From: Tushar Sugandhi <tusharsu@linux.microsoft.com>
To: zohar@linux.ibm.com, ebiederm@xmission.com, noodles@fb.com,
bauermann@kolabnow.com, kexec@lists.infradead.org,
linux-integrity@vger.kernel.org
Cc: code@tyhicks.com, nramas@linux.microsoft.com, paul@paul-moore.com
Subject: [PATCH v2 4/7] kexec: update kexec_file_load syscall to call ima_kexec_post_load
Date: Thu, 5 Oct 2023 11:25:59 -0700 [thread overview]
Message-ID: <20231005182602.634615-5-tusharsu@linux.microsoft.com> (raw)
In-Reply-To: <20231005182602.634615-1-tusharsu@linux.microsoft.com>
The kexec_file_load() syscall is used to load a new Kernel for kexec.
The syscall needs to be updated to call ima_kexec_post_load(),
which was implemented in a previous patch. ima_kexec_post_load() should
take care of mapping the IMA log buffer segment into the next Kernel. It
should also register a reboot notifier which would call a function to
dump the IMA measurements into IMA log buffer segment during kexec soft
reboot.
Modify the kexec_file_load() syscall to call ima_kexec_post_load() after
the image has been loaded and prepared for kexec. This ensures that the
IMA measurement list will be available to the next Kernel after a kexec
soft reboot. This also ensures the measurements taken in the window
between kexec 'load' and 'execute' are captured and passed to the next
Kernel.
Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
---
kernel/kexec_file.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index f989f5f1933b..617dbbb6e46d 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -184,6 +184,11 @@ kimage_validate_signature(struct kimage *image)
}
#endif
+void kimage_file_post_load(struct kimage *image)
+{
+ ima_kexec_post_load(image);
+}
+
/*
* In file mode list of segments is prepared by kernel. Copy relevant
* data from user space, do error checking, prepare segment list
@@ -399,6 +404,9 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
kimage_terminate(image);
+ if (!(flags & KEXEC_FILE_ON_CRASH))
+ kimage_file_post_load(image);
+
ret = machine_kexec_post_load(image);
if (ret)
goto out;
--
2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Tushar Sugandhi <tusharsu@linux.microsoft.com>
To: zohar@linux.ibm.com, ebiederm@xmission.com, noodles@fb.com,
bauermann@kolabnow.com, kexec@lists.infradead.org,
linux-integrity@vger.kernel.org
Cc: code@tyhicks.com, nramas@linux.microsoft.com, paul@paul-moore.com
Subject: [PATCH v2 4/7] kexec: update kexec_file_load syscall to call ima_kexec_post_load
Date: Thu, 5 Oct 2023 11:25:59 -0700 [thread overview]
Message-ID: <20231005182602.634615-5-tusharsu@linux.microsoft.com> (raw)
In-Reply-To: <20231005182602.634615-1-tusharsu@linux.microsoft.com>
The kexec_file_load() syscall is used to load a new Kernel for kexec.
The syscall needs to be updated to call ima_kexec_post_load(),
which was implemented in a previous patch. ima_kexec_post_load() should
take care of mapping the IMA log buffer segment into the next Kernel. It
should also register a reboot notifier which would call a function to
dump the IMA measurements into IMA log buffer segment during kexec soft
reboot.
Modify the kexec_file_load() syscall to call ima_kexec_post_load() after
the image has been loaded and prepared for kexec. This ensures that the
IMA measurement list will be available to the next Kernel after a kexec
soft reboot. This also ensures the measurements taken in the window
between kexec 'load' and 'execute' are captured and passed to the next
Kernel.
Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
---
kernel/kexec_file.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index f989f5f1933b..617dbbb6e46d 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -184,6 +184,11 @@ kimage_validate_signature(struct kimage *image)
}
#endif
+void kimage_file_post_load(struct kimage *image)
+{
+ ima_kexec_post_load(image);
+}
+
/*
* In file mode list of segments is prepared by kernel. Copy relevant
* data from user space, do error checking, prepare segment list
@@ -399,6 +404,9 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
kimage_terminate(image);
+ if (!(flags & KEXEC_FILE_ON_CRASH))
+ kimage_file_post_load(image);
+
ret = machine_kexec_post_load(image);
if (ret)
goto out;
--
2.25.1
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2023-10-05 18:26 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-05 18:25 [PATCH v2 0/7] ima: kexec: measure events between kexec load and execute Tushar Sugandhi
2023-10-05 18:25 ` Tushar Sugandhi
2023-10-05 18:25 ` [PATCH v2 1/7] ima: refactor ima_dump_measurement_list to move memory allocation to a separate function Tushar Sugandhi
2023-10-05 18:25 ` Tushar Sugandhi
2023-10-13 0:28 ` Stefan Berger
2023-10-13 0:28 ` Stefan Berger
2023-10-20 20:33 ` Tushar Sugandhi
2023-10-20 20:33 ` Tushar Sugandhi
2023-10-20 21:21 ` Stefan Berger
2023-10-20 21:21 ` Stefan Berger
2023-10-20 21:50 ` Tushar Sugandhi
2023-10-20 21:50 ` Tushar Sugandhi
2023-10-26 20:16 ` Mimi Zohar
2023-10-26 20:16 ` Mimi Zohar
2023-10-27 3:25 ` Mimi Zohar
2023-10-27 3:25 ` Mimi Zohar
2023-11-14 22:32 ` Tushar Sugandhi
2023-11-14 22:32 ` Tushar Sugandhi
2023-11-14 22:31 ` Tushar Sugandhi
2023-11-14 22:31 ` Tushar Sugandhi
2023-10-05 18:25 ` [PATCH v2 2/7] ima: move ima_dump_measurement_list call from kexec load to execute Tushar Sugandhi
2023-10-05 18:25 ` Tushar Sugandhi
2023-10-13 0:28 ` Stefan Berger
2023-10-13 0:28 ` Stefan Berger
2023-10-20 20:35 ` Tushar Sugandhi
2023-10-20 20:35 ` Tushar Sugandhi
[not found] ` <989af3e9a8621f57643b67b717d9a39fdb2ffe24.camel@linux.ibm.com>
2023-11-14 22:43 ` Tushar Sugandhi
2023-11-14 22:43 ` Tushar Sugandhi
2023-11-15 22:30 ` Tushar Sugandhi
2023-11-15 22:30 ` Tushar Sugandhi
2023-10-05 18:25 ` [PATCH v2 3/7] ima: kexec: map source pages containing IMA buffer to image post kexec load Tushar Sugandhi
2023-10-05 18:25 ` Tushar Sugandhi
2023-10-13 0:29 ` Stefan Berger
2023-10-13 0:29 ` Stefan Berger
2023-10-20 20:36 ` Tushar Sugandhi
2023-10-20 20:36 ` Tushar Sugandhi
2023-10-05 18:25 ` Tushar Sugandhi [this message]
2023-10-05 18:25 ` [PATCH v2 4/7] kexec: update kexec_file_load syscall to call ima_kexec_post_load Tushar Sugandhi
2023-10-05 18:26 ` [PATCH v2 5/7] ima: suspend measurements while the buffer is being copied during kexec reboot Tushar Sugandhi
2023-10-05 18:26 ` Tushar Sugandhi
2023-10-05 18:26 ` [PATCH v2 6/7] ima: make the memory for events between kexec load and exec configurable Tushar Sugandhi
2023-10-05 18:26 ` Tushar Sugandhi
2023-10-13 0:27 ` Stefan Berger
2023-10-13 0:27 ` Stefan Berger
2023-10-20 20:39 ` Tushar Sugandhi
2023-10-20 20:39 ` Tushar Sugandhi
2023-10-20 21:16 ` Stefan Berger
2023-10-20 21:16 ` Stefan Berger
2023-10-20 21:53 ` Tushar Sugandhi
2023-10-20 21:53 ` Tushar Sugandhi
2023-10-05 18:26 ` [PATCH v2 7/7] ima: record log size at kexec load and execute Tushar Sugandhi
2023-10-05 18:26 ` Tushar Sugandhi
2023-10-13 0:27 ` Stefan Berger
2023-10-13 0:27 ` Stefan Berger
2023-10-20 20:40 ` Tushar Sugandhi
2023-10-20 20:40 ` Tushar Sugandhi
[not found] ` <2b95e8b9ebe10a24c7cb6fc90cb2d1342a157ed5.camel@linux.ibm.com>
2023-11-14 22:48 ` Tushar Sugandhi
2023-11-14 22:48 ` Tushar Sugandhi
[not found] ` <8f87e7e4fe5c5a24cdc0d3e2267eeaf00825d1bb.camel@linux.ibm.com>
2023-10-27 19:51 ` [PATCH v2 0/7] ima: kexec: measure events between " Mimi Zohar
2023-10-27 19:51 ` Mimi Zohar
2023-11-15 19:21 ` Tushar Sugandhi
2023-11-15 19:21 ` Tushar Sugandhi
2023-11-14 23:24 ` Tushar Sugandhi
2023-11-14 23:24 ` Tushar Sugandhi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231005182602.634615-5-tusharsu@linux.microsoft.com \
--to=tusharsu@linux.microsoft.com \
--cc=bauermann@kolabnow.com \
--cc=code@tyhicks.com \
--cc=ebiederm@xmission.com \
--cc=kexec@lists.infradead.org \
--cc=linux-integrity@vger.kernel.org \
--cc=noodles@fb.com \
--cc=nramas@linux.microsoft.com \
--cc=paul@paul-moore.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.