From: Baoquan He <bhe@redhat.com>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: steven chen <chenste@linux.microsoft.com>,
stefanb@linux.ibm.com, roberto.sassu@huaweicloud.com,
roberto.sassu@huawei.com, eric.snowberg@oracle.com,
ebiederm@xmission.com, paul@paul-moore.com, code@tyhicks.com,
bauermann@kolabnow.com, linux-integrity@vger.kernel.org,
kexec@lists.infradead.org, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, madvenka@linux.microsoft.com,
nramas@linux.microsoft.com,
James.Bottomley@hansenpartnership.com, vgoyal@redhat.com,
dyoung@redhat.com
Subject: Re: [PATCH v11 2/9] ima: define and call ima_alloc_kexec_file_buf()
Date: Tue, 8 Apr 2025 12:39:22 +0800 [thread overview]
Message-ID: <Z/SoekIdreYI3uBZ@MiWiFi-R3L-srv> (raw)
In-Reply-To: <a293ed27094f7fa7a36f1641a9e6b17a49e26fa0.camel@linux.ibm.com>
On 04/08/25 at 12:07am, Mimi Zohar wrote:
> On Wed, 2025-04-02 at 05:47 -0700, steven chen wrote:
> > In the current implementation, the ima_dump_measurement_list() API is
> > called during the kexec "load" phase, where a buffer is allocated and
> > the measurement records are copied. Due to this, new events added after
> > kexec load but before kexec execute are not carried over to the new kernel
> > during kexec operation
>
> Repeating this here is unnecessary.
> >
> > To allow the buffer allocation and population to be separated into distinct
> > steps, make the function local seq_file "ima_kexec_file" to a file variable.
>
> This change was already made in [PATCH v11 1/9] ima: rename variable the
> set_file "file" to "ima_kexec_file". Please remove.
>
> >
> > Carrying the IMA measurement list across kexec requires allocating a
> > buffer and copying the measurement records. Separate allocating the
> > buffer and copying the measurement records into separate functions in
> > order to allocate the buffer at kexec 'load' and copy the measurements
> > at kexec 'execute'.
> >
> > Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
> > Signed-off-by: steven chen <chenste@linux.microsoft.com>
> > ---
> > security/integrity/ima/ima_kexec.c | 46 +++++++++++++++++++++++-------
> > 1 file changed, 35 insertions(+), 11 deletions(-)
> >
> > diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
> > index 650beb74346c..b12ac3619b8f 100644
> > --- a/security/integrity/ima/ima_kexec.c
> > +++ b/security/integrity/ima/ima_kexec.c
> > @@ -15,26 +15,46 @@
> > #include "ima.h"
> >
> > #ifdef CONFIG_IMA_KEXEC
> > +static struct seq_file ima_kexec_file;
> > +
> > +static void ima_free_kexec_file_buf(struct seq_file *sf)
> > +{
> > + vfree(sf->buf);
> > + sf->buf = NULL;
> > + sf->size = 0;
> > + sf->read_pos = 0;
> > + sf->count = 0;
> > +}
> > +
> > +static int ima_alloc_kexec_file_buf(size_t segment_size)
> > +{
> > + ima_free_kexec_file_buf(&ima_kexec_file);
>
> After moving the vfree() here at this stage in the patch set, the IMA
> measurement list fails to verify when doing two consecutive "kexec -s -l"
> with/without a "kexec -s -u" in between. Only after "ima: kexec: move IMA log
> copy from kexec load to execute" the IMA measurement list verifies properly with
> the vfree() here.
I also noticed this, patch 7 will remedy this. Put patch 7 just after
this patch or squash it into this patch?
[PATCH v11 7/9] ima: verify if the segment size has changed
>
> > +
> > + /* segment size can't change between kexec load and execute */
> > + ima_kexec_file.buf = vmalloc(segment_size);
> > + if (!ima_kexec_file.buf)
> > + return -ENOMEM;
> > +
> > + ima_kexec_file.size = segment_size;
> > + ima_kexec_file.read_pos = 0;
> > + ima_kexec_file.count = sizeof(struct ima_kexec_hdr); /* reserved space */
> > +
> > + return 0;
> > +}
> > +
>
next prev parent reply other threads:[~2025-04-08 4:39 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-02 12:47 [PATCH v11 0/9] ima: kexec: measure events between kexec load and execute steven chen
2025-04-02 12:47 ` [PATCH v11 1/9] ima: rename variable the set_file "file" to "ima_kexec_file" steven chen
2025-04-08 2:23 ` Baoquan He
2025-04-08 4:37 ` Mimi Zohar
2025-04-02 12:47 ` [PATCH v11 2/9] ima: define and call ima_alloc_kexec_file_buf() steven chen
2025-04-08 2:58 ` Baoquan He
2025-04-08 4:07 ` Mimi Zohar
2025-04-08 4:39 ` Baoquan He [this message]
2025-04-08 5:03 ` Mimi Zohar
2025-04-08 8:18 ` Baoquan He
2025-04-08 12:23 ` Mimi Zohar
2025-04-08 15:02 ` Baoquan He
2025-04-02 12:47 ` [PATCH v11 3/9] kexec: define functions to map and unmap segments steven chen
2025-04-08 3:10 ` Baoquan He
2025-04-10 14:11 ` steven chen
2025-04-02 12:47 ` [PATCH v11 4/9] ima: kexec: skip IMA segment validation after kexec soft reboot steven chen
2025-04-08 3:17 ` Baoquan He
2025-04-10 14:12 ` steven chen
2025-04-02 12:47 ` [PATCH v11 5/9] ima: kexec: define functions to copy IMA log at soft boot steven chen
2025-04-08 14:21 ` Mimi Zohar
2025-04-10 14:13 ` steven chen
2025-04-02 12:47 ` [PATCH v11 6/9] ima: kexec: move IMA log copy from kexec load to execute steven chen
2025-04-08 16:17 ` Mimi Zohar
2025-04-10 14:15 ` steven chen
2025-04-02 12:47 ` [PATCH v11 7/9] ima: verify if the segment size has changed steven chen
2025-04-08 3:54 ` Baoquan He
2025-04-08 14:22 ` Mimi Zohar
2025-04-02 12:47 ` [PATCH v11 8/9] ima: make the kexec extra memory configurable steven chen
2025-04-10 9:54 ` Baoquan He
2025-04-10 16:59 ` steven chen
2025-04-10 18:04 ` Mimi Zohar
2025-04-10 18:49 ` steven chen
2025-04-10 19:47 ` Mimi Zohar
2025-04-02 12:47 ` [PATCH v11 9/9] ima: measure kexec load and exec events as critical data steven chen
2025-04-08 16:31 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z/SoekIdreYI3uBZ@MiWiFi-R3L-srv \
--to=bhe@redhat.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=bauermann@kolabnow.com \
--cc=chenste@linux.microsoft.com \
--cc=code@tyhicks.com \
--cc=dyoung@redhat.com \
--cc=ebiederm@xmission.com \
--cc=eric.snowberg@oracle.com \
--cc=kexec@lists.infradead.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=madvenka@linux.microsoft.com \
--cc=nramas@linux.microsoft.com \
--cc=paul@paul-moore.com \
--cc=roberto.sassu@huawei.com \
--cc=roberto.sassu@huaweicloud.com \
--cc=stefanb@linux.ibm.com \
--cc=vgoyal@redhat.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.