From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70DA1C04AB4 for ; Tue, 14 May 2019 14:46:30 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 4B7932084E for ; Tue, 14 May 2019 14:46:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726025AbfENOq3 (ORCPT ); Tue, 14 May 2019 10:46:29 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:59706 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725901AbfENOq3 (ORCPT ); Tue, 14 May 2019 10:46:29 -0400 Received: from pps.filterd (m0098414.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x4EEk2h7108775 for ; Tue, 14 May 2019 10:46:28 -0400 Received: from e06smtp05.uk.ibm.com (e06smtp05.uk.ibm.com [195.75.94.101]) by mx0b-001b2d01.pphosted.com with ESMTP id 2sfy7s1k0q-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 14 May 2019 10:46:27 -0400 Received: from localhost by e06smtp05.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 14 May 2019 15:46:22 +0100 Received: from b06cxnps3075.portsmouth.uk.ibm.com (9.149.109.195) by e06smtp05.uk.ibm.com (192.168.101.135) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 14 May 2019 15:46:18 +0100 Received: from d06av26.portsmouth.uk.ibm.com (d06av26.portsmouth.uk.ibm.com [9.149.105.62]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x4EEkI5I49545464 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 14 May 2019 14:46:18 GMT Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E8AC9AE045; Tue, 14 May 2019 14:46:17 +0000 (GMT) Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DF28CAE04D; Tue, 14 May 2019 14:46:16 +0000 (GMT) Received: from localhost.localdomain (unknown [9.80.80.29]) by d06av26.portsmouth.uk.ibm.com (Postfix) with ESMTP; Tue, 14 May 2019 14:46:16 +0000 (GMT) Subject: Re: [PATCH 3/3 v5] call ima_kexec_cmdline from kexec_file_load path From: Mimi Zohar To: Prakhar Srivastava , linux-integrity@vger.kernel.org, inux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Cc: ebiederm@xmission.com, vgoyal@redhat.com, prsriva@microsoft.com, Dave Young Date: Tue, 14 May 2019 10:46:06 -0400 In-Reply-To: <20190510223744.10154-4-prsriva02@gmail.com> References: <20190510223744.10154-1-prsriva02@gmail.com> <20190510223744.10154-4-prsriva02@gmail.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 19051414-0020-0000-0000-0000033C9621 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19051414-0021-0000-0000-0000218F528F Message-Id: <1557845166.4139.53.camel@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-05-14_09:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905140105 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org [Cc'ing Dave Young] On Fri, 2019-05-10 at 15:37 -0700, Prakhar Srivastava wrote: > From: Prakhar Srivastava The "From" line above should only appear when the patch author and the sender differ.  You can create the patches under one id and post them from another id.  Something is still wrong. > > To measure the cmldine args used in case of soft reboot. Call the > ima hook defined in [PATCH 1/3 v5]:"add a new ima hook and policy to measure the cmdline" > > Signed-off-by: Prakhar Srivastava > --- > kernel/kexec_file.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c > index f1d0e00a3971..e779bcf674a0 100644 > --- a/kernel/kexec_file.c > +++ b/kernel/kexec_file.c > @@ -241,6 +241,8 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, > ret = -EINVAL; > goto out; > } > + > + ima_kexec_cmdline(image->cmdline_buf, image->cmdline_buf_len - 1); > } > > /* Call arch image load handlers */ Much better! Mimi