From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <kexec-bounces+kexec=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id B3778C02194
	for <kexec@archiver.kernel.org>; Fri,  7 Feb 2025 19:25:10 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help
	:List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding:
	Content-Type:In-Reply-To:From:References:Cc:To:Subject:MIME-Version:Date:
	Message-ID:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	bh=zt9HgV3CYEF4IgU9rUZoB8RGyFAs8v6Kh6vMoUBGx0A=; b=K/mbodqze/tboGaWZY4d0PFqDQ
	suXIBtnd13DXf9+/am2YQH7VL29kajy4Tb6F5y1/14p54om/K/WDsBT6qQH+zsgP5yqUV0Bd3BM28
	lrk6B50OygmmlcIt1vHLhUQ3/1tHthaH6+3h0axtKmSO8STIJirWt7j2g6jU7D6pirxgVkQIDlopf
	SETRczW7flms5/7ofgbdyClzFMuvrqD21IMfCB77ihEN3JHkoIotMYOOdE8O+KFFNizfA/4JqvRFs
	nkk6BxcdLEF4fujaal12bZGmHfBVQ2q/v2BPlS6SKgDHm3XX56hE/89RKBzAfW3fYMtT8WRY7THNT
	Hsd3Ra1w==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux))
	id 1tgTyQ-0000000AtXx-19Ls;
	Fri, 07 Feb 2025 19:25:10 +0000
Received: from desiato.infradead.org ([2001:8b0:10b:1:d65d:64ff:fe57:4e05])
	by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux))
	id 1tgTyC-0000000AtUB-1d8X
	for kexec@bombadil.infradead.org;
	Fri, 07 Feb 2025 19:24:56 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=infradead.org; s=desiato.20200630; h=Content-Transfer-Encoding:Content-Type
	:In-Reply-To:From:References:Cc:To:Subject:MIME-Version:Date:Message-ID:
	Sender:Reply-To:Content-ID:Content-Description;
	bh=zt9HgV3CYEF4IgU9rUZoB8RGyFAs8v6Kh6vMoUBGx0A=; b=RK0zuiNZ9d6/wsWtPvMQAqHazg
	Oc4pikD3DxHv1H4dXQgLo2v2ljA5m9PZ8QPo5lXbO+W2Pxe1jRp2JdiW6nTiqG1suVriv3gQw/IwK
	fBLiEgMnpuoahTLRZYb/owfRXf5dv9e4zNT2udVkV0msJgtULGYU6dYOTus3wKaAD4eTJ6IlTd/ry
	jVbEF+zEpoXphK8+wR0ZBXyKxEPQ9pwT/H/DjLJLP03cFIyrdxv9hHn6iyVQPt5q1xnOlrae1K7+s
	tGCjEFUxpdMF0BD5kkKeeKwVgGMreF0PHnmdkYFCzWnnQSvr2oSOv198WctXLepLAM2PmTKFc8QnV
	GO//n9xw==;
Received: from linux.microsoft.com ([13.77.154.182])
	by desiato.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux))
	id 1tgTy8-0000000HIz4-2j2h
	for kexec@lists.infradead.org;
	Fri, 07 Feb 2025 19:24:55 +0000
Received: from [10.17.64.61] (unknown [131.107.8.61])
	by linux.microsoft.com (Postfix) with ESMTPSA id 764502107307;
	Fri,  7 Feb 2025 11:24:47 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 764502107307
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
	s=default; t=1738956287;
	bh=zt9HgV3CYEF4IgU9rUZoB8RGyFAs8v6Kh6vMoUBGx0A=;
	h=Date:Subject:To:Cc:References:From:In-Reply-To:From;
	b=oDjtXD08Lqb8ELFrQ7DgfZeT1+6Pmg2K01dpPAHVQTg9B3ponljVlqzBwlf8Wf4SN
	 dcmXUAQLF+ePAWCawIJ0evruE3iRvUJNza1rjhQ4HtK5Y9vIxZKQwi91zNQLoit4G7
	 5GLarvKTqn2ENCC7wHTCYNMZC9YE7xv6rw8uqVL8=
Message-ID: <b9a4089e-d97a-4977-a73a-bb0ccd02672e@linux.microsoft.com>
Date: Fri, 7 Feb 2025 11:24:47 -0800
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH v7 3/7] ima: kexec: skip IMA segment validation after
 kexec soft reboot
To: Stefan Berger <stefanb@linux.ibm.com>, zohar@linux.ibm.com,
 roberto.sassu@huaweicloud.com, roberto.sassu@huawei.com,
 eric.snowberg@oracle.com, ebiederm@xmission.com, paul@paul-moore.com,
 code@tyhicks.com, bauermann@kolabnow.com, linux-integrity@vger.kernel.org,
 kexec@lists.infradead.org, linux-security-module@vger.kernel.org,
 linux-kernel@vger.kernel.org
Cc: madvenka@linux.microsoft.com, nramas@linux.microsoft.com,
 James.Bottomley@HansenPartnership.com
References: <20250203232033.64123-1-chenste@linux.microsoft.com>
 <20250203232033.64123-4-chenste@linux.microsoft.com>
 <00eeeb8b-cc28-42af-873f-3478cd22fb6e@linux.ibm.com>
Content-Language: en-US
From: steven chen <chenste@linux.microsoft.com>
In-Reply-To: <00eeeb8b-cc28-42af-873f-3478cd22fb6e@linux.ibm.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20250207_192453_245029_885CDC03 
X-CRM114-Status: GOOD (  20.39  )
X-BeenThere: kexec@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <kexec.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/kexec>,
 <mailto:kexec-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/kexec/>
List-Post: <mailto:kexec@lists.infradead.org>
List-Help: <mailto:kexec-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/kexec>,
 <mailto:kexec-request@lists.infradead.org?subject=subscribe>
Sender: "kexec" <kexec-bounces@lists.infradead.org>
Errors-To: kexec-bounces+kexec=archiver.kernel.org@lists.infradead.org

On 2/4/2025 11:39 AM, Stefan Berger wrote:
> On 2/3/25 6:20 PM, steven chen wrote:
>> kexec_calculate_store_digests() calculates and stores the digest of the
>> segment at kexec_file_load syscall where the IMA segment is also
>> allocated.  With this series, the IMA segment will be updated with the
>> measurement log at kexec excute stage when soft reboot is initiated.
>
> s/excute/execute
>
>> Therefore, it may fail digest verification in verify_sha256_digest()
>> after kexec soft reboot into the new kernel. Therefore, the digest
>> calculation/verification of the IMA segment needs to be skipped.
>>
>> Skip IMA segment from calculating and storing digest in function
>
> Skip the calculation and storing of the digest of the IMA segment in 
> kexec_calculate_store_digests() so that ...
>
>
>> kexec_calculate_store_digests() so that it is not added to the
>> 'purgatory_sha_regions'.
>>
>> Since verify_sha256_digest() only verifies 'purgatory_sha_regions',
>> no change is needed in verify_sha256_digest() in this context.
>>
>> With this change, the IMA segment is not included in the digest
>> calculation, storage, and verification.
>>
>> Author: Tushar Sugandhi <tusharsu@linux.microsoft.com>
>> Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
>> Signed-off-by: steven chen <chenste@linux.microsoft.com>
> > --->   include/linux/kexec.h              |  3 +++
>>   kernel/kexec_file.c                | 23 +++++++++++++++++++++++
>>   security/integrity/ima/ima_kexec.c |  3 +++
>>   3 files changed, 29 insertions(+)
>>
>> diff --git a/include/linux/kexec.h b/include/linux/kexec.h
>> index f8413ea5c8c8..f3246e881ac8 100644
>> --- a/include/linux/kexec.h
>> +++ b/include/linux/kexec.h
>> @@ -362,6 +362,9 @@ struct kimage {
>>         phys_addr_t ima_buffer_addr;
>>       size_t ima_buffer_size;
>> +
>> +    unsigned long ima_segment_index;
>> +    bool is_ima_segment_index_set;
>>   #endif
>>         /* Core ELF header buffer */
>> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
>> index 3eedb8c226ad..a3370a0dce20 100644
>> --- a/kernel/kexec_file.c
>> +++ b/kernel/kexec_file.c
>> @@ -38,6 +38,22 @@ void set_kexec_sig_enforced(void)
>>   }
>>   #endif
>>   +#ifdef CONFIG_IMA_KEXEC
>> +static bool check_ima_segment_index(struct kimage *image, int i)
>> +{
>> +    if (image->is_ima_segment_index_set &&
>> +            i == image->ima_segment_index)
>
> The 'i =' should be indented under 'image->'.
>
> With these nits fixed:
>
> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
>
>> +        return true;
>> +    else
>> +        return false;
>> +}
>> +#else
>> +static bool check_ima_segment_index(struct kimage *image, int i)
>> +{
>> +    return false;
>> +}
>> +#endif
>> +
>>   static int kexec_calculate_store_digests(struct kimage *image);
>>     /* Maximum size in bytes for kernel/initrd files. */
>> @@ -764,6 +780,13 @@ static int kexec_calculate_store_digests(struct 
>> kimage *image)
>>           if (ksegment->kbuf == pi->purgatory_buf)
>>               continue;
>>   +        /*
>> +         * Skip the segment if ima_segment_index is set and matches
>> +         * the current index
>> +         */
>> +        if (check_ima_segment_index(image, i))
>> +            continue;
>> +
>>           ret = crypto_shash_update(desc, ksegment->kbuf,
>>                         ksegment->bufsz);
>>           if (ret)
>> diff --git a/security/integrity/ima/ima_kexec.c 
>> b/security/integrity/ima/ima_kexec.c
>> index b60a902460e2..283860d20521 100644
>> --- a/security/integrity/ima/ima_kexec.c
>> +++ b/security/integrity/ima/ima_kexec.c
>> @@ -162,6 +162,7 @@ void ima_add_kexec_buffer(struct kimage *image)
>>       kbuf.buffer = kexec_buffer;
>>       kbuf.bufsz = kexec_buffer_size;
>>       kbuf.memsz = kexec_segment_size;
>> +    image->is_ima_segment_index_set = false;
>>       ret = kexec_add_buffer(&kbuf);
>>       if (ret) {
>>           pr_err("Error passing over kexec measurement buffer.\n");
>> @@ -172,6 +173,8 @@ void ima_add_kexec_buffer(struct kimage *image)
>>       image->ima_buffer_addr = kbuf.mem;
>>       image->ima_buffer_size = kexec_segment_size;
>>       image->ima_buffer = kexec_buffer;
>> +    image->ima_segment_index = image->nr_segments - 1;
>> +    image->is_ima_segment_index_set = true;
>>         /*
>>        * kexec owns kexec_buffer after kexec_add_buffer() is called

Thanks, Stefan, I will update it in next version