From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1C9CCC3DA6E for ; Wed, 20 Dec 2023 20:18:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Mime-Version:References:In-Reply-To: Date:Cc:To:From:Subject:Message-ID:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=+OKSzlWabEXZVEtEJ6q3BeNGmuI7EKLHd4yinU8vqN0=; b=cMZxLNYJhOKQQk cRnyxwMYGIhloKXMehUm+6/Ew+LZSs1p3kbR6wF8xtdFb1m3DkKtGryb+WQUnPsPa5WPs5XAo/Q4t XiamKG0D0V9j6hnTbAG9zos2Rm6XHMycmBZcmrDfq0JvsGAbekVFV4dl2Qb1p4mW4DQpF5ycvfNpz XihMU8o0F9Njyz/PTLGbdXz1ohqFrEHxkbxGaxSMrrLyMhWIZTjINTEgqLEt5CVJtLqoxTfcO7El1 KL4HLTSc8bE/zx3xP8iMDr+bQtHWYJeO75vVcfrW8mkEacF+x2ktsxJ09CLybZBO+Vkb4Z9eJGz4G GwTd0N7QTWqgWquHyeIA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1rG31R-000pYk-24; Wed, 20 Dec 2023 20:18:29 +0000 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1rG31O-000pYL-0q for kexec@lists.infradead.org; Wed, 20 Dec 2023 20:18:28 +0000 Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3BKJl0cA005212; Wed, 20 Dec 2023 20:18:00 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : subject : from : to : cc : date : in-reply-to : references : content-type : mime-version : content-transfer-encoding; s=pp1; bh=QGrZ5WG1uTruUSRtoz27vaI8p+nzVgCsiiHShd6D+tY=; b=JczChYlYDIDrjV9l1ayMoGOj7EhoooPVqGlEULyYw3/IQH9hVAcj9E2XCQuOGmzPAT94 mviFlCCwVOykMoTLebpgVqpGR8Cs/1wGjbxKPIT5wiJutB3hEmpgxaplZaoBMmwZdfJ5 uys3JYQcAbBe8T0/74lbGSq87eJTtF3ss9pgOJO6Yl9Lfju+ugdPY54XcjX3x9mJnp38 4Jxa0kDJJhxN0Unxth/J1oSlRRpsM9D7jL3Rrv0kONRGYe8sI200ZHGiTDUQvo8nnHgN Ik6299qcbV/VmgSyPl/5MJOzmyhbNGcM8ktjda03zc8wCWI2QTVkCmfeLLpqoyvbLot+ Og== Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3v46qrrmjk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 Dec 2023 20:17:59 +0000 Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 3BKI1kjj027822; Wed, 20 Dec 2023 20:15:34 GMT Received: from smtprelay04.wdc07v.mail.ibm.com ([172.16.1.71]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 3v1rek8cca-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 Dec 2023 20:15:34 +0000 Received: from smtpav02.wdc07v.mail.ibm.com (smtpav02.wdc07v.mail.ibm.com [10.39.53.229]) by smtprelay04.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 3BKKFXFE47382914 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 20 Dec 2023 20:15:34 GMT Received: from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D079E58058; Wed, 20 Dec 2023 20:15:33 +0000 (GMT) Received: from smtpav02.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 533445805C; Wed, 20 Dec 2023 20:15:32 +0000 (GMT) Received: from li-f45666cc-3089-11b2-a85c-c57d1a57929f.ibm.com (unknown [9.61.116.58]) by smtpav02.wdc07v.mail.ibm.com (Postfix) with ESMTP; Wed, 20 Dec 2023 20:15:32 +0000 (GMT) Message-ID: Subject: Re: [PATCH v3 6/7] ima: configure memory to log events between kexec load and execute From: Mimi Zohar To: Tushar Sugandhi , roberto.sassu@huaweicloud.com, roberto.sassu@huawei.com, eric.snowberg@oracle.com, stefanb@linux.ibm.com, ebiederm@xmission.com, noodles@fb.com, bauermann@kolabnow.com, linux-integrity@vger.kernel.org, kexec@lists.infradead.org Cc: code@tyhicks.com, nramas@linux.microsoft.com, paul@paul-moore.com Date: Wed, 20 Dec 2023 15:15:31 -0500 In-Reply-To: <20231216010729.2904751-7-tusharsu@linux.microsoft.com> References: <20231216010729.2904751-1-tusharsu@linux.microsoft.com> <20231216010729.2904751-7-tusharsu@linux.microsoft.com> X-Mailer: Evolution 3.28.5 (3.28.5-22.el8) Mime-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: fyfM2qETtpX1VfoT_hQoIr6IcqZbw5xd X-Proofpoint-ORIG-GUID: fyfM2qETtpX1VfoT_hQoIr6IcqZbw5xd X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-20_13,2023-12-20_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 clxscore=1015 adultscore=0 priorityscore=1501 mlxlogscore=999 lowpriorityscore=0 bulkscore=0 suspectscore=0 mlxscore=0 phishscore=0 spamscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311290000 definitions=main-2312200143 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20231220_121826_529627_C9C835DA X-CRM114-Status: GOOD ( 29.89 ) X-BeenThere: kexec@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "kexec" Errors-To: kexec-bounces+kexec=archiver.kernel.org@lists.infradead.org Hi Tushar, The Subject line should include the word "extra". The use of the extra memory isn't limited to the measurements between the kexec load and exec. Additional records could be added as a result of the kexec load itself. Let's simplify the title to "ima: make the kexec extra memory configurable". Please remove any references to measurements between kexec load and execute. On Fri, 2023-12-15 at 17:07 -0800, Tushar Sugandhi wrote: > IMA currently allocates half a PAGE_SIZE for the extra events that would > be measured between kexec 'load' and 'execute'. Depending on the IMA > policy and the system state, that memory may not be sufficient to hold > the extra IMA events measured after kexec 'load'. The memory > requirements vary from system to system and they should be configurable. The extra memory allocated for carrying the IMA measurement list across kexec is hardcoded as a half a PAGE. Make it configurable. > Define a Kconfig option, IMA_KEXEC_EXTRA_MEMORY_KB, to configure the > extra memory (in kb) to be allocated for IMA measurements added in the > window from kexec 'load' to kexec 'execute'. > Update ima_add_kexec_buffer() function to allocate memory based on the > Kconfig option value, rather than the currently hardcoded one. > > Signed-off-by: Tushar Sugandhi > --- > security/integrity/ima/Kconfig | 9 +++++++++ > security/integrity/ima/ima_kexec.c | 13 ++++++++----- > 2 files changed, 17 insertions(+), 5 deletions(-) > > diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig > index 60a511c6b583..8792b7aab768 100644 > --- a/security/integrity/ima/Kconfig > +++ b/security/integrity/ima/Kconfig > @@ -338,3 +338,12 @@ config IMA_DISABLE_HTABLE > default n > help > This option disables htable to allow measurement of duplicate records. > + > +config IMA_KEXEC_EXTRA_MEMORY_KB > + int > + depends on IMA && IMA_KEXEC > + default 64 Since this isn't optional, the default should remain as a half page. Since a page is architecture specific, the default will need to be arch specific. thanks, Mimih > + help > + IMA_KEXEC_EXTRA_MEMORY_KB determines the extra memory to be > + allocated (in kb) for IMA measurements added in the window > + from kexec 'load' to kexec 'execute'. > diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c > index 55bd5362262e..063da9c834a0 100644 > --- a/security/integrity/ima/ima_kexec.c > +++ b/security/integrity/ima/ima_kexec.c > @@ -128,15 +128,18 @@ void ima_add_kexec_buffer(struct kimage *image) > int ret; > > /* > - * Reserve an extra half page of memory for additional measurements > - * added during the kexec load. > + * Reserve extra memory for measurements added in the window from > + * kexec 'load' to kexec 'execute'. > */ > - binary_runtime_size = ima_get_binary_runtime_size(); > + binary_runtime_size = ima_get_binary_runtime_size() + > + sizeof(struct ima_kexec_hdr) + > + (CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB * 1024); > + > if (binary_runtime_size >= ULONG_MAX - PAGE_SIZE) > kexec_segment_size = ULONG_MAX; > else > - kexec_segment_size = ALIGN(ima_get_binary_runtime_size() + > - PAGE_SIZE / 2, PAGE_SIZE); > + kexec_segment_size = ALIGN(binary_runtime_size, PAGE_SIZE); > + > if ((kexec_segment_size == ULONG_MAX) || > ((kexec_segment_size >> PAGE_SHIFT) > totalram_pages() / 2)) { > pr_err("Binary measurement list too large.\n"); _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec