorehdr"
+#define FDT_PROP_MEM_RANGE "linux,usable-memory-range"
+#define FDT_PROP_INITRD_START "linux,initrd-start"
+#define FDT_PROP_INITRD_END "linux,initrd-end"
+#define FDT_PROP_BOOTARGS "bootargs"
+#define FDT_PROP_KASLR_SEED "kaslr-seed"
+#define FDT_PROP_RNG_SEED "rng-seed"
+#define FDT_PROP_IMA_KEXEC_BUFFER "linux,ima-kexec-buffer"
+#define RNG_SEED_SIZE 128
const struct kexec_file_ops * const kexec_file_loaders[] = {
&kexec_image_ops,
NULL
};
+/**
+ * arch_ima_add_kexec_buffer - do arch-specific steps to add the IMA buffer
+ *
+ * Architectures should use this function to pass on the IMA buffer
+ * information to the next kernel.
+ *
+ * Return: 0 on success, negative errno on error.
+ */
+int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
+ size_t size)
+{
+ image->arch.ima_buffer_addr = load_addr;
+ image->arch.ima_buffer_size = size;
+ return 0;
+}
+
int arch_kimage_file_post_load_cleanup(struct kimage *image)
{
vfree(image->arch.dtb);
@@ -66,6 +83,9 @@ static int setup_dtb(struct kimage *image,
if (ret && ret != -FDT_ERR_NOTFOUND)
goto out;
ret = fdt_delprop(dtb, off, FDT_PROP_MEM_RANGE);
+ if (ret && ret != -FDT_ERR_NOTFOUND)
+ goto out;
+ ret = fdt_delprop(dtb, off, FDT_PROP_IMA_KEXEC_BUFFER);
if (ret && ret != -FDT_ERR_NOTFOUND)
goto out;
@@ -119,6 +139,17 @@ static int setup_dtb(struct kimage *image,
goto out;
}
+ if (image->arch.ima_buffer_size > 0) {
+
+ ret = fdt_appendprop_addrrange(dtb, 0, off,
+ FDT_PROP_IMA_KEXEC_BUFFER,
+ image->arch.ima_buffer_addr,
+ image->arch.ima_buffer_size);
+ if (ret)
+ return (ret == -FDT_ERR_NOSPACE ? -ENOMEM : -EINVAL);
+
+ }
+
/* add kaslr-seed */
ret = fdt_delprop(dtb, off, FDT_PROP_KASLR_SEED);
if (ret == -FDT_ERR_NOTFOUND)
diff --git a/arch/powerpc/include/asm/ima.h b/arch/powerpc/include/asm/ima.h
index ead488cf3981..80b83881fa03 100644
--- a/arch/powerpc/include/asm/ima.h
+++ b/arch/powerpc/include/asm/ima.h
@@ -4,15 +4,6 @@
struct kimage;
-int ima_get_kexec_buffer(void **addr, size_t *size);
-int ima_free_kexec_buffer(void);
-
-#ifdef CONFIG_IMA
-void remove_ima_buffer(void *fdt, int chosen_node);
-#else
-static inline void remove_ima_buffer(void *fdt, int chosen_node) {}
-#endif
-
#ifdef CONFIG_IMA_KEXEC
int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
size_t size);
diff --git a/arch/powerpc/kexec/ima.c b/arch/powerpc/kexec/ima.c
index 720e50e490b6..537e4f82a050 100644
--- a/arch/powerpc/kexec/ima.c
+++ b/arch/powerpc/kexec/ima.c
@@ -12,121 +12,6 @@
#include <linux/memblock.h>
#include <linux/libfdt.h>
-static int get_addr_size_cells(int *addr_cells, int *size_cells)
-{
- struct device_node *root;
-
- root = of_find_node_by_path("/");
- if (!root)
- return -EINVAL;
-
- *addr_cells = of_n_addr_cells(root);
- *size_cells = of_n_size_cells(root);
-
- of_node_put(root);
-
- return 0;
-}
-
-static int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr,
- size_t *size)
-{
- int ret, addr_cells, size_cells;
-
- ret = get_addr_size_cells(&addr_cells, &size_cells);
- if (ret)
- return ret;
-
- if (len < 4 * (addr_cells + size_cells))
- return -ENOENT;
-
- *addr = of_read_number(prop, addr_cells);
- *size = of_read_number(prop + 4 * addr_cells, size_cells);
-
- return 0;
-}
-
-/**
- * ima_get_kexec_buffer - get IMA buffer from the previous kernel
- * @addr: On successful return, set to point to the buffer contents.
- * @size: On successful return, set to the buffer size.
- *
- * Return: 0 on success, negative errno on error.
- */
-int ima_get_kexec_buffer(void **addr, size_t *size)
-{
- int ret, len;
- unsigned long tmp_addr;
- size_t tmp_size;
- const void *prop;
-
- prop = of_get_property(of_chosen, "linux,ima-kexec-buffer", &len);
- if (!prop)
- return -ENOENT;
-
- ret = do_get_kexec_buffer(prop, len, &tmp_addr, &tmp_size);
- if (ret)
- return ret;
-
- *addr = __va(tmp_addr);
- *size = tmp_size;
-
- return 0;
-}
-
-/**
- * ima_free_kexec_buffer - free memory used by the IMA buffer
- */
-int ima_free_kexec_buffer(void)
-{
- int ret;
- unsigned long addr;
- size_t size;
- struct property *prop;
-
- prop = of_find_property(of_chosen, "linux,ima-kexec-buffer", NULL);
- if (!prop)
- return -ENOENT;
-
- ret = do_get_kexec_buffer(prop->value, prop->length, &addr, &size);
- if (ret)
- return ret;
-
- ret = of_remove_property(of_chosen, prop);
- if (ret)
- return ret;
-
- return memblock_free(addr, size);
-
-}
-
-/**
- * remove_ima_buffer - remove the IMA buffer property and reservation from @fdt
- *
- * The IMA measurement buffer is of no use to a subsequent kernel, so we always
- * remove it from the device tree.
- */
-void remove_ima_buffer(void *fdt, int chosen_node)
-{
- int ret, len;
- unsigned long addr;
- size_t size;
- const void *prop;
-
- prop = fdt_getprop(fdt, chosen_node, "linux,ima-kexec-buffer", &len);
- if (!prop)
- return;
-
- ret = do_get_kexec_buffer(prop, len, &addr, &size);
- fdt_delprop(fdt, chosen_node, "linux,ima-kexec-buffer");
- if (ret)
- return;
-
- ret = delete_fdt_mem_rsv(fdt, addr, size);
- if (!ret)
- pr_debug("Removed old IMA buffer reservation.\n");
-}
-
#ifdef CONFIG_IMA_KEXEC
/**
* arch_ima_add_kexec_buffer - do arch-specific steps to add the IMA buffer
@@ -179,7 +64,7 @@ int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
int ret, addr_cells, size_cells, entry_size;
u8 value[16];
- remove_ima_buffer(fdt, chosen_node);
+// remove_ima_buffer(fdt, chosen_node);
if (!image->arch.ima_buffer_size)
return 0;
diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
index 121de3e04af2..36887ed4ff82 100644
--- a/security/integrity/ima/ima_kexec.c
+++ b/security/integrity/ima/ima_kexec.c
@@ -10,8 +10,159 @@
#include <linux/seq_file.h>
#include <linux/vmalloc.h>
#include <linux/kexec.h>
+#include <linux/of.h>
+#include <linux/memblock.h>
+#include <linux/libfdt.h>
#include "ima.h"
+static int get_addr_size_cells(int *addr_cells, int *size_cells)
+{
+ struct device_node *root;
+
+ root = of_find_node_by_path("/");
+ if (!root)
+ return -EINVAL;
+
+ *addr_cells = of_n_addr_cells(root);
+ *size_cells = of_n_size_cells(root);
+
+ of_node_put(root);
+
+ return 0;
+}
+
+static int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr,
+ size_t *size)
+{
+ int ret, addr_cells, size_cells;
+
+ ret = get_addr_size_cells(&addr_cells, &size_cells);
+ if (ret)
+ return ret;
+
+ if (len < 4 * (addr_cells + size_cells))
+ return -ENOENT;
+
+ *addr = of_read_number(prop, addr_cells);
+ *size = of_read_number(prop + 4 * addr_cells, size_cells);
+
+ return 0;
+}
+
+/**
+ * ima_get_kexec_buffer - get IMA buffer from the previous kernel
+ * @addr: On successful return, set to point to the buffer contents.
+ * @size: On successful return, set to the buffer size.
+ *
+ * Return: 0 on success, negative errno on error.
+ */
+int ima_get_kexec_buffer(void **addr, size_t *size)
+{
+ int ret, len;
+ unsigned long tmp_addr;
+ size_t tmp_size;
+ const void *prop;
+
+ prop = of_get_property(of_chosen, "linux,ima-kexec-buffer", &len);
+ if (!prop)
+ return -ENOENT;
+
+ ret = do_get_kexec_buffer(prop, len, &tmp_addr, &tmp_size);
+ if (ret)
+ return ret;
+
+ *addr = __va(tmp_addr);
+ *size = tmp_size;
+
+ return 0;
+}
+
+/**
+ * delete_fdt_mem_rsv - delete memory reservation with given address and size
+ *
+ * Return: 0 on success, or negative errno on error.
+ */
+int delete_fdt_mem_rsv(void *fdt, unsigned long start, unsigned long size)
+{
+ int i, ret, num_rsvs = fdt_num_mem_rsv(fdt);
+
+ for (i = 0; i < num_rsvs; i++) {
+ uint64_t rsv_start, rsv_size;
+
+ ret = fdt_get_mem_rsv(fdt, i, &rsv_start, &rsv_size);
+ if (ret) {
+ pr_err("Malformed device tree.\n");
+ return -EINVAL;
+ }
+
+ if (rsv_start == start && rsv_size == size) {
+ ret = fdt_del_mem_rsv(fdt, i);
+ if (ret) {
+ pr_err("Error deleting device tree reservation.\n");
+ return -EINVAL;
+ }
+
+ return 0;
+ }
+ }
+
+ return -ENOENT;
+}
+
+/**
+ * ima_free_kexec_buffer - free memory used by the IMA buffer
+ */
+int ima_free_kexec_buffer(void)
+{
+ int ret;
+ unsigned long addr;
+ size_t size;
+ struct property *prop;
+
+ prop = of_find_property(of_chosen, "linux,ima-kexec-buffer", NULL);
+ if (!prop)
+ return -ENOENT;
+
+ ret = do_get_kexec_buffer(prop->value, prop->length, &addr, &size);
+ if (ret)
+ return ret;
+
+ ret = of_remove_property(of_chosen, prop);
+ if (ret)
+ return ret;
+
+ return memblock_free(addr, size);
+
+}
+
+/**
+ * remove_ima_buffer - remove the IMA buffer property and reservation from @fdt
+ *
+ * The IMA measurement buffer is of no use to a subsequent kernel, so we always
+ * remove it from the device tree.
+ */
+void remove_ima_buffer(void *fdt, int chosen_node)
+{
+ int ret, len;
+ unsigned long addr;
+ size_t size;
+ const void *prop;
+
+ prop = fdt_getprop(fdt, chosen_node, "linux,ima-kexec-buffer", &len);
+ if (!prop)
+ return;
+
+ ret = do_get_kexec_buffer(prop, len, &addr, &size);
+ fdt_delprop(fdt, chosen_node, "linux,ima-kexec-buffer");
+ if (ret)
+ return;
+
+ ret = delete_fdt_mem_rsv(fdt, addr, size);
+ if (!ret)
+ pr_debug("Removed old IMA buffer reservation.\n");
+}
+
+
#ifdef CONFIG_IMA_KEXEC
static int ima_dump_measurement_list(unsigned long *buffer_size, void **buffer,
unsigned long segment_size)
--
2.25.1
^ permalink raw reply related [flat|nested] 26+ messages in thread* Re: [v1 PATCH 1/2] Refactoring carrying over IMA measuremnet logs over Kexec.
2020-06-07 23:33 ` Prakhar Srivastava
(?)
(?)
@ 2020-06-08 1:35 ` kernel test robot
-1 siblings, 0 replies; 26+ messages in thread
From: kernel test robot @ 2020-06-08 1:35 UTC (permalink / raw)
To: Prakhar Srivastava, linux-arm-kernel, linux-kernel, linuxppc-dev,
devicetree, linux-integrity, linux-security-module
Cc: kbuild-all, clang-built-linux, kstewart, mark.rutland,
catalin.marinas, bhsharma
[-- Attachment #1: Type: text/plain, Size: 2638 bytes --]
Hi Prakhar,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on arm64/for-next/core]
[also build test WARNING on powerpc/next soc/for-next v5.7 next-20200605]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]
url: https://github.com/0day-ci/linux/commits/Prakhar-Srivastava/Adding-support-to-carry-IMA-measurement-logs/20200608-073805
base: https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-next/core
config: arm64-randconfig-r012-20200607 (attached as .config)
compiler: clang version 11.0.0 (https://github.com/llvm/llvm-project e429cffd4f228f70c1d9df0e5d77c08590dd9766)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm64 cross compiling tool for clang build
# apt-get install binutils-aarch64-linux-gnu
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>, old ones prefixed by <<):
>> arch/arm64/kernel/machine_kexec_file.c:50:5: warning: no previous prototype for function 'arch_ima_add_kexec_buffer' [-Wmissing-prototypes]
int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
^
arch/arm64/kernel/machine_kexec_file.c:50:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
^
static
1 warning generated.
vim +/arch_ima_add_kexec_buffer +50 arch/arm64/kernel/machine_kexec_file.c
41
42 /**
43 * arch_ima_add_kexec_buffer - do arch-specific steps to add the IMA buffer
44 *
45 * Architectures should use this function to pass on the IMA buffer
46 * information to the next kernel.
47 *
48 * Return: 0 on success, negative errno on error.
49 */
> 50 int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
51 size_t size)
52 {
53 image->arch.ima_buffer_addr = load_addr;
54 image->arch.ima_buffer_size = size;
55 return 0;
56 }
57
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 31953 bytes --]
^ permalink raw reply [flat|nested] 26+ messages in thread* Re: [v1 PATCH 1/2] Refactoring carrying over IMA measuremnet logs over Kexec.
@ 2020-06-08 1:35 ` kernel test robot
0 siblings, 0 replies; 26+ messages in thread
From: kernel test robot @ 2020-06-08 1:35 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 2699 bytes --]
Hi Prakhar,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on arm64/for-next/core]
[also build test WARNING on powerpc/next soc/for-next v5.7 next-20200605]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]
url: https://github.com/0day-ci/linux/commits/Prakhar-Srivastava/Adding-support-to-carry-IMA-measurement-logs/20200608-073805
base: https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-next/core
config: arm64-randconfig-r012-20200607 (attached as .config)
compiler: clang version 11.0.0 (https://github.com/llvm/llvm-project e429cffd4f228f70c1d9df0e5d77c08590dd9766)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm64 cross compiling tool for clang build
# apt-get install binutils-aarch64-linux-gnu
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>, old ones prefixed by <<):
>> arch/arm64/kernel/machine_kexec_file.c:50:5: warning: no previous prototype for function 'arch_ima_add_kexec_buffer' [-Wmissing-prototypes]
int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
^
arch/arm64/kernel/machine_kexec_file.c:50:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
^
static
1 warning generated.
vim +/arch_ima_add_kexec_buffer +50 arch/arm64/kernel/machine_kexec_file.c
41
42 /**
43 * arch_ima_add_kexec_buffer - do arch-specific steps to add the IMA buffer
44 *
45 * Architectures should use this function to pass on the IMA buffer
46 * information to the next kernel.
47 *
48 * Return: 0 on success, negative errno on error.
49 */
> 50 int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
51 size_t size)
52 {
53 image->arch.ima_buffer_addr = load_addr;
54 image->arch.ima_buffer_size = size;
55 return 0;
56 }
57
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 31953 bytes --]
^ permalink raw reply [flat|nested] 26+ messages in thread* Re: [v1 PATCH 1/2] Refactoring carrying over IMA measuremnet logs over Kexec.
@ 2020-06-08 1:35 ` kernel test robot
0 siblings, 0 replies; 26+ messages in thread
From: kernel test robot @ 2020-06-08 1:35 UTC (permalink / raw)
To: Prakhar Srivastava, linux-arm-kernel, linux-kernel, linuxppc-dev,
devicetree, linux-integrity, linux-security-module
Cc: kstewart, mark.rutland, kbuild-all, catalin.marinas, bhsharma,
clang-built-linux
[-- Attachment #1: Type: text/plain, Size: 2638 bytes --]
Hi Prakhar,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on arm64/for-next/core]
[also build test WARNING on powerpc/next soc/for-next v5.7 next-20200605]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]
url: https://github.com/0day-ci/linux/commits/Prakhar-Srivastava/Adding-support-to-carry-IMA-measurement-logs/20200608-073805
base: https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-next/core
config: arm64-randconfig-r012-20200607 (attached as .config)
compiler: clang version 11.0.0 (https://github.com/llvm/llvm-project e429cffd4f228f70c1d9df0e5d77c08590dd9766)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm64 cross compiling tool for clang build
# apt-get install binutils-aarch64-linux-gnu
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>, old ones prefixed by <<):
>> arch/arm64/kernel/machine_kexec_file.c:50:5: warning: no previous prototype for function 'arch_ima_add_kexec_buffer' [-Wmissing-prototypes]
int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
^
arch/arm64/kernel/machine_kexec_file.c:50:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
^
static
1 warning generated.
vim +/arch_ima_add_kexec_buffer +50 arch/arm64/kernel/machine_kexec_file.c
41
42 /**
43 * arch_ima_add_kexec_buffer - do arch-specific steps to add the IMA buffer
44 *
45 * Architectures should use this function to pass on the IMA buffer
46 * information to the next kernel.
47 *
48 * Return: 0 on success, negative errno on error.
49 */
> 50 int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
51 size_t size)
52 {
53 image->arch.ima_buffer_addr = load_addr;
54 image->arch.ima_buffer_size = size;
55 return 0;
56 }
57
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 31953 bytes --]
[-- Attachment #3: Type: text/plain, Size: 176 bytes --]
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 26+ messages in thread* Re: [v1 PATCH 1/2] Refactoring carrying over IMA measuremnet logs over Kexec.
@ 2020-06-08 1:35 ` kernel test robot
0 siblings, 0 replies; 26+ messages in thread
From: kernel test robot @ 2020-06-08 1:35 UTC (permalink / raw)
To: Prakhar Srivastava, linux-arm-kernel, linux-kernel, linuxppc-dev,
devicetree, linux-integrity, linux-security-module
Cc: kstewart, mark.rutland, kbuild-all, catalin.marinas, bhsharma,
clang-built-linux
[-- Attachment #1: Type: text/plain, Size: 2638 bytes --]
Hi Prakhar,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on arm64/for-next/core]
[also build test WARNING on powerpc/next soc/for-next v5.7 next-20200605]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]
url: https://github.com/0day-ci/linux/commits/Prakhar-Srivastava/Adding-support-to-carry-IMA-measurement-logs/20200608-073805
base: https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-next/core
config: arm64-randconfig-r012-20200607 (attached as .config)
compiler: clang version 11.0.0 (https://github.com/llvm/llvm-project e429cffd4f228f70c1d9df0e5d77c08590dd9766)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm64 cross compiling tool for clang build
# apt-get install binutils-aarch64-linux-gnu
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>, old ones prefixed by <<):
>> arch/arm64/kernel/machine_kexec_file.c:50:5: warning: no previous prototype for function 'arch_ima_add_kexec_buffer' [-Wmissing-prototypes]
int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
^
arch/arm64/kernel/machine_kexec_file.c:50:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
^
static
1 warning generated.
vim +/arch_ima_add_kexec_buffer +50 arch/arm64/kernel/machine_kexec_file.c
41
42 /**
43 * arch_ima_add_kexec_buffer - do arch-specific steps to add the IMA buffer
44 *
45 * Architectures should use this function to pass on the IMA buffer
46 * information to the next kernel.
47 *
48 * Return: 0 on success, negative errno on error.
49 */
> 50 int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
51 size_t size)
52 {
53 image->arch.ima_buffer_addr = load_addr;
54 image->arch.ima_buffer_size = size;
55 return 0;
56 }
57
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 31953 bytes --]
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [v1 PATCH 1/2] Refactoring carrying over IMA measuremnet logs over Kexec.
2020-06-07 23:33 ` Prakhar Srivastava
(?)
(?)
@ 2020-06-08 1:47 ` kernel test robot
-1 siblings, 0 replies; 26+ messages in thread
From: kernel test robot @ 2020-06-08 1:47 UTC (permalink / raw)
To: Prakhar Srivastava, linux-arm-kernel, linux-kernel, linuxppc-dev,
devicetree, linux-integrity, linux-security-module
Cc: kbuild-all, kstewart, mark.rutland, catalin.marinas, bhsharma
[-- Attachment #1: Type: text/plain, Size: 4642 bytes --]
Hi Prakhar,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on arm64/for-next/core]
[also build test ERROR on powerpc/next soc/for-next v5.7 next-20200605]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]
url: https://github.com/0day-ci/linux/commits/Prakhar-Srivastava/Adding-support-to-carry-IMA-measurement-logs/20200608-073805
base: https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-next/core
config: powerpc-allyesconfig (attached as .config)
compiler: powerpc64-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=powerpc
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>, old ones prefixed by <<):
arch/powerpc/kexec/ima.c:24:5: warning: no previous prototype for 'arch_ima_add_kexec_buffer' [-Wmissing-prototypes]
24 | int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
| ^~~~~~~~~~~~~~~~~~~~~~~~~
arch/powerpc/kexec/ima.c:62:5: warning: no previous prototype for 'setup_ima_buffer' [-Wmissing-prototypes]
62 | int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
| ^~~~~~~~~~~~~~~~
arch/powerpc/kexec/ima.c: In function 'setup_ima_buffer':
>> arch/powerpc/kexec/ima.c:71:8: error: implicit declaration of function 'get_addr_size_cells'; did you mean 'fdt_address_cells'? [-Werror=implicit-function-declaration]
71 | ret = get_addr_size_cells(&addr_cells, &size_cells);
| ^~~~~~~~~~~~~~~~~~~
| fdt_address_cells
cc1: some warnings being treated as errors
vim +71 arch/powerpc/kexec/ima.c
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 53
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 54 /**
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 55 * setup_ima_buffer - add IMA buffer information to the fdt
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 56 * @image: kexec image being loaded.
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 57 * @fdt: Flattened device tree for the next kernel.
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 58 * @chosen_node: Offset to the chosen node.
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 59 *
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 60 * Return: 0 on success, or negative errno on error.
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 61 */
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 62 int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 63 {
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 64 int ret, addr_cells, size_cells, entry_size;
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 65 u8 value[16];
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 66
aea659ce44ba07 arch/powerpc/kexec/ima.c Prakhar Srivastava 2020-06-07 67 // remove_ima_buffer(fdt, chosen_node);
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 68 if (!image->arch.ima_buffer_size)
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 69 return 0;
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 70
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 @71 ret = get_addr_size_cells(&addr_cells, &size_cells);
:::::: The code at line 71 was first introduced by commit
:::::: ab6b1d1fc4aae6b8bd6fb1422405568094c9b40f powerpc: ima: send the kexec buffer to the next kernel
:::::: TO: Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>
:::::: CC: Linus Torvalds <torvalds@linux-foundation.org>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 66079 bytes --]
^ permalink raw reply [flat|nested] 26+ messages in thread* Re: [v1 PATCH 1/2] Refactoring carrying over IMA measuremnet logs over Kexec.
@ 2020-06-08 1:47 ` kernel test robot
0 siblings, 0 replies; 26+ messages in thread
From: kernel test robot @ 2020-06-08 1:47 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 4713 bytes --]
Hi Prakhar,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on arm64/for-next/core]
[also build test ERROR on powerpc/next soc/for-next v5.7 next-20200605]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]
url: https://github.com/0day-ci/linux/commits/Prakhar-Srivastava/Adding-support-to-carry-IMA-measurement-logs/20200608-073805
base: https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-next/core
config: powerpc-allyesconfig (attached as .config)
compiler: powerpc64-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=powerpc
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>, old ones prefixed by <<):
arch/powerpc/kexec/ima.c:24:5: warning: no previous prototype for 'arch_ima_add_kexec_buffer' [-Wmissing-prototypes]
24 | int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
| ^~~~~~~~~~~~~~~~~~~~~~~~~
arch/powerpc/kexec/ima.c:62:5: warning: no previous prototype for 'setup_ima_buffer' [-Wmissing-prototypes]
62 | int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
| ^~~~~~~~~~~~~~~~
arch/powerpc/kexec/ima.c: In function 'setup_ima_buffer':
>> arch/powerpc/kexec/ima.c:71:8: error: implicit declaration of function 'get_addr_size_cells'; did you mean 'fdt_address_cells'? [-Werror=implicit-function-declaration]
71 | ret = get_addr_size_cells(&addr_cells, &size_cells);
| ^~~~~~~~~~~~~~~~~~~
| fdt_address_cells
cc1: some warnings being treated as errors
vim +71 arch/powerpc/kexec/ima.c
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 53
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 54 /**
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 55 * setup_ima_buffer - add IMA buffer information to the fdt
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 56 * @image: kexec image being loaded.
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 57 * @fdt: Flattened device tree for the next kernel.
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 58 * @chosen_node: Offset to the chosen node.
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 59 *
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 60 * Return: 0 on success, or negative errno on error.
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 61 */
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 62 int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 63 {
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 64 int ret, addr_cells, size_cells, entry_size;
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 65 u8 value[16];
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 66
aea659ce44ba07 arch/powerpc/kexec/ima.c Prakhar Srivastava 2020-06-07 67 // remove_ima_buffer(fdt, chosen_node);
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 68 if (!image->arch.ima_buffer_size)
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 69 return 0;
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 70
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 @71 ret = get_addr_size_cells(&addr_cells, &size_cells);
:::::: The code at line 71 was first introduced by commit
:::::: ab6b1d1fc4aae6b8bd6fb1422405568094c9b40f powerpc: ima: send the kexec buffer to the next kernel
:::::: TO: Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>
:::::: CC: Linus Torvalds <torvalds@linux-foundation.org>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 66079 bytes --]
^ permalink raw reply [flat|nested] 26+ messages in thread* Re: [v1 PATCH 1/2] Refactoring carrying over IMA measuremnet logs over Kexec.
@ 2020-06-08 1:47 ` kernel test robot
0 siblings, 0 replies; 26+ messages in thread
From: kernel test robot @ 2020-06-08 1:47 UTC (permalink / raw)
To: Prakhar Srivastava, linux-arm-kernel, linux-kernel, linuxppc-dev,
devicetree, linux-integrity, linux-security-module
Cc: kstewart, mark.rutland, bhsharma, kbuild-all, catalin.marinas
[-- Attachment #1: Type: text/plain, Size: 4642 bytes --]
Hi Prakhar,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on arm64/for-next/core]
[also build test ERROR on powerpc/next soc/for-next v5.7 next-20200605]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]
url: https://github.com/0day-ci/linux/commits/Prakhar-Srivastava/Adding-support-to-carry-IMA-measurement-logs/20200608-073805
base: https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-next/core
config: powerpc-allyesconfig (attached as .config)
compiler: powerpc64-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=powerpc
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>, old ones prefixed by <<):
arch/powerpc/kexec/ima.c:24:5: warning: no previous prototype for 'arch_ima_add_kexec_buffer' [-Wmissing-prototypes]
24 | int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
| ^~~~~~~~~~~~~~~~~~~~~~~~~
arch/powerpc/kexec/ima.c:62:5: warning: no previous prototype for 'setup_ima_buffer' [-Wmissing-prototypes]
62 | int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
| ^~~~~~~~~~~~~~~~
arch/powerpc/kexec/ima.c: In function 'setup_ima_buffer':
>> arch/powerpc/kexec/ima.c:71:8: error: implicit declaration of function 'get_addr_size_cells'; did you mean 'fdt_address_cells'? [-Werror=implicit-function-declaration]
71 | ret = get_addr_size_cells(&addr_cells, &size_cells);
| ^~~~~~~~~~~~~~~~~~~
| fdt_address_cells
cc1: some warnings being treated as errors
vim +71 arch/powerpc/kexec/ima.c
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 53
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 54 /**
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 55 * setup_ima_buffer - add IMA buffer information to the fdt
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 56 * @image: kexec image being loaded.
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 57 * @fdt: Flattened device tree for the next kernel.
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 58 * @chosen_node: Offset to the chosen node.
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 59 *
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 60 * Return: 0 on success, or negative errno on error.
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 61 */
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 62 int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 63 {
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 64 int ret, addr_cells, size_cells, entry_size;
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 65 u8 value[16];
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 66
aea659ce44ba07 arch/powerpc/kexec/ima.c Prakhar Srivastava 2020-06-07 67 // remove_ima_buffer(fdt, chosen_node);
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 68 if (!image->arch.ima_buffer_size)
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 69 return 0;
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 70
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 @71 ret = get_addr_size_cells(&addr_cells, &size_cells);
:::::: The code at line 71 was first introduced by commit
:::::: ab6b1d1fc4aae6b8bd6fb1422405568094c9b40f powerpc: ima: send the kexec buffer to the next kernel
:::::: TO: Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>
:::::: CC: Linus Torvalds <torvalds@linux-foundation.org>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 66079 bytes --]
[-- Attachment #3: Type: text/plain, Size: 176 bytes --]
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 26+ messages in thread* Re: [v1 PATCH 1/2] Refactoring carrying over IMA measuremnet logs over Kexec.
@ 2020-06-08 1:47 ` kernel test robot
0 siblings, 0 replies; 26+ messages in thread
From: kernel test robot @ 2020-06-08 1:47 UTC (permalink / raw)
To: Prakhar Srivastava, linux-arm-kernel, linux-kernel, linuxppc-dev,
devicetree, linux-integrity, linux-security-module
Cc: kstewart, mark.rutland, bhsharma, kbuild-all, catalin.marinas
[-- Attachment #1: Type: text/plain, Size: 4642 bytes --]
Hi Prakhar,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on arm64/for-next/core]
[also build test ERROR on powerpc/next soc/for-next v5.7 next-20200605]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]
url: https://github.com/0day-ci/linux/commits/Prakhar-Srivastava/Adding-support-to-carry-IMA-measurement-logs/20200608-073805
base: https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-next/core
config: powerpc-allyesconfig (attached as .config)
compiler: powerpc64-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=powerpc
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>, old ones prefixed by <<):
arch/powerpc/kexec/ima.c:24:5: warning: no previous prototype for 'arch_ima_add_kexec_buffer' [-Wmissing-prototypes]
24 | int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
| ^~~~~~~~~~~~~~~~~~~~~~~~~
arch/powerpc/kexec/ima.c:62:5: warning: no previous prototype for 'setup_ima_buffer' [-Wmissing-prototypes]
62 | int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
| ^~~~~~~~~~~~~~~~
arch/powerpc/kexec/ima.c: In function 'setup_ima_buffer':
>> arch/powerpc/kexec/ima.c:71:8: error: implicit declaration of function 'get_addr_size_cells'; did you mean 'fdt_address_cells'? [-Werror=implicit-function-declaration]
71 | ret = get_addr_size_cells(&addr_cells, &size_cells);
| ^~~~~~~~~~~~~~~~~~~
| fdt_address_cells
cc1: some warnings being treated as errors
vim +71 arch/powerpc/kexec/ima.c
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 53
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 54 /**
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 55 * setup_ima_buffer - add IMA buffer information to the fdt
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 56 * @image: kexec image being loaded.
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 57 * @fdt: Flattened device tree for the next kernel.
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 58 * @chosen_node: Offset to the chosen node.
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 59 *
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 60 * Return: 0 on success, or negative errno on error.
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 61 */
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 62 int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 63 {
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 64 int ret, addr_cells, size_cells, entry_size;
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 65 u8 value[16];
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 66
aea659ce44ba07 arch/powerpc/kexec/ima.c Prakhar Srivastava 2020-06-07 67 // remove_ima_buffer(fdt, chosen_node);
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 68 if (!image->arch.ima_buffer_size)
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 69 return 0;
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 70
ab6b1d1fc4aae6 arch/powerpc/kernel/ima_kexec.c Thiago Jung Bauermann 2016-12-19 @71 ret = get_addr_size_cells(&addr_cells, &size_cells);
:::::: The code at line 71 was first introduced by commit
:::::: ab6b1d1fc4aae6b8bd6fb1422405568094c9b40f powerpc: ima: send the kexec buffer to the next kernel
:::::: TO: Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>
:::::: CC: Linus Torvalds <torvalds@linux-foundation.org>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 66079 bytes --]
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [v1 PATCH 1/2] Refactoring carrying over IMA measuremnet logs over Kexec.
2020-06-07 23:33 ` Prakhar Srivastava
(?)
@ 2020-06-08 2:29 ` kernel test robot
-1 siblings, 0 replies; 26+ messages in thread
From: kernel test robot @ 2020-06-08 2:29 UTC (permalink / raw)
To: Prakhar Srivastava, linux-arm-kernel, linux-kernel, linuxppc-dev,
devicetree, linux-integrity, linux-security-module
Cc: kstewart, mark.rutland, bhsharma, kbuild-all, catalin.marinas
[-- Attachment #1: Type: text/plain, Size: 5700 bytes --]
Hi Prakhar,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on arm64/for-next/core]
[also build test WARNING on powerpc/next soc/for-next v5.7 next-20200605]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]
url: https://github.com/0day-ci/linux/commits/Prakhar-Srivastava/Adding-support-to-carry-IMA-measurement-logs/20200608-073805
base: https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-next/core
config: arm64-allyesconfig (attached as .config)
compiler: aarch64-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=arm64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>, old ones prefixed by <<):
>> security/integrity/ima/ima_kexec.c:59:5: warning: no previous prototype for 'ima_get_kexec_buffer' [-Wmissing-prototypes]
59 | int ima_get_kexec_buffer(void **addr, size_t *size)
| ^~~~~~~~~~~~~~~~~~~~
>> security/integrity/ima/ima_kexec.c:85:5: warning: no previous prototype for 'delete_fdt_mem_rsv' [-Wmissing-prototypes]
85 | int delete_fdt_mem_rsv(void *fdt, unsigned long start, unsigned long size)
| ^~~~~~~~~~~~~~~~~~
>> security/integrity/ima/ima_kexec.c:115:5: warning: no previous prototype for 'ima_free_kexec_buffer' [-Wmissing-prototypes]
115 | int ima_free_kexec_buffer(void)
| ^~~~~~~~~~~~~~~~~~~~~
>> security/integrity/ima/ima_kexec.c:144:6: warning: no previous prototype for 'remove_ima_buffer' [-Wmissing-prototypes]
144 | void remove_ima_buffer(void *fdt, int chosen_node)
| ^~~~~~~~~~~~~~~~~
security/integrity/ima/ima_kexec.c:231:6: warning: no previous prototype for 'ima_add_kexec_buffer' [-Wmissing-prototypes]
231 | void ima_add_kexec_buffer(struct kimage *image)
| ^~~~~~~~~~~~~~~~~~~~
vim +/ima_get_kexec_buffer +59 security/integrity/ima/ima_kexec.c
51
52 /**
53 * ima_get_kexec_buffer - get IMA buffer from the previous kernel
54 * @addr: On successful return, set to point to the buffer contents.
55 * @size: On successful return, set to the buffer size.
56 *
57 * Return: 0 on success, negative errno on error.
58 */
> 59 int ima_get_kexec_buffer(void **addr, size_t *size)
60 {
61 int ret, len;
62 unsigned long tmp_addr;
63 size_t tmp_size;
64 const void *prop;
65
66 prop = of_get_property(of_chosen, "linux,ima-kexec-buffer", &len);
67 if (!prop)
68 return -ENOENT;
69
70 ret = do_get_kexec_buffer(prop, len, &tmp_addr, &tmp_size);
71 if (ret)
72 return ret;
73
74 *addr = __va(tmp_addr);
75 *size = tmp_size;
76
77 return 0;
78 }
79
80 /**
81 * delete_fdt_mem_rsv - delete memory reservation with given address and size
82 *
83 * Return: 0 on success, or negative errno on error.
84 */
> 85 int delete_fdt_mem_rsv(void *fdt, unsigned long start, unsigned long size)
86 {
87 int i, ret, num_rsvs = fdt_num_mem_rsv(fdt);
88
89 for (i = 0; i < num_rsvs; i++) {
90 uint64_t rsv_start, rsv_size;
91
92 ret = fdt_get_mem_rsv(fdt, i, &rsv_start, &rsv_size);
93 if (ret) {
94 pr_err("Malformed device tree.\n");
95 return -EINVAL;
96 }
97
98 if (rsv_start == start && rsv_size == size) {
99 ret = fdt_del_mem_rsv(fdt, i);
100 if (ret) {
101 pr_err("Error deleting device tree reservation.\n");
102 return -EINVAL;
103 }
104
105 return 0;
106 }
107 }
108
109 return -ENOENT;
110 }
111
112 /**
113 * ima_free_kexec_buffer - free memory used by the IMA buffer
114 */
> 115 int ima_free_kexec_buffer(void)
116 {
117 int ret;
118 unsigned long addr;
119 size_t size;
120 struct property *prop;
121
122 prop = of_find_property(of_chosen, "linux,ima-kexec-buffer", NULL);
123 if (!prop)
124 return -ENOENT;
125
126 ret = do_get_kexec_buffer(prop->value, prop->length, &addr, &size);
127 if (ret)
128 return ret;
129
130 ret = of_remove_property(of_chosen, prop);
131 if (ret)
132 return ret;
133
134 return memblock_free(addr, size);
135
136 }
137
138 /**
139 * remove_ima_buffer - remove the IMA buffer property and reservation from @fdt
140 *
141 * The IMA measurement buffer is of no use to a subsequent kernel, so we always
142 * remove it from the device tree.
143 */
> 144 void remove_ima_buffer(void *fdt, int chosen_node)
145 {
146 int ret, len;
147 unsigned long addr;
148 size_t size;
149 const void *prop;
150
151 prop = fdt_getprop(fdt, chosen_node, "linux,ima-kexec-buffer", &len);
152 if (!prop)
153 return;
154
155 ret = do_get_kexec_buffer(prop, len, &addr, &size);
156 fdt_delprop(fdt, chosen_node, "linux,ima-kexec-buffer");
157 if (ret)
158 return;
159
160 ret = delete_fdt_mem_rsv(fdt, addr, size);
161 if (!ret)
162 pr_debug("Removed old IMA buffer reservation.\n");
163 }
164
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 71849 bytes --]
^ permalink raw reply [flat|nested] 26+ messages in thread* Re: [v1 PATCH 1/2] Refactoring carrying over IMA measuremnet logs over Kexec.
@ 2020-06-08 2:29 ` kernel test robot
0 siblings, 0 replies; 26+ messages in thread
From: kernel test robot @ 2020-06-08 2:29 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 5863 bytes --]
Hi Prakhar,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on arm64/for-next/core]
[also build test WARNING on powerpc/next soc/for-next v5.7 next-20200605]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]
url: https://github.com/0day-ci/linux/commits/Prakhar-Srivastava/Adding-support-to-carry-IMA-measurement-logs/20200608-073805
base: https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-next/core
config: arm64-allyesconfig (attached as .config)
compiler: aarch64-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=arm64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>, old ones prefixed by <<):
>> security/integrity/ima/ima_kexec.c:59:5: warning: no previous prototype for 'ima_get_kexec_buffer' [-Wmissing-prototypes]
59 | int ima_get_kexec_buffer(void **addr, size_t *size)
| ^~~~~~~~~~~~~~~~~~~~
>> security/integrity/ima/ima_kexec.c:85:5: warning: no previous prototype for 'delete_fdt_mem_rsv' [-Wmissing-prototypes]
85 | int delete_fdt_mem_rsv(void *fdt, unsigned long start, unsigned long size)
| ^~~~~~~~~~~~~~~~~~
>> security/integrity/ima/ima_kexec.c:115:5: warning: no previous prototype for 'ima_free_kexec_buffer' [-Wmissing-prototypes]
115 | int ima_free_kexec_buffer(void)
| ^~~~~~~~~~~~~~~~~~~~~
>> security/integrity/ima/ima_kexec.c:144:6: warning: no previous prototype for 'remove_ima_buffer' [-Wmissing-prototypes]
144 | void remove_ima_buffer(void *fdt, int chosen_node)
| ^~~~~~~~~~~~~~~~~
security/integrity/ima/ima_kexec.c:231:6: warning: no previous prototype for 'ima_add_kexec_buffer' [-Wmissing-prototypes]
231 | void ima_add_kexec_buffer(struct kimage *image)
| ^~~~~~~~~~~~~~~~~~~~
vim +/ima_get_kexec_buffer +59 security/integrity/ima/ima_kexec.c
51
52 /**
53 * ima_get_kexec_buffer - get IMA buffer from the previous kernel
54 * @addr: On successful return, set to point to the buffer contents.
55 * @size: On successful return, set to the buffer size.
56 *
57 * Return: 0 on success, negative errno on error.
58 */
> 59 int ima_get_kexec_buffer(void **addr, size_t *size)
60 {
61 int ret, len;
62 unsigned long tmp_addr;
63 size_t tmp_size;
64 const void *prop;
65
66 prop = of_get_property(of_chosen, "linux,ima-kexec-buffer", &len);
67 if (!prop)
68 return -ENOENT;
69
70 ret = do_get_kexec_buffer(prop, len, &tmp_addr, &tmp_size);
71 if (ret)
72 return ret;
73
74 *addr = __va(tmp_addr);
75 *size = tmp_size;
76
77 return 0;
78 }
79
80 /**
81 * delete_fdt_mem_rsv - delete memory reservation with given address and size
82 *
83 * Return: 0 on success, or negative errno on error.
84 */
> 85 int delete_fdt_mem_rsv(void *fdt, unsigned long start, unsigned long size)
86 {
87 int i, ret, num_rsvs = fdt_num_mem_rsv(fdt);
88
89 for (i = 0; i < num_rsvs; i++) {
90 uint64_t rsv_start, rsv_size;
91
92 ret = fdt_get_mem_rsv(fdt, i, &rsv_start, &rsv_size);
93 if (ret) {
94 pr_err("Malformed device tree.\n");
95 return -EINVAL;
96 }
97
98 if (rsv_start == start && rsv_size == size) {
99 ret = fdt_del_mem_rsv(fdt, i);
100 if (ret) {
101 pr_err("Error deleting device tree reservation.\n");
102 return -EINVAL;
103 }
104
105 return 0;
106 }
107 }
108
109 return -ENOENT;
110 }
111
112 /**
113 * ima_free_kexec_buffer - free memory used by the IMA buffer
114 */
> 115 int ima_free_kexec_buffer(void)
116 {
117 int ret;
118 unsigned long addr;
119 size_t size;
120 struct property *prop;
121
122 prop = of_find_property(of_chosen, "linux,ima-kexec-buffer", NULL);
123 if (!prop)
124 return -ENOENT;
125
126 ret = do_get_kexec_buffer(prop->value, prop->length, &addr, &size);
127 if (ret)
128 return ret;
129
130 ret = of_remove_property(of_chosen, prop);
131 if (ret)
132 return ret;
133
134 return memblock_free(addr, size);
135
136 }
137
138 /**
139 * remove_ima_buffer - remove the IMA buffer property and reservation from @fdt
140 *
141 * The IMA measurement buffer is of no use to a subsequent kernel, so we always
142 * remove it from the device tree.
143 */
> 144 void remove_ima_buffer(void *fdt, int chosen_node)
145 {
146 int ret, len;
147 unsigned long addr;
148 size_t size;
149 const void *prop;
150
151 prop = fdt_getprop(fdt, chosen_node, "linux,ima-kexec-buffer", &len);
152 if (!prop)
153 return;
154
155 ret = do_get_kexec_buffer(prop, len, &addr, &size);
156 fdt_delprop(fdt, chosen_node, "linux,ima-kexec-buffer");
157 if (ret)
158 return;
159
160 ret = delete_fdt_mem_rsv(fdt, addr, size);
161 if (!ret)
162 pr_debug("Removed old IMA buffer reservation.\n");
163 }
164
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 71849 bytes --]
^ permalink raw reply [flat|nested] 26+ messages in thread* Re: [v1 PATCH 1/2] Refactoring carrying over IMA measuremnet logs over Kexec.
@ 2020-06-08 2:29 ` kernel test robot
0 siblings, 0 replies; 26+ messages in thread
From: kernel test robot @ 2020-06-08 2:29 UTC (permalink / raw)
To: Prakhar Srivastava, linux-arm-kernel, linux-kernel, linuxppc-dev,
devicetree, linux-integrity, linux-security-module
Cc: kbuild-all, kstewart, mark.rutland, catalin.marinas, bhsharma
[-- Attachment #1: Type: text/plain, Size: 5700 bytes --]
Hi Prakhar,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on arm64/for-next/core]
[also build test WARNING on powerpc/next soc/for-next v5.7 next-20200605]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]
url: https://github.com/0day-ci/linux/commits/Prakhar-Srivastava/Adding-support-to-carry-IMA-measurement-logs/20200608-073805
base: https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-next/core
config: arm64-allyesconfig (attached as .config)
compiler: aarch64-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=arm64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>, old ones prefixed by <<):
>> security/integrity/ima/ima_kexec.c:59:5: warning: no previous prototype for 'ima_get_kexec_buffer' [-Wmissing-prototypes]
59 | int ima_get_kexec_buffer(void **addr, size_t *size)
| ^~~~~~~~~~~~~~~~~~~~
>> security/integrity/ima/ima_kexec.c:85:5: warning: no previous prototype for 'delete_fdt_mem_rsv' [-Wmissing-prototypes]
85 | int delete_fdt_mem_rsv(void *fdt, unsigned long start, unsigned long size)
| ^~~~~~~~~~~~~~~~~~
>> security/integrity/ima/ima_kexec.c:115:5: warning: no previous prototype for 'ima_free_kexec_buffer' [-Wmissing-prototypes]
115 | int ima_free_kexec_buffer(void)
| ^~~~~~~~~~~~~~~~~~~~~
>> security/integrity/ima/ima_kexec.c:144:6: warning: no previous prototype for 'remove_ima_buffer' [-Wmissing-prototypes]
144 | void remove_ima_buffer(void *fdt, int chosen_node)
| ^~~~~~~~~~~~~~~~~
security/integrity/ima/ima_kexec.c:231:6: warning: no previous prototype for 'ima_add_kexec_buffer' [-Wmissing-prototypes]
231 | void ima_add_kexec_buffer(struct kimage *image)
| ^~~~~~~~~~~~~~~~~~~~
vim +/ima_get_kexec_buffer +59 security/integrity/ima/ima_kexec.c
51
52 /**
53 * ima_get_kexec_buffer - get IMA buffer from the previous kernel
54 * @addr: On successful return, set to point to the buffer contents.
55 * @size: On successful return, set to the buffer size.
56 *
57 * Return: 0 on success, negative errno on error.
58 */
> 59 int ima_get_kexec_buffer(void **addr, size_t *size)
60 {
61 int ret, len;
62 unsigned long tmp_addr;
63 size_t tmp_size;
64 const void *prop;
65
66 prop = of_get_property(of_chosen, "linux,ima-kexec-buffer", &len);
67 if (!prop)
68 return -ENOENT;
69
70 ret = do_get_kexec_buffer(prop, len, &tmp_addr, &tmp_size);
71 if (ret)
72 return ret;
73
74 *addr = __va(tmp_addr);
75 *size = tmp_size;
76
77 return 0;
78 }
79
80 /**
81 * delete_fdt_mem_rsv - delete memory reservation with given address and size
82 *
83 * Return: 0 on success, or negative errno on error.
84 */
> 85 int delete_fdt_mem_rsv(void *fdt, unsigned long start, unsigned long size)
86 {
87 int i, ret, num_rsvs = fdt_num_mem_rsv(fdt);
88
89 for (i = 0; i < num_rsvs; i++) {
90 uint64_t rsv_start, rsv_size;
91
92 ret = fdt_get_mem_rsv(fdt, i, &rsv_start, &rsv_size);
93 if (ret) {
94 pr_err("Malformed device tree.\n");
95 return -EINVAL;
96 }
97
98 if (rsv_start == start && rsv_size == size) {
99 ret = fdt_del_mem_rsv(fdt, i);
100 if (ret) {
101 pr_err("Error deleting device tree reservation.\n");
102 return -EINVAL;
103 }
104
105 return 0;
106 }
107 }
108
109 return -ENOENT;
110 }
111
112 /**
113 * ima_free_kexec_buffer - free memory used by the IMA buffer
114 */
> 115 int ima_free_kexec_buffer(void)
116 {
117 int ret;
118 unsigned long addr;
119 size_t size;
120 struct property *prop;
121
122 prop = of_find_property(of_chosen, "linux,ima-kexec-buffer", NULL);
123 if (!prop)
124 return -ENOENT;
125
126 ret = do_get_kexec_buffer(prop->value, prop->length, &addr, &size);
127 if (ret)
128 return ret;
129
130 ret = of_remove_property(of_chosen, prop);
131 if (ret)
132 return ret;
133
134 return memblock_free(addr, size);
135
136 }
137
138 /**
139 * remove_ima_buffer - remove the IMA buffer property and reservation from @fdt
140 *
141 * The IMA measurement buffer is of no use to a subsequent kernel, so we always
142 * remove it from the device tree.
143 */
> 144 void remove_ima_buffer(void *fdt, int chosen_node)
145 {
146 int ret, len;
147 unsigned long addr;
148 size_t size;
149 const void *prop;
150
151 prop = fdt_getprop(fdt, chosen_node, "linux,ima-kexec-buffer", &len);
152 if (!prop)
153 return;
154
155 ret = do_get_kexec_buffer(prop, len, &addr, &size);
156 fdt_delprop(fdt, chosen_node, "linux,ima-kexec-buffer");
157 if (ret)
158 return;
159
160 ret = delete_fdt_mem_rsv(fdt, addr, size);
161 if (!ret)
162 pr_debug("Removed old IMA buffer reservation.\n");
163 }
164
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 71849 bytes --]
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [v1 PATCH 1/2] Refactoring carrying over IMA measuremnet logs over Kexec.
2020-06-07 23:33 ` Prakhar Srivastava
(?)
@ 2020-06-08 12:02 ` Mimi Zohar
-1 siblings, 0 replies; 26+ messages in thread
From: Mimi Zohar @ 2020-06-08 12:02 UTC (permalink / raw)
To: Prakhar Srivastava, linux-arm-kernel, linux-kernel, linuxppc-dev,
devicetree, linux-integrity, linux-security-module
Cc: catalin.marinas, will, mpe, benh, paulus, robh+dt, frowand.list,
dmitry.kasatkin, jmorris, serge, pasha.tatashin, allison,
kstewart, takahiro.akashi, tglx, vincenzo.frascino, mark.rutland,
masahiroy, james.morse, bhsharma, mbrugger, hsinyi, tao.li,
christophe.leroy, gregkh, nramas, tusharsu, balajib
Hi Prakhar,
On Sun, 2020-06-07 at 16:33 -0700, Prakhar Srivastava wrote:
> This patch moves the non-architecture specific code out of powerpc and
> adds to security/ima.
> Update the arm64 and powerpc kexec file load paths to carry the IMA measurement
> logs.
From your patch description, this patch should be broken up. Moving
the non-architecture specific code out of powerpc should be one patch.
Additional support should be in another patch. After each patch, the
code should work properly.
Before posting patches, please review them, making sure
unnecessary/unwanted changes haven't crept in - commenting out code,
moving code without removing the original code.
thanks,
Mimi
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [v1 PATCH 1/2] Refactoring carrying over IMA measuremnet logs over Kexec.
@ 2020-06-08 12:02 ` Mimi Zohar
0 siblings, 0 replies; 26+ messages in thread
From: Mimi Zohar @ 2020-06-08 12:02 UTC (permalink / raw)
To: Prakhar Srivastava, linux-arm-kernel, linux-kernel, linuxppc-dev,
devicetree, linux-integrity, linux-security-module
Cc: kstewart, mark.rutland, catalin.marinas, bhsharma, tao.li, paulus,
vincenzo.frascino, frowand.list, nramas, mpe, masahiroy, jmorris,
takahiro.akashi, benh, serge, pasha.tatashin, will, robh+dt,
hsinyi, tusharsu, tglx, allison, christophe.leroy, mbrugger,
balajib, dmitry.kasatkin, james.morse, gregkh
Hi Prakhar,
On Sun, 2020-06-07 at 16:33 -0700, Prakhar Srivastava wrote:
> This patch moves the non-architecture specific code out of powerpc and
> adds to security/ima.
> Update the arm64 and powerpc kexec file load paths to carry the IMA measurement
> logs.
From your patch description, this patch should be broken up. Moving
the non-architecture specific code out of powerpc should be one patch.
Additional support should be in another patch. After each patch, the
code should work properly.
Before posting patches, please review them, making sure
unnecessary/unwanted changes haven't crept in - commenting out code,
moving code without removing the original code.
thanks,
Mimi
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [v1 PATCH 1/2] Refactoring carrying over IMA measuremnet logs over Kexec.
@ 2020-06-08 12:02 ` Mimi Zohar
0 siblings, 0 replies; 26+ messages in thread
From: Mimi Zohar @ 2020-06-08 12:02 UTC (permalink / raw)
To: Prakhar Srivastava, linux-arm-kernel, linux-kernel, linuxppc-dev,
devicetree, linux-integrity, linux-security-module
Cc: kstewart, mark.rutland, catalin.marinas, bhsharma, tao.li, paulus,
vincenzo.frascino, frowand.list, nramas, masahiroy, jmorris,
takahiro.akashi, serge, pasha.tatashin, will, robh+dt, hsinyi,
tusharsu, tglx, allison, christophe.leroy, mbrugger, balajib,
dmitry.kasatkin, james.morse, gregkh
Hi Prakhar,
On Sun, 2020-06-07 at 16:33 -0700, Prakhar Srivastava wrote:
> This patch moves the non-architecture specific code out of powerpc and
> adds to security/ima.
> Update the arm64 and powerpc kexec file load paths to carry the IMA measurement
> logs.
From your patch description, this patch should be broken up. Moving
the non-architecture specific code out of powerpc should be one patch.
Additional support should be in another patch. After each patch, the
code should work properly.
Before posting patches, please review them, making sure
unnecessary/unwanted changes haven't crept in - commenting out code,
moving code without removing the original code.
thanks,
Mimi
^ permalink raw reply [flat|nested] 26+ messages in thread