From: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
To: zohar@linux.ibm.com, bauerman@linux.ibm.com, robh@kernel.org,
takahiro.akashi@linaro.org, gregkh@linuxfoundation.org,
will@kernel.org, joe@perches.com, catalin.marinas@arm.com,
mpe@ellerman.id.au
Cc: james.morse@arm.com, sashal@kernel.org, benh@kernel.crashing.org,
paulus@samba.org, frowand.list@gmail.com,
vincenzo.frascino@arm.com, mark.rutland@arm.com,
dmitry.kasatkin@gmail.com, jmorris@namei.org, serge@hallyn.com,
pasha.tatashin@soleen.com, allison@lohutok.net,
masahiroy@kernel.org, mbrugger@suse.com, hsinyi@chromium.org,
tao.li@vivo.com, christophe.leroy@c-s.fr,
prsriva@linux.microsoft.com, balajib@linux.microsoft.com,
linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, devicetree@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org
Subject: [PATCH v17 05/10] powerpc: Move ima buffer fields to struct kimage
Date: Tue, 9 Feb 2021 10:21:55 -0800 [thread overview]
Message-ID: <20210209182200.30606-6-nramas@linux.microsoft.com> (raw)
In-Reply-To: <20210209182200.30606-1-nramas@linux.microsoft.com>
The fields ima_buffer_addr and ima_buffer_size in "struct kimage_arch"
for powerpc are used to carry forward the IMA measurement list across
kexec system call. These fields are not architecture specific, but are
currently limited to powerpc.
arch_ima_add_kexec_buffer() defined in "arch/powerpc/kexec/ima.c"
sets ima_buffer_addr and ima_buffer_size for the kexec system call.
This function does not have architecture specific code, but is
currently limited to powerpc.
Move ima_buffer_addr and ima_buffer_size to "struct kimage".
Rename arch_ima_add_kexec_buffer() to of_ima_add_kexec_buffer()
and move it in drivers/of/kexec.c.
Co-developed-by: Prakhar Srivastava <prsriva@linux.microsoft.com>
Signed-off-by: Prakhar Srivastava <prsriva@linux.microsoft.com>
Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Suggested-by: Will Deacon <will@kernel.org>
---
arch/powerpc/include/asm/ima.h | 3 ---
arch/powerpc/include/asm/kexec.h | 5 -----
arch/powerpc/kexec/ima.c | 29 ++++++-----------------------
drivers/of/kexec.c | 23 +++++++++++++++++++++++
include/linux/kexec.h | 3 +++
include/linux/of.h | 5 +++++
security/integrity/ima/ima_kexec.c | 3 ++-
7 files changed, 39 insertions(+), 32 deletions(-)
diff --git a/arch/powerpc/include/asm/ima.h b/arch/powerpc/include/asm/ima.h
index ead488cf3981..51f64fd06c19 100644
--- a/arch/powerpc/include/asm/ima.h
+++ b/arch/powerpc/include/asm/ima.h
@@ -14,9 +14,6 @@ static inline void remove_ima_buffer(void *fdt, int chosen_node) {}
#endif
#ifdef CONFIG_IMA_KEXEC
-int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
- size_t size);
-
int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node);
#else
static inline int setup_ima_buffer(const struct kimage *image, void *fdt,
diff --git a/arch/powerpc/include/asm/kexec.h b/arch/powerpc/include/asm/kexec.h
index bdd0ddb9ac4d..ecf88533d6b4 100644
--- a/arch/powerpc/include/asm/kexec.h
+++ b/arch/powerpc/include/asm/kexec.h
@@ -112,11 +112,6 @@ struct kimage_arch {
unsigned long elf_headers_sz;
void *elf_headers;
void *fdt;
-
-#ifdef CONFIG_IMA_KEXEC
- phys_addr_t ima_buffer_addr;
- size_t ima_buffer_size;
-#endif
};
char *setup_kdump_cmdline(struct kimage *image, char *cmdline,
diff --git a/arch/powerpc/kexec/ima.c b/arch/powerpc/kexec/ima.c
index 720e50e490b6..ed38125e2f87 100644
--- a/arch/powerpc/kexec/ima.c
+++ b/arch/powerpc/kexec/ima.c
@@ -128,23 +128,6 @@ void remove_ima_buffer(void *fdt, int chosen_node)
}
#ifdef CONFIG_IMA_KEXEC
-/**
- * arch_ima_add_kexec_buffer - do arch-specific steps to add the IMA buffer
- *
- * Architectures should use this function to pass on the IMA buffer
- * information to the next kernel.
- *
- * Return: 0 on success, negative errno on error.
- */
-int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
- size_t size)
-{
- image->arch.ima_buffer_addr = load_addr;
- image->arch.ima_buffer_size = size;
-
- return 0;
-}
-
static int write_number(void *p, u64 value, int cells)
{
if (cells == 1) {
@@ -180,7 +163,7 @@ int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
u8 value[16];
remove_ima_buffer(fdt, chosen_node);
- if (!image->arch.ima_buffer_size)
+ if (!image->ima_buffer_size)
return 0;
ret = get_addr_size_cells(&addr_cells, &size_cells);
@@ -192,11 +175,11 @@ int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
if (entry_size > sizeof(value))
return -EINVAL;
- ret = write_number(value, image->arch.ima_buffer_addr, addr_cells);
+ ret = write_number(value, image->ima_buffer_addr, addr_cells);
if (ret)
return ret;
- ret = write_number(value + 4 * addr_cells, image->arch.ima_buffer_size,
+ ret = write_number(value + 4 * addr_cells, image->ima_buffer_size,
size_cells);
if (ret)
return ret;
@@ -206,13 +189,13 @@ int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
if (ret < 0)
return -EINVAL;
- ret = fdt_add_mem_rsv(fdt, image->arch.ima_buffer_addr,
- image->arch.ima_buffer_size);
+ ret = fdt_add_mem_rsv(fdt, image->ima_buffer_addr,
+ image->ima_buffer_size);
if (ret)
return -EINVAL;
pr_debug("IMA buffer at 0x%llx, size = 0x%zx\n",
- image->arch.ima_buffer_addr, image->arch.ima_buffer_size);
+ image->ima_buffer_addr, image->ima_buffer_size);
return 0;
}
diff --git a/drivers/of/kexec.c b/drivers/of/kexec.c
index 469e09613cdd..9f33d215b9f2 100644
--- a/drivers/of/kexec.c
+++ b/drivers/of/kexec.c
@@ -63,6 +63,29 @@ static int fdt_find_and_del_mem_rsv(void *fdt, unsigned long start, unsigned lon
return -ENOENT;
}
+#ifdef CONFIG_IMA_KEXEC
+/**
+ * of_ima_add_kexec_buffer - Add IMA buffer for next kernel
+ *
+ * @image: kimage struct to set IMA buffer data
+ * @load_addr: Starting address where IMA buffer is loaded at
+ * @size: Number of bytes in the IMA buffer
+ *
+ * Use this function to pass on the IMA buffer information to
+ * the next kernel across kexec system call.
+ *
+ * Return: 0 on success, negative errno on error.
+ */
+int of_ima_add_kexec_buffer(struct kimage *image,
+ unsigned long load_addr, size_t size)
+{
+ image->ima_buffer_addr = load_addr;
+ image->ima_buffer_size = size;
+
+ return 0;
+}
+#endif /* CONFIG_IMA_KEXEC */
+
/*
* of_kexec_alloc_and_setup_fdt - Alloc and setup a new Flattened Device Tree
*
diff --git a/include/linux/kexec.h b/include/linux/kexec.h
index 5f61389f5f36..75c670f0dfbb 100644
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@@ -304,6 +304,9 @@ struct kimage {
#ifdef CONFIG_IMA_KEXEC
/* Virtual address of IMA measurement buffer for kexec syscall */
void *ima_buffer;
+
+ phys_addr_t ima_buffer_addr;
+ size_t ima_buffer_size;
#endif
};
diff --git a/include/linux/of.h b/include/linux/of.h
index f0eff5e84353..03e0e694be29 100644
--- a/include/linux/of.h
+++ b/include/linux/of.h
@@ -573,6 +573,11 @@ void *of_kexec_alloc_and_setup_fdt(const struct kimage *image,
unsigned long initrd_len,
const char *cmdline);
+#ifdef CONFIG_IMA_KEXEC
+int of_ima_add_kexec_buffer(struct kimage *image,
+ unsigned long load_addr, size_t size);
+#endif /* CONFIG_IMA_KEXEC */
+
#else /* CONFIG_OF */
static inline void of_core_init(void)
diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
index e29bea3dd4cc..d346eed2d236 100644
--- a/security/integrity/ima/ima_kexec.c
+++ b/security/integrity/ima/ima_kexec.c
@@ -10,6 +10,7 @@
#include <linux/seq_file.h>
#include <linux/vmalloc.h>
#include <linux/kexec.h>
+#include <linux/of.h>
#include "ima.h"
#ifdef CONFIG_IMA_KEXEC
@@ -123,7 +124,7 @@ void ima_add_kexec_buffer(struct kimage *image)
return;
}
- ret = arch_ima_add_kexec_buffer(image, kbuf.mem, kexec_segment_size);
+ ret = of_ima_add_kexec_buffer(image, kbuf.mem, kexec_segment_size);
if (ret) {
pr_err("Error passing over kexec measurement buffer.\n");
return;
--
2.30.0
WARNING: multiple messages have this Message-ID (diff)
From: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
To: zohar@linux.ibm.com, bauerman@linux.ibm.com, robh@kernel.org,
takahiro.akashi@linaro.org, gregkh@linuxfoundation.org,
will@kernel.org, joe@perches.com, catalin.marinas@arm.com,
mpe@ellerman.id.au
Cc: mark.rutland@arm.com, tao.li@vivo.com, paulus@samba.org,
vincenzo.frascino@arm.com, frowand.list@gmail.com,
sashal@kernel.org, masahiroy@kernel.org, jmorris@namei.org,
allison@lohutok.net, serge@hallyn.com,
devicetree@vger.kernel.org, pasha.tatashin@soleen.com,
prsriva@linux.microsoft.com, hsinyi@chromium.org,
linux-arm-kernel@lists.infradead.org, christophe.leroy@c-s.fr,
mbrugger@suse.com, balajib@linux.microsoft.com,
dmitry.kasatkin@gmail.com, linux-kernel@vger.kernel.org,
james.morse@arm.com, linux-integrity@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org
Subject: [PATCH v17 05/10] powerpc: Move ima buffer fields to struct kimage
Date: Tue, 9 Feb 2021 10:21:55 -0800 [thread overview]
Message-ID: <20210209182200.30606-6-nramas@linux.microsoft.com> (raw)
In-Reply-To: <20210209182200.30606-1-nramas@linux.microsoft.com>
The fields ima_buffer_addr and ima_buffer_size in "struct kimage_arch"
for powerpc are used to carry forward the IMA measurement list across
kexec system call. These fields are not architecture specific, but are
currently limited to powerpc.
arch_ima_add_kexec_buffer() defined in "arch/powerpc/kexec/ima.c"
sets ima_buffer_addr and ima_buffer_size for the kexec system call.
This function does not have architecture specific code, but is
currently limited to powerpc.
Move ima_buffer_addr and ima_buffer_size to "struct kimage".
Rename arch_ima_add_kexec_buffer() to of_ima_add_kexec_buffer()
and move it in drivers/of/kexec.c.
Co-developed-by: Prakhar Srivastava <prsriva@linux.microsoft.com>
Signed-off-by: Prakhar Srivastava <prsriva@linux.microsoft.com>
Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Suggested-by: Will Deacon <will@kernel.org>
---
arch/powerpc/include/asm/ima.h | 3 ---
arch/powerpc/include/asm/kexec.h | 5 -----
arch/powerpc/kexec/ima.c | 29 ++++++-----------------------
drivers/of/kexec.c | 23 +++++++++++++++++++++++
include/linux/kexec.h | 3 +++
include/linux/of.h | 5 +++++
security/integrity/ima/ima_kexec.c | 3 ++-
7 files changed, 39 insertions(+), 32 deletions(-)
diff --git a/arch/powerpc/include/asm/ima.h b/arch/powerpc/include/asm/ima.h
index ead488cf3981..51f64fd06c19 100644
--- a/arch/powerpc/include/asm/ima.h
+++ b/arch/powerpc/include/asm/ima.h
@@ -14,9 +14,6 @@ static inline void remove_ima_buffer(void *fdt, int chosen_node) {}
#endif
#ifdef CONFIG_IMA_KEXEC
-int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
- size_t size);
-
int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node);
#else
static inline int setup_ima_buffer(const struct kimage *image, void *fdt,
diff --git a/arch/powerpc/include/asm/kexec.h b/arch/powerpc/include/asm/kexec.h
index bdd0ddb9ac4d..ecf88533d6b4 100644
--- a/arch/powerpc/include/asm/kexec.h
+++ b/arch/powerpc/include/asm/kexec.h
@@ -112,11 +112,6 @@ struct kimage_arch {
unsigned long elf_headers_sz;
void *elf_headers;
void *fdt;
-
-#ifdef CONFIG_IMA_KEXEC
- phys_addr_t ima_buffer_addr;
- size_t ima_buffer_size;
-#endif
};
char *setup_kdump_cmdline(struct kimage *image, char *cmdline,
diff --git a/arch/powerpc/kexec/ima.c b/arch/powerpc/kexec/ima.c
index 720e50e490b6..ed38125e2f87 100644
--- a/arch/powerpc/kexec/ima.c
+++ b/arch/powerpc/kexec/ima.c
@@ -128,23 +128,6 @@ void remove_ima_buffer(void *fdt, int chosen_node)
}
#ifdef CONFIG_IMA_KEXEC
-/**
- * arch_ima_add_kexec_buffer - do arch-specific steps to add the IMA buffer
- *
- * Architectures should use this function to pass on the IMA buffer
- * information to the next kernel.
- *
- * Return: 0 on success, negative errno on error.
- */
-int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
- size_t size)
-{
- image->arch.ima_buffer_addr = load_addr;
- image->arch.ima_buffer_size = size;
-
- return 0;
-}
-
static int write_number(void *p, u64 value, int cells)
{
if (cells == 1) {
@@ -180,7 +163,7 @@ int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
u8 value[16];
remove_ima_buffer(fdt, chosen_node);
- if (!image->arch.ima_buffer_size)
+ if (!image->ima_buffer_size)
return 0;
ret = get_addr_size_cells(&addr_cells, &size_cells);
@@ -192,11 +175,11 @@ int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
if (entry_size > sizeof(value))
return -EINVAL;
- ret = write_number(value, image->arch.ima_buffer_addr, addr_cells);
+ ret = write_number(value, image->ima_buffer_addr, addr_cells);
if (ret)
return ret;
- ret = write_number(value + 4 * addr_cells, image->arch.ima_buffer_size,
+ ret = write_number(value + 4 * addr_cells, image->ima_buffer_size,
size_cells);
if (ret)
return ret;
@@ -206,13 +189,13 @@ int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
if (ret < 0)
return -EINVAL;
- ret = fdt_add_mem_rsv(fdt, image->arch.ima_buffer_addr,
- image->arch.ima_buffer_size);
+ ret = fdt_add_mem_rsv(fdt, image->ima_buffer_addr,
+ image->ima_buffer_size);
if (ret)
return -EINVAL;
pr_debug("IMA buffer at 0x%llx, size = 0x%zx\n",
- image->arch.ima_buffer_addr, image->arch.ima_buffer_size);
+ image->ima_buffer_addr, image->ima_buffer_size);
return 0;
}
diff --git a/drivers/of/kexec.c b/drivers/of/kexec.c
index 469e09613cdd..9f33d215b9f2 100644
--- a/drivers/of/kexec.c
+++ b/drivers/of/kexec.c
@@ -63,6 +63,29 @@ static int fdt_find_and_del_mem_rsv(void *fdt, unsigned long start, unsigned lon
return -ENOENT;
}
+#ifdef CONFIG_IMA_KEXEC
+/**
+ * of_ima_add_kexec_buffer - Add IMA buffer for next kernel
+ *
+ * @image: kimage struct to set IMA buffer data
+ * @load_addr: Starting address where IMA buffer is loaded at
+ * @size: Number of bytes in the IMA buffer
+ *
+ * Use this function to pass on the IMA buffer information to
+ * the next kernel across kexec system call.
+ *
+ * Return: 0 on success, negative errno on error.
+ */
+int of_ima_add_kexec_buffer(struct kimage *image,
+ unsigned long load_addr, size_t size)
+{
+ image->ima_buffer_addr = load_addr;
+ image->ima_buffer_size = size;
+
+ return 0;
+}
+#endif /* CONFIG_IMA_KEXEC */
+
/*
* of_kexec_alloc_and_setup_fdt - Alloc and setup a new Flattened Device Tree
*
diff --git a/include/linux/kexec.h b/include/linux/kexec.h
index 5f61389f5f36..75c670f0dfbb 100644
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@@ -304,6 +304,9 @@ struct kimage {
#ifdef CONFIG_IMA_KEXEC
/* Virtual address of IMA measurement buffer for kexec syscall */
void *ima_buffer;
+
+ phys_addr_t ima_buffer_addr;
+ size_t ima_buffer_size;
#endif
};
diff --git a/include/linux/of.h b/include/linux/of.h
index f0eff5e84353..03e0e694be29 100644
--- a/include/linux/of.h
+++ b/include/linux/of.h
@@ -573,6 +573,11 @@ void *of_kexec_alloc_and_setup_fdt(const struct kimage *image,
unsigned long initrd_len,
const char *cmdline);
+#ifdef CONFIG_IMA_KEXEC
+int of_ima_add_kexec_buffer(struct kimage *image,
+ unsigned long load_addr, size_t size);
+#endif /* CONFIG_IMA_KEXEC */
+
#else /* CONFIG_OF */
static inline void of_core_init(void)
diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
index e29bea3dd4cc..d346eed2d236 100644
--- a/security/integrity/ima/ima_kexec.c
+++ b/security/integrity/ima/ima_kexec.c
@@ -10,6 +10,7 @@
#include <linux/seq_file.h>
#include <linux/vmalloc.h>
#include <linux/kexec.h>
+#include <linux/of.h>
#include "ima.h"
#ifdef CONFIG_IMA_KEXEC
@@ -123,7 +124,7 @@ void ima_add_kexec_buffer(struct kimage *image)
return;
}
- ret = arch_ima_add_kexec_buffer(image, kbuf.mem, kexec_segment_size);
+ ret = of_ima_add_kexec_buffer(image, kbuf.mem, kexec_segment_size);
if (ret) {
pr_err("Error passing over kexec measurement buffer.\n");
return;
--
2.30.0
WARNING: multiple messages have this Message-ID (diff)
From: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
To: zohar@linux.ibm.com, bauerman@linux.ibm.com, robh@kernel.org,
takahiro.akashi@linaro.org, gregkh@linuxfoundation.org,
will@kernel.org, joe@perches.com, catalin.marinas@arm.com,
mpe@ellerman.id.au
Cc: mark.rutland@arm.com, benh@kernel.crashing.org, tao.li@vivo.com,
paulus@samba.org, vincenzo.frascino@arm.com,
frowand.list@gmail.com, sashal@kernel.org, masahiroy@kernel.org,
jmorris@namei.org, allison@lohutok.net, serge@hallyn.com,
devicetree@vger.kernel.org, pasha.tatashin@soleen.com,
prsriva@linux.microsoft.com, hsinyi@chromium.org,
linux-arm-kernel@lists.infradead.org, christophe.leroy@c-s.fr,
mbrugger@suse.com, balajib@linux.microsoft.com,
dmitry.kasatkin@gmail.com, linux-kernel@vger.kernel.org,
james.morse@arm.com, linux-integrity@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org
Subject: [PATCH v17 05/10] powerpc: Move ima buffer fields to struct kimage
Date: Tue, 9 Feb 2021 10:21:55 -0800 [thread overview]
Message-ID: <20210209182200.30606-6-nramas@linux.microsoft.com> (raw)
In-Reply-To: <20210209182200.30606-1-nramas@linux.microsoft.com>
The fields ima_buffer_addr and ima_buffer_size in "struct kimage_arch"
for powerpc are used to carry forward the IMA measurement list across
kexec system call. These fields are not architecture specific, but are
currently limited to powerpc.
arch_ima_add_kexec_buffer() defined in "arch/powerpc/kexec/ima.c"
sets ima_buffer_addr and ima_buffer_size for the kexec system call.
This function does not have architecture specific code, but is
currently limited to powerpc.
Move ima_buffer_addr and ima_buffer_size to "struct kimage".
Rename arch_ima_add_kexec_buffer() to of_ima_add_kexec_buffer()
and move it in drivers/of/kexec.c.
Co-developed-by: Prakhar Srivastava <prsriva@linux.microsoft.com>
Signed-off-by: Prakhar Srivastava <prsriva@linux.microsoft.com>
Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Suggested-by: Will Deacon <will@kernel.org>
---
arch/powerpc/include/asm/ima.h | 3 ---
arch/powerpc/include/asm/kexec.h | 5 -----
arch/powerpc/kexec/ima.c | 29 ++++++-----------------------
drivers/of/kexec.c | 23 +++++++++++++++++++++++
include/linux/kexec.h | 3 +++
include/linux/of.h | 5 +++++
security/integrity/ima/ima_kexec.c | 3 ++-
7 files changed, 39 insertions(+), 32 deletions(-)
diff --git a/arch/powerpc/include/asm/ima.h b/arch/powerpc/include/asm/ima.h
index ead488cf3981..51f64fd06c19 100644
--- a/arch/powerpc/include/asm/ima.h
+++ b/arch/powerpc/include/asm/ima.h
@@ -14,9 +14,6 @@ static inline void remove_ima_buffer(void *fdt, int chosen_node) {}
#endif
#ifdef CONFIG_IMA_KEXEC
-int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
- size_t size);
-
int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node);
#else
static inline int setup_ima_buffer(const struct kimage *image, void *fdt,
diff --git a/arch/powerpc/include/asm/kexec.h b/arch/powerpc/include/asm/kexec.h
index bdd0ddb9ac4d..ecf88533d6b4 100644
--- a/arch/powerpc/include/asm/kexec.h
+++ b/arch/powerpc/include/asm/kexec.h
@@ -112,11 +112,6 @@ struct kimage_arch {
unsigned long elf_headers_sz;
void *elf_headers;
void *fdt;
-
-#ifdef CONFIG_IMA_KEXEC
- phys_addr_t ima_buffer_addr;
- size_t ima_buffer_size;
-#endif
};
char *setup_kdump_cmdline(struct kimage *image, char *cmdline,
diff --git a/arch/powerpc/kexec/ima.c b/arch/powerpc/kexec/ima.c
index 720e50e490b6..ed38125e2f87 100644
--- a/arch/powerpc/kexec/ima.c
+++ b/arch/powerpc/kexec/ima.c
@@ -128,23 +128,6 @@ void remove_ima_buffer(void *fdt, int chosen_node)
}
#ifdef CONFIG_IMA_KEXEC
-/**
- * arch_ima_add_kexec_buffer - do arch-specific steps to add the IMA buffer
- *
- * Architectures should use this function to pass on the IMA buffer
- * information to the next kernel.
- *
- * Return: 0 on success, negative errno on error.
- */
-int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
- size_t size)
-{
- image->arch.ima_buffer_addr = load_addr;
- image->arch.ima_buffer_size = size;
-
- return 0;
-}
-
static int write_number(void *p, u64 value, int cells)
{
if (cells == 1) {
@@ -180,7 +163,7 @@ int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
u8 value[16];
remove_ima_buffer(fdt, chosen_node);
- if (!image->arch.ima_buffer_size)
+ if (!image->ima_buffer_size)
return 0;
ret = get_addr_size_cells(&addr_cells, &size_cells);
@@ -192,11 +175,11 @@ int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
if (entry_size > sizeof(value))
return -EINVAL;
- ret = write_number(value, image->arch.ima_buffer_addr, addr_cells);
+ ret = write_number(value, image->ima_buffer_addr, addr_cells);
if (ret)
return ret;
- ret = write_number(value + 4 * addr_cells, image->arch.ima_buffer_size,
+ ret = write_number(value + 4 * addr_cells, image->ima_buffer_size,
size_cells);
if (ret)
return ret;
@@ -206,13 +189,13 @@ int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
if (ret < 0)
return -EINVAL;
- ret = fdt_add_mem_rsv(fdt, image->arch.ima_buffer_addr,
- image->arch.ima_buffer_size);
+ ret = fdt_add_mem_rsv(fdt, image->ima_buffer_addr,
+ image->ima_buffer_size);
if (ret)
return -EINVAL;
pr_debug("IMA buffer at 0x%llx, size = 0x%zx\n",
- image->arch.ima_buffer_addr, image->arch.ima_buffer_size);
+ image->ima_buffer_addr, image->ima_buffer_size);
return 0;
}
diff --git a/drivers/of/kexec.c b/drivers/of/kexec.c
index 469e09613cdd..9f33d215b9f2 100644
--- a/drivers/of/kexec.c
+++ b/drivers/of/kexec.c
@@ -63,6 +63,29 @@ static int fdt_find_and_del_mem_rsv(void *fdt, unsigned long start, unsigned lon
return -ENOENT;
}
+#ifdef CONFIG_IMA_KEXEC
+/**
+ * of_ima_add_kexec_buffer - Add IMA buffer for next kernel
+ *
+ * @image: kimage struct to set IMA buffer data
+ * @load_addr: Starting address where IMA buffer is loaded at
+ * @size: Number of bytes in the IMA buffer
+ *
+ * Use this function to pass on the IMA buffer information to
+ * the next kernel across kexec system call.
+ *
+ * Return: 0 on success, negative errno on error.
+ */
+int of_ima_add_kexec_buffer(struct kimage *image,
+ unsigned long load_addr, size_t size)
+{
+ image->ima_buffer_addr = load_addr;
+ image->ima_buffer_size = size;
+
+ return 0;
+}
+#endif /* CONFIG_IMA_KEXEC */
+
/*
* of_kexec_alloc_and_setup_fdt - Alloc and setup a new Flattened Device Tree
*
diff --git a/include/linux/kexec.h b/include/linux/kexec.h
index 5f61389f5f36..75c670f0dfbb 100644
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@@ -304,6 +304,9 @@ struct kimage {
#ifdef CONFIG_IMA_KEXEC
/* Virtual address of IMA measurement buffer for kexec syscall */
void *ima_buffer;
+
+ phys_addr_t ima_buffer_addr;
+ size_t ima_buffer_size;
#endif
};
diff --git a/include/linux/of.h b/include/linux/of.h
index f0eff5e84353..03e0e694be29 100644
--- a/include/linux/of.h
+++ b/include/linux/of.h
@@ -573,6 +573,11 @@ void *of_kexec_alloc_and_setup_fdt(const struct kimage *image,
unsigned long initrd_len,
const char *cmdline);
+#ifdef CONFIG_IMA_KEXEC
+int of_ima_add_kexec_buffer(struct kimage *image,
+ unsigned long load_addr, size_t size);
+#endif /* CONFIG_IMA_KEXEC */
+
#else /* CONFIG_OF */
static inline void of_core_init(void)
diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
index e29bea3dd4cc..d346eed2d236 100644
--- a/security/integrity/ima/ima_kexec.c
+++ b/security/integrity/ima/ima_kexec.c
@@ -10,6 +10,7 @@
#include <linux/seq_file.h>
#include <linux/vmalloc.h>
#include <linux/kexec.h>
+#include <linux/of.h>
#include "ima.h"
#ifdef CONFIG_IMA_KEXEC
@@ -123,7 +124,7 @@ void ima_add_kexec_buffer(struct kimage *image)
return;
}
- ret = arch_ima_add_kexec_buffer(image, kbuf.mem, kexec_segment_size);
+ ret = of_ima_add_kexec_buffer(image, kbuf.mem, kexec_segment_size);
if (ret) {
pr_err("Error passing over kexec measurement buffer.\n");
return;
--
2.30.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-02-09 18:41 UTC|newest]
Thread overview: 134+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-09 18:21 [PATCH v17 00/10] Carry forward IMA measurement log on kexec on ARM64 Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` [PATCH v17 01/10] powerpc: Rename kexec elfcorehdr_addr to elf_headers_mem Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` [PATCH v17 02/10] of: Add a common kexec FDT setup function Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-10 17:23 ` Rob Herring
2021-02-10 17:23 ` Rob Herring
2021-02-10 17:23 ` Rob Herring
2021-02-10 17:59 ` Lakshmi Ramasubramanian
2021-02-10 17:59 ` Lakshmi Ramasubramanian
2021-02-10 17:59 ` Lakshmi Ramasubramanian
2021-02-10 23:24 ` Thiago Jung Bauermann
2021-02-10 23:24 ` Thiago Jung Bauermann
2021-02-10 23:24 ` Thiago Jung Bauermann
2021-02-11 16:50 ` kernel test robot
2021-02-11 17:42 ` Fwd: " Lakshmi Ramasubramanian
2021-02-11 17:42 ` Lakshmi Ramasubramanian
2021-02-11 17:47 ` Lakshmi Ramasubramanian
2021-02-11 17:47 ` Lakshmi Ramasubramanian
2021-02-11 23:59 ` Thiago Jung Bauermann
2021-02-11 23:59 ` Thiago Jung Bauermann
2021-02-11 23:59 ` Thiago Jung Bauermann
2021-02-12 1:09 ` Lakshmi Ramasubramanian
2021-02-12 1:09 ` Lakshmi Ramasubramanian
2021-02-12 1:09 ` Lakshmi Ramasubramanian
2021-02-12 2:11 ` Thiago Jung Bauermann
2021-02-12 2:11 ` Thiago Jung Bauermann
2021-02-12 2:11 ` Thiago Jung Bauermann
2021-02-12 2:28 ` Lakshmi Ramasubramanian
2021-02-12 2:28 ` Lakshmi Ramasubramanian
2021-02-12 2:28 ` Lakshmi Ramasubramanian
2021-02-12 3:21 ` Thiago Jung Bauermann
2021-02-12 3:21 ` Thiago Jung Bauermann
2021-02-12 3:21 ` Thiago Jung Bauermann
2021-02-12 1:09 ` Thiago Jung Bauermann
2021-02-12 1:09 ` Thiago Jung Bauermann
2021-02-12 1:09 ` Thiago Jung Bauermann
2021-02-12 1:17 ` Lakshmi Ramasubramanian
2021-02-12 1:17 ` Lakshmi Ramasubramanian
2021-02-12 1:17 ` Lakshmi Ramasubramanian
2021-02-12 1:39 ` Thiago Jung Bauermann
2021-02-12 1:39 ` Thiago Jung Bauermann
2021-02-12 1:39 ` Thiago Jung Bauermann
2021-02-12 14:38 ` Rob Herring
2021-02-12 14:38 ` Rob Herring
2021-02-12 14:38 ` Rob Herring
2021-02-12 17:19 ` Lakshmi Ramasubramanian
2021-02-12 17:19 ` Lakshmi Ramasubramanian
2021-02-12 17:19 ` Lakshmi Ramasubramanian
2021-02-12 18:24 ` Rob Herring
2021-02-12 18:24 ` Rob Herring
2021-02-12 18:24 ` Rob Herring
2021-02-12 18:27 ` Lakshmi Ramasubramanian
2021-02-12 18:27 ` Lakshmi Ramasubramanian
2021-02-12 18:27 ` Lakshmi Ramasubramanian
2021-02-12 19:39 ` Thiago Jung Bauermann
2021-02-12 19:39 ` Thiago Jung Bauermann
2021-02-12 19:39 ` Thiago Jung Bauermann
2021-02-09 18:21 ` [PATCH v17 03/10] arm64: Use common of_kexec_alloc_and_setup_fdt() Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-10 17:26 ` Will Deacon
2021-02-10 17:26 ` Will Deacon
2021-02-10 17:26 ` Will Deacon
2021-02-10 23:30 ` Thiago Jung Bauermann
2021-02-10 23:30 ` Thiago Jung Bauermann
2021-02-10 23:30 ` Thiago Jung Bauermann
2021-02-09 18:21 ` [PATCH v17 04/10] powerpc: " Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-11 1:42 ` Thiago Jung Bauermann
2021-02-11 1:42 ` Thiago Jung Bauermann
2021-02-11 1:42 ` Thiago Jung Bauermann
2021-02-11 1:50 ` Lakshmi Ramasubramanian
2021-02-11 1:50 ` Lakshmi Ramasubramanian
2021-02-11 1:50 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian [this message]
2021-02-09 18:21 ` [PATCH v17 05/10] powerpc: Move ima buffer fields to struct kimage Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-10 17:20 ` Rob Herring
2021-02-10 17:20 ` Rob Herring
2021-02-10 17:20 ` Rob Herring
2021-02-10 18:00 ` Lakshmi Ramasubramanian
2021-02-10 18:00 ` Lakshmi Ramasubramanian
2021-02-10 18:00 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` [PATCH v17 06/10] powerpc: Enable passing IMA log to next kernel on kexec Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-11 1:51 ` Thiago Jung Bauermann
2021-02-11 1:51 ` Thiago Jung Bauermann
2021-02-11 1:51 ` Thiago Jung Bauermann
2021-02-09 18:21 ` [PATCH v17 07/10] powerpc: Move arch independent ima kexec functions to drivers/of/kexec.c Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-11 5:07 ` Thiago Jung Bauermann
2021-02-11 5:07 ` Thiago Jung Bauermann
2021-02-11 5:07 ` Thiago Jung Bauermann
2021-02-09 18:21 ` [PATCH v17 08/10] kexec: Use fdt_appendprop_addrrange() to add ima buffer to FDT Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` [PATCH v17 09/10] powerpc: Delete unused function delete_fdt_mem_rsv() Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-09 18:21 ` Lakshmi Ramasubramanian
2021-02-11 5:11 ` Thiago Jung Bauermann
2021-02-11 5:11 ` Thiago Jung Bauermann
2021-02-11 5:11 ` Thiago Jung Bauermann
2021-02-09 18:22 ` [PATCH v17 10/10] arm64: Enable passing IMA log to next kernel on kexec Lakshmi Ramasubramanian
2021-02-09 18:22 ` Lakshmi Ramasubramanian
2021-02-09 18:22 ` Lakshmi Ramasubramanian
2021-02-11 5:13 ` Thiago Jung Bauermann
2021-02-11 5:13 ` Thiago Jung Bauermann
2021-02-11 5:13 ` Thiago Jung Bauermann
2021-02-10 17:15 ` [PATCH v17 00/10] Carry forward IMA measurement log on kexec on ARM64 Rob Herring
2021-02-10 17:15 ` Rob Herring
2021-02-10 17:15 ` Rob Herring
2021-02-10 17:33 ` Lakshmi Ramasubramanian
2021-02-10 17:33 ` Lakshmi Ramasubramanian
2021-02-10 17:33 ` Lakshmi Ramasubramanian
2021-02-10 20:42 ` Rob Herring
2021-02-10 20:42 ` Rob Herring
2021-02-10 20:42 ` Rob Herring
2021-02-10 20:55 ` Mimi Zohar
2021-02-10 20:55 ` Mimi Zohar
2021-02-10 20:55 ` Mimi Zohar
2021-02-10 21:39 ` Mimi Zohar
2021-02-10 21:39 ` Mimi Zohar
2021-02-10 21:39 ` Mimi Zohar
2021-02-10 22:34 ` Lakshmi Ramasubramanian
2021-02-10 22:34 ` Lakshmi Ramasubramanian
2021-02-10 22:34 ` Lakshmi Ramasubramanian
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210209182200.30606-6-nramas@linux.microsoft.com \
--to=nramas@linux.microsoft.com \
--cc=allison@lohutok.net \
--cc=balajib@linux.microsoft.com \
--cc=bauerman@linux.ibm.com \
--cc=benh@kernel.crashing.org \
--cc=catalin.marinas@arm.com \
--cc=christophe.leroy@c-s.fr \
--cc=devicetree@vger.kernel.org \
--cc=dmitry.kasatkin@gmail.com \
--cc=frowand.list@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=hsinyi@chromium.org \
--cc=james.morse@arm.com \
--cc=jmorris@namei.org \
--cc=joe@perches.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mark.rutland@arm.com \
--cc=masahiroy@kernel.org \
--cc=mbrugger@suse.com \
--cc=mpe@ellerman.id.au \
--cc=pasha.tatashin@soleen.com \
--cc=paulus@samba.org \
--cc=prsriva@linux.microsoft.com \
--cc=robh@kernel.org \
--cc=sashal@kernel.org \
--cc=serge@hallyn.com \
--cc=takahiro.akashi@linaro.org \
--cc=tao.li@vivo.com \
--cc=vincenzo.frascino@arm.com \
--cc=will@kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.