* [PATCH V3 1/6] Refactoring powerpc code to be made available to other architectures
2020-07-20 15:23 [PATCH V3 0/6] Add support to carry forward the IMA measurement logs Prakhar Srivastava
@ 2020-07-20 15:23 ` Prakhar Srivastava
2020-07-20 15:23 ` [PATCH V3 2/6] Update remove_ima_buffer code to use functions from libfdt reducing wrappers functions Prakhar Srivastava
` (4 subsequent siblings)
5 siblings, 0 replies; 10+ messages in thread
From: Prakhar Srivastava @ 2020-07-20 15:23 UTC (permalink / raw)
To: linux-integrity, linux-kernel, devicetree
Cc: catalin.marinas, will, mpe, benh, paulus, robh+dt, frowand.list,
zohar, dmitry.kasatkin, jmorris, serge, pasha.tatashin, allison,
kstewart, takahiro.akashi, tglx, vincenzo.frascino, mark.rutland,
masahiroy, james.morse, bhsharma, mbrugger, hsinyi, tao.li,
christophe.leroy, gregkh, nramas, prsriva, tusharsu, balajib,
bauerman, robh
Existing code in arch/powerpc can be used for carrying forward the IMA measurement
logs by other architectures.
Moving non architecture specific code to security/intergrity, to be made available
to other architectures
Signed-off-by: Prakhar Srivastava <prsriva@linux.microsoft.com>
---
arch/powerpc/include/asm/ima.h | 3 -
arch/powerpc/kexec/ima.c | 54 ------------------
security/integrity/ima/ima_kexec.c | 91 ++++++++++++++++++++++++++++++
3 files changed, 91 insertions(+), 57 deletions(-)
diff --git a/arch/powerpc/include/asm/ima.h b/arch/powerpc/include/asm/ima.h
index ead488cf3981..bc27fd94de52 100644
--- a/arch/powerpc/include/asm/ima.h
+++ b/arch/powerpc/include/asm/ima.h
@@ -4,9 +4,6 @@
struct kimage;
-int ima_get_kexec_buffer(void **addr, size_t *size);
-int ima_free_kexec_buffer(void);
-
#ifdef CONFIG_IMA
void remove_ima_buffer(void *fdt, int chosen_node);
#else
diff --git a/arch/powerpc/kexec/ima.c b/arch/powerpc/kexec/ima.c
index 720e50e490b6..563313703756 100644
--- a/arch/powerpc/kexec/ima.c
+++ b/arch/powerpc/kexec/ima.c
@@ -46,60 +46,6 @@ static int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr,
return 0;
}
-/**
- * ima_get_kexec_buffer - get IMA buffer from the previous kernel
- * @addr: On successful return, set to point to the buffer contents.
- * @size: On successful return, set to the buffer size.
- *
- * Return: 0 on success, negative errno on error.
- */
-int ima_get_kexec_buffer(void **addr, size_t *size)
-{
- int ret, len;
- unsigned long tmp_addr;
- size_t tmp_size;
- const void *prop;
-
- prop = of_get_property(of_chosen, "linux,ima-kexec-buffer", &len);
- if (!prop)
- return -ENOENT;
-
- ret = do_get_kexec_buffer(prop, len, &tmp_addr, &tmp_size);
- if (ret)
- return ret;
-
- *addr = __va(tmp_addr);
- *size = tmp_size;
-
- return 0;
-}
-
-/**
- * ima_free_kexec_buffer - free memory used by the IMA buffer
- */
-int ima_free_kexec_buffer(void)
-{
- int ret;
- unsigned long addr;
- size_t size;
- struct property *prop;
-
- prop = of_find_property(of_chosen, "linux,ima-kexec-buffer", NULL);
- if (!prop)
- return -ENOENT;
-
- ret = do_get_kexec_buffer(prop->value, prop->length, &addr, &size);
- if (ret)
- return ret;
-
- ret = of_remove_property(of_chosen, prop);
- if (ret)
- return ret;
-
- return memblock_free(addr, size);
-
-}
-
/**
* remove_ima_buffer - remove the IMA buffer property and reservation from @fdt
*
diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
index 121de3e04af2..2fe2d3bf7bda 100644
--- a/security/integrity/ima/ima_kexec.c
+++ b/security/integrity/ima/ima_kexec.c
@@ -10,8 +10,99 @@
#include <linux/seq_file.h>
#include <linux/vmalloc.h>
#include <linux/kexec.h>
+#include <linux/of.h>
+#include <linux/memblock.h>
+#include <linux/libfdt.h>
#include "ima.h"
+static int get_addr_size_cells(int *addr_cells, int *size_cells)
+{
+ struct device_node *root;
+
+ root = of_find_node_by_path("/");
+ if (!root)
+ return -EINVAL;
+
+ *addr_cells = of_n_addr_cells(root);
+ *size_cells = of_n_size_cells(root);
+
+ of_node_put(root);
+
+ return 0;
+}
+
+static int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr,
+ size_t *size)
+{
+ int ret, addr_cells, size_cells;
+
+ ret = get_addr_size_cells(&addr_cells, &size_cells);
+ if (ret)
+ return ret;
+
+ if (len < 4 * (addr_cells + size_cells))
+ return -ENOENT;
+
+ *addr = of_read_number(prop, addr_cells);
+ *size = of_read_number(prop + 4 * addr_cells, size_cells);
+
+ return 0;
+}
+
+/**
+ * ima_get_kexec_buffer - get IMA buffer from the previous kernel
+ * @addr: On successful return, set to point to the buffer contents.
+ * @size: On successful return, set to the buffer size.
+ *
+ * Return: 0 on success, negative errno on error.
+ */
+int ima_get_kexec_buffer(void **addr, size_t *size)
+{
+ int ret, len;
+ unsigned long tmp_addr;
+ size_t tmp_size;
+ const void *prop;
+
+ prop = of_get_property(of_chosen, "linux,ima-kexec-buffer", &len);
+ if (!prop)
+ return -ENOENT;
+
+ ret = do_get_kexec_buffer(prop, len, &tmp_addr, &tmp_size);
+ if (ret)
+ return ret;
+
+ *addr = __va(tmp_addr);
+ *size = tmp_size;
+
+ return 0;
+}
+
+/**
+ * ima_free_kexec_buffer - free memory used by the IMA buffer
+ */
+int ima_free_kexec_buffer(void)
+{
+ int ret;
+ unsigned long addr;
+ size_t size;
+ struct property *prop;
+
+ prop = of_find_property(of_chosen, "linux,ima-kexec-buffer", NULL);
+ if (!prop)
+ return -ENOENT;
+
+ ret = do_get_kexec_buffer(prop->value, prop->length, &addr, &size);
+ if (ret)
+ return ret;
+
+ ret = of_remove_property(of_chosen, prop);
+ if (ret)
+ return ret;
+
+ return memblock_free(addr, size);
+
+}
+
#ifdef CONFIG_IMA_KEXEC
static int ima_dump_measurement_list(unsigned long *buffer_size, void **buffer,
unsigned long segment_size)
--
2.25.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH V3 2/6] Update remove_ima_buffer code to use functions from libfdt reducing wrappers functions.
2020-07-20 15:23 [PATCH V3 0/6] Add support to carry forward the IMA measurement logs Prakhar Srivastava
2020-07-20 15:23 ` [PATCH V3 1/6] Refactoring powerpc code to be made available to other architectures Prakhar Srivastava
@ 2020-07-20 15:23 ` Prakhar Srivastava
2020-07-20 15:32 ` Greg KH
2020-07-20 15:23 ` [PATCH V3 3/6] Update function do_get_kexec_buffer to use of_* functions, and reducing wrapper functions Prakhar Srivastava
` (3 subsequent siblings)
5 siblings, 1 reply; 10+ messages in thread
From: Prakhar Srivastava @ 2020-07-20 15:23 UTC (permalink / raw)
To: linux-integrity, linux-kernel, devicetree
Cc: catalin.marinas, will, mpe, benh, paulus, robh+dt, frowand.list,
zohar, dmitry.kasatkin, jmorris, serge, pasha.tatashin, allison,
kstewart, takahiro.akashi, tglx, vincenzo.frascino, mark.rutland,
masahiroy, james.morse, bhsharma, mbrugger, hsinyi, tao.li,
christophe.leroy, gregkh, nramas, prsriva, tusharsu, balajib,
bauerman, robh
Signed-off-by: Prakhar Srivastava <prsriva@linux.microsoft.com>
---
arch/powerpc/kexec/ima.c | 63 ++++++++++++++++------------------------
1 file changed, 25 insertions(+), 38 deletions(-)
diff --git a/arch/powerpc/kexec/ima.c b/arch/powerpc/kexec/ima.c
index 563313703756..a9e4e9f04273 100644
--- a/arch/powerpc/kexec/ima.c
+++ b/arch/powerpc/kexec/ima.c
@@ -12,40 +12,6 @@
#include <linux/memblock.h>
#include <linux/libfdt.h>
-static int get_addr_size_cells(int *addr_cells, int *size_cells)
-{
- struct device_node *root;
-
- root = of_find_node_by_path("/");
- if (!root)
- return -EINVAL;
-
- *addr_cells = of_n_addr_cells(root);
- *size_cells = of_n_size_cells(root);
-
- of_node_put(root);
-
- return 0;
-}
-
-static int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr,
- size_t *size)
-{
- int ret, addr_cells, size_cells;
-
- ret = get_addr_size_cells(&addr_cells, &size_cells);
- if (ret)
- return ret;
-
- if (len < 4 * (addr_cells + size_cells))
- return -ENOENT;
-
- *addr = of_read_number(prop, addr_cells);
- *size = of_read_number(prop + 4 * addr_cells, size_cells);
-
- return 0;
-}
-
/**
* remove_ima_buffer - remove the IMA buffer property and reservation from @fdt
*
@@ -54,7 +20,7 @@ static int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr,
*/
void remove_ima_buffer(void *fdt, int chosen_node)
{
- int ret, len;
+ int ret, len, addr_cells, size_cells;
unsigned long addr;
size_t size;
const void *prop;
@@ -63,7 +29,22 @@ void remove_ima_buffer(void *fdt, int chosen_node)
if (!prop)
return;
- ret = do_get_kexec_buffer(prop, len, &addr, &size);
+ ret = fdt_address_cells(fdt, chosen_node);
+ if (ret < 0)
+ return;
+ addr_cells = ret;
+
+ ret = fdt_size_cells(fdt, chosen_node);
+ if (ret < 0)
+ return;
+ size_cells = ret;
+
+ if (len < 4 * (addr_cells + size_cells))
+ return;
+
+ addr = of_read_number(prop, addr_cells);
+ size = of_read_number(prop + 4 * addr_cells, size_cells);
+
fdt_delprop(fdt, chosen_node, "linux,ima-kexec-buffer");
if (ret)
return;
@@ -129,9 +110,15 @@ int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
if (!image->arch.ima_buffer_size)
return 0;
- ret = get_addr_size_cells(&addr_cells, &size_cells);
- if (ret)
+ ret = fdt_address_cells(fdt, chosen_node);
+ if (ret < 0)
+ return ret;
+ addr_cells = ret;
+
+ ret = fdt_size_cells(fdt, chosen_node);
+ if (ret < 0)
return ret;
+ size_cells = ret;
entry_size = 4 * (addr_cells + size_cells);
--
2.25.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH V3 2/6] Update remove_ima_buffer code to use functions from libfdt reducing wrappers functions.
2020-07-20 15:23 ` [PATCH V3 2/6] Update remove_ima_buffer code to use functions from libfdt reducing wrappers functions Prakhar Srivastava
@ 2020-07-20 15:32 ` Greg KH
0 siblings, 0 replies; 10+ messages in thread
From: Greg KH @ 2020-07-20 15:32 UTC (permalink / raw)
To: Prakhar Srivastava
Cc: linux-integrity, linux-kernel, devicetree, catalin.marinas, will,
mpe, benh, paulus, robh+dt, frowand.list, zohar, dmitry.kasatkin,
jmorris, serge, pasha.tatashin, allison, kstewart,
takahiro.akashi, tglx, vincenzo.frascino, mark.rutland,
masahiroy, james.morse, bhsharma, mbrugger, hsinyi, tao.li,
christophe.leroy, nramas, tusharsu, balajib, bauerman, robh
On Mon, Jul 20, 2020 at 08:23:38AM -0700, Prakhar Srivastava wrote:
> Signed-off-by: Prakhar Srivastava <prsriva@linux.microsoft.com>
I know I refuse patches without any changelog texts, perhaps other
maintainers are more lax...
ALso, your subject lines are really odd, look at how almost all other
patches do it, we have hundreds of thousands of examples to choose from
:)
thanks,
greg k-h
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH V3 3/6] Update function do_get_kexec_buffer to use of_* functions, and reducing wrapper functions.
2020-07-20 15:23 [PATCH V3 0/6] Add support to carry forward the IMA measurement logs Prakhar Srivastava
2020-07-20 15:23 ` [PATCH V3 1/6] Refactoring powerpc code to be made available to other architectures Prakhar Srivastava
2020-07-20 15:23 ` [PATCH V3 2/6] Update remove_ima_buffer code to use functions from libfdt reducing wrappers functions Prakhar Srivastava
@ 2020-07-20 15:23 ` Prakhar Srivastava
2020-07-20 15:23 ` [PATCH V3 4/6] Add support in arm64 to store the memory information of the IMA measurement log in the kimage used for kexec Prakhar Srivastava
` (2 subsequent siblings)
5 siblings, 0 replies; 10+ messages in thread
From: Prakhar Srivastava @ 2020-07-20 15:23 UTC (permalink / raw)
To: linux-integrity, linux-kernel, devicetree
Cc: catalin.marinas, will, mpe, benh, paulus, robh+dt, frowand.list,
zohar, dmitry.kasatkin, jmorris, serge, pasha.tatashin, allison,
kstewart, takahiro.akashi, tglx, vincenzo.frascino, mark.rutland,
masahiroy, james.morse, bhsharma, mbrugger, hsinyi, tao.li,
christophe.leroy, gregkh, nramas, prsriva, tusharsu, balajib,
bauerman, robh
Signed-off-by: Prakhar Srivastava <prsriva@linux.microsoft.com>
---
security/integrity/ima/ima_kexec.c | 20 +++++---------------
1 file changed, 5 insertions(+), 15 deletions(-)
diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
index 2fe2d3bf7bda..e47982e9bb67 100644
--- a/security/integrity/ima/ima_kexec.c
+++ b/security/integrity/ima/ima_kexec.c
@@ -15,31 +15,21 @@
#include <linux/libfdt.h>
#include "ima.h"
-static int get_addr_size_cells(int *addr_cells, int *size_cells)
+static int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr,
+ size_t *size)
{
+ int addr_cells, size_cells;
struct device_node *root;
root = of_find_node_by_path("/");
if (!root)
return -EINVAL;
- *addr_cells = of_n_addr_cells(root);
- *size_cells = of_n_size_cells(root);
+ addr_cells = of_n_addr_cells(root);
+ size_cells = of_n_size_cells(root);
of_node_put(root);
- return 0;
-}
-
-static int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr,
- size_t *size)
-{
- int ret, addr_cells, size_cells;
-
- ret = get_addr_size_cells(&addr_cells, &size_cells);
- if (ret)
- return ret;
-
if (len < 4 * (addr_cells + size_cells))
return -ENOENT;
--
2.25.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH V3 4/6] Add support in arm64 to store the memory information of the IMA measurement log in the kimage used for kexec.
2020-07-20 15:23 [PATCH V3 0/6] Add support to carry forward the IMA measurement logs Prakhar Srivastava
` (2 preceding siblings ...)
2020-07-20 15:23 ` [PATCH V3 3/6] Update function do_get_kexec_buffer to use of_* functions, and reducing wrapper functions Prakhar Srivastava
@ 2020-07-20 15:23 ` Prakhar Srivastava
2020-07-20 15:23 ` [PATCH V3 5/6] Update the Kconfig to support carrying forward the IMA Measurement log and and update the setup_dtb call to add the linux,ima-kexec-buffer property to the DTB Prakhar Srivastava
2020-07-20 15:23 ` [PATCH V3 6/6] Add the property used for carrying forward the IMA measurement logs and update the code to use the defined property string Prakhar Srivastava
5 siblings, 0 replies; 10+ messages in thread
From: Prakhar Srivastava @ 2020-07-20 15:23 UTC (permalink / raw)
To: linux-integrity, linux-kernel, devicetree
Cc: catalin.marinas, will, mpe, benh, paulus, robh+dt, frowand.list,
zohar, dmitry.kasatkin, jmorris, serge, pasha.tatashin, allison,
kstewart, takahiro.akashi, tglx, vincenzo.frascino, mark.rutland,
masahiroy, james.morse, bhsharma, mbrugger, hsinyi, tao.li,
christophe.leroy, gregkh, nramas, prsriva, tusharsu, balajib,
bauerman, robh
Store the phyical address and size of the IMA measurement logs that get picked up
by the setup_dtb during kexec.
Signed-off-by: Prakhar Srivastava <prsriva@linux.microsoft.com>
---
arch/arm64/include/asm/ima.h | 17 +++++++++++++++++
arch/arm64/include/asm/kexec.h | 3 +++
arch/arm64/kernel/machine_kexec_file.c | 17 +++++++++++++++++
3 files changed, 37 insertions(+)
create mode 100644 arch/arm64/include/asm/ima.h
diff --git a/arch/arm64/include/asm/ima.h b/arch/arm64/include/asm/ima.h
new file mode 100644
index 000000000000..70ac39b74607
--- /dev/null
+++ b/arch/arm64/include/asm/ima.h
@@ -0,0 +1,17 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _ASM_ARCH_IMA_H
+#define _ASM_ARCH_IMA_H
+
+struct kimage;
+
+#ifdef CONFIG_IMA_KEXEC
+int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
+ size_t size);
+#else
+static inline int arch_ima_add_kexec_buffer(struct kimage *image,
+ unsigned long load_addr, size_t size)
+{
+ return 0;
+}
+#endif /* CONFIG_IMA_KEXEC */
+#endif /* _ASM_ARCH_IMA_H */
diff --git a/arch/arm64/include/asm/kexec.h b/arch/arm64/include/asm/kexec.h
index d24b527e8c00..7bd60c185ad3 100644
--- a/arch/arm64/include/asm/kexec.h
+++ b/arch/arm64/include/asm/kexec.h
@@ -100,6 +100,9 @@ struct kimage_arch {
void *elf_headers;
unsigned long elf_headers_mem;
unsigned long elf_headers_sz;
+
+ phys_addr_t ima_buffer_addr;
+ size_t ima_buffer_size;
};
extern const struct kexec_file_ops kexec_image_ops;
diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c
index 361a1143e09e..4c54723e7a04 100644
--- a/arch/arm64/kernel/machine_kexec_file.c
+++ b/arch/arm64/kernel/machine_kexec_file.c
@@ -38,6 +38,23 @@ const struct kexec_file_ops * const kexec_file_loaders[] = {
NULL
};
+/**
+ * arch_ima_add_kexec_buffer - do arch-specific steps to add the IMA buffer
+ *
+ * Architectures should use this function to pass on the IMA buffer
+ * information to the next kernel.
+ *
+ * Return: 0 on success, negative errno on error.
+ */
+int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
+ size_t size)
+{
+ image->arch.ima_buffer_addr = load_addr;
+ image->arch.ima_buffer_size = size;
+ return 0;
+}
+
+
int arch_kimage_file_post_load_cleanup(struct kimage *image)
{
vfree(image->arch.dtb);
--
2.25.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH V3 5/6] Update the Kconfig to support carrying forward the IMA Measurement log and and update the setup_dtb call to add the linux,ima-kexec-buffer property to the DTB.
2020-07-20 15:23 [PATCH V3 0/6] Add support to carry forward the IMA measurement logs Prakhar Srivastava
` (3 preceding siblings ...)
2020-07-20 15:23 ` [PATCH V3 4/6] Add support in arm64 to store the memory information of the IMA measurement log in the kimage used for kexec Prakhar Srivastava
@ 2020-07-20 15:23 ` Prakhar Srivastava
2020-07-20 15:32 ` Greg KH
2020-07-20 15:23 ` [PATCH V3 6/6] Add the property used for carrying forward the IMA measurement logs and update the code to use the defined property string Prakhar Srivastava
5 siblings, 1 reply; 10+ messages in thread
From: Prakhar Srivastava @ 2020-07-20 15:23 UTC (permalink / raw)
To: linux-integrity, linux-kernel, devicetree
Cc: catalin.marinas, will, mpe, benh, paulus, robh+dt, frowand.list,
zohar, dmitry.kasatkin, jmorris, serge, pasha.tatashin, allison,
kstewart, takahiro.akashi, tglx, vincenzo.frascino, mark.rutland,
masahiroy, james.morse, bhsharma, mbrugger, hsinyi, tao.li,
christophe.leroy, gregkh, nramas, prsriva, tusharsu, balajib,
bauerman, robh
Signed-off-by: Prakhar Srivastava <prsriva@linux.microsoft.com>
---
arch/arm64/Kconfig | 1 +
arch/arm64/kernel/machine_kexec_file.c | 11 +++++++++++
2 files changed, 12 insertions(+)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 66dc41fd49f2..ece34b8ca648 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1077,6 +1077,7 @@ config KEXEC
config KEXEC_FILE
bool "kexec file based system call"
select KEXEC_CORE
+ select HAVE_IMA_KEXEC
help
This is new version of kexec system call. This system call is
file based and takes file descriptors as system call argument
diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c
index 4c54723e7a04..066670c43626 100644
--- a/arch/arm64/kernel/machine_kexec_file.c
+++ b/arch/arm64/kernel/machine_kexec_file.c
@@ -153,6 +153,17 @@ static int setup_dtb(struct kimage *image,
FDT_PROP_KASLR_SEED);
}
+ /* add ima-kexec-buffer */
+ if (image->arch.ima_buffer_size > 0) {
+
+ ret = fdt_appendprop_addrrange(dtb, 0, off,
+ "linux,ima-kexec-buffer",
+ image->arch.ima_buffer_addr,
+ image->arch.ima_buffer_size);
+ if (ret)
+ return (ret == -FDT_ERR_NOSPACE ? -ENOMEM : -EINVAL);
+ }
+
/* add rng-seed */
if (rng_is_initialized()) {
void *rng_seed;
--
2.25.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH V3 5/6] Update the Kconfig to support carrying forward the IMA Measurement log and and update the setup_dtb call to add the linux,ima-kexec-buffer property to the DTB.
2020-07-20 15:23 ` [PATCH V3 5/6] Update the Kconfig to support carrying forward the IMA Measurement log and and update the setup_dtb call to add the linux,ima-kexec-buffer property to the DTB Prakhar Srivastava
@ 2020-07-20 15:32 ` Greg KH
0 siblings, 0 replies; 10+ messages in thread
From: Greg KH @ 2020-07-20 15:32 UTC (permalink / raw)
To: Prakhar Srivastava
Cc: linux-integrity, linux-kernel, devicetree, catalin.marinas, will,
mpe, benh, paulus, robh+dt, frowand.list, zohar, dmitry.kasatkin,
jmorris, serge, pasha.tatashin, allison, kstewart,
takahiro.akashi, tglx, vincenzo.frascino, mark.rutland,
masahiroy, james.morse, bhsharma, mbrugger, hsinyi, tao.li,
christophe.leroy, nramas, tusharsu, balajib, bauerman, robh
On Mon, Jul 20, 2020 at 08:23:41AM -0700, Prakhar Srivastava wrote:
> Signed-off-by: Prakhar Srivastava <prsriva@linux.microsoft.com>
Your subject line is whack.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH V3 6/6] Add the property used for carrying forward the IMA measurement logs and update the code to use the defined property string.
2020-07-20 15:23 [PATCH V3 0/6] Add support to carry forward the IMA measurement logs Prakhar Srivastava
` (4 preceding siblings ...)
2020-07-20 15:23 ` [PATCH V3 5/6] Update the Kconfig to support carrying forward the IMA Measurement log and and update the setup_dtb call to add the linux,ima-kexec-buffer property to the DTB Prakhar Srivastava
@ 2020-07-20 15:23 ` Prakhar Srivastava
2020-07-20 15:34 ` Greg KH
5 siblings, 1 reply; 10+ messages in thread
From: Prakhar Srivastava @ 2020-07-20 15:23 UTC (permalink / raw)
To: linux-integrity, linux-kernel, devicetree
Cc: catalin.marinas, will, mpe, benh, paulus, robh+dt, frowand.list,
zohar, dmitry.kasatkin, jmorris, serge, pasha.tatashin, allison,
kstewart, takahiro.akashi, tglx, vincenzo.frascino, mark.rutland,
masahiroy, james.morse, bhsharma, mbrugger, hsinyi, tao.li,
christophe.leroy, gregkh, nramas, prsriva, tusharsu, balajib,
bauerman, robh
Signed-off-by: Prakhar Srivastava <prsriva@linux.microsoft.com>
---
arch/arm64/kernel/machine_kexec_file.c | 19 ++++++++++---------
arch/powerpc/kexec/ima.c | 8 +++++---
2 files changed, 15 insertions(+), 12 deletions(-)
diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c
index 066670c43626..59058901e641 100644
--- a/arch/arm64/kernel/machine_kexec_file.c
+++ b/arch/arm64/kernel/machine_kexec_file.c
@@ -24,14 +24,15 @@
#include <asm/byteorder.h>
/* relevant device tree properties */
-#define FDT_PROP_KEXEC_ELFHDR "linux,elfcorehdr"
-#define FDT_PROP_MEM_RANGE "linux,usable-memory-range"
-#define FDT_PROP_INITRD_START "linux,initrd-start"
-#define FDT_PROP_INITRD_END "linux,initrd-end"
-#define FDT_PROP_BOOTARGS "bootargs"
-#define FDT_PROP_KASLR_SEED "kaslr-seed"
-#define FDT_PROP_RNG_SEED "rng-seed"
-#define RNG_SEED_SIZE 128
+#define FDT_PROP_KEXEC_ELFHDR "linux,elfcorehdr"
+#define FDT_PROP_MEM_RANGE "linux,usable-memory-range"
+#define FDT_PROP_INITRD_START "linux,initrd-start"
+#define FDT_PROP_INITRD_END "linux,initrd-end"
+#define FDT_PROP_BOOTARGS "bootargs"
+#define FDT_PROP_KASLR_SEED "kaslr-seed"
+#define FDT_PROP_RNG_SEED "rng-seed"
+#define FDT_PROP_IMA_KEXEC_BUFFER "linux,ima-kexec-buffer"
+#define RNG_SEED_SIZE 128
const struct kexec_file_ops * const kexec_file_loaders[] = {
&kexec_image_ops,
@@ -157,7 +158,7 @@ static int setup_dtb(struct kimage *image,
if (image->arch.ima_buffer_size > 0) {
ret = fdt_appendprop_addrrange(dtb, 0, off,
- "linux,ima-kexec-buffer",
+ FDT_PROP_IMA_KEXEC_BUFFER,
image->arch.ima_buffer_addr,
image->arch.ima_buffer_size);
if (ret)
diff --git a/arch/powerpc/kexec/ima.c b/arch/powerpc/kexec/ima.c
index a9e4e9f04273..7d6c43b2eacb 100644
--- a/arch/powerpc/kexec/ima.c
+++ b/arch/powerpc/kexec/ima.c
@@ -12,6 +12,8 @@
#include <linux/memblock.h>
#include <linux/libfdt.h>
+#define FDT_PROP_IMA_KEXEC_BUFFER "linux,ima-kexec-buffer"
+
/**
* remove_ima_buffer - remove the IMA buffer property and reservation from @fdt
*
@@ -25,7 +27,7 @@ void remove_ima_buffer(void *fdt, int chosen_node)
size_t size;
const void *prop;
- prop = fdt_getprop(fdt, chosen_node, "linux,ima-kexec-buffer", &len);
+ prop = fdt_getprop(fdt, chosen_node, FDT_PROP_IMA_KEXEC_BUFFER, &len);
if (!prop)
return;
@@ -45,7 +47,7 @@ void remove_ima_buffer(void *fdt, int chosen_node)
addr = of_read_number(prop, addr_cells);
size = of_read_number(prop + 4 * addr_cells, size_cells);
- fdt_delprop(fdt, chosen_node, "linux,ima-kexec-buffer");
+ fdt_delprop(fdt, chosen_node, FDT_PROP_IMA_KEXEC_BUFFER);
if (ret)
return;
@@ -134,7 +136,7 @@ int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
if (ret)
return ret;
- ret = fdt_setprop(fdt, chosen_node, "linux,ima-kexec-buffer", value,
+ ret = fdt_setprop(fdt, chosen_node, FDT_PROP_IMA_KEXEC_BUFFER, value,
entry_size);
if (ret < 0)
return -EINVAL;
--
2.25.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH V3 6/6] Add the property used for carrying forward the IMA measurement logs and update the code to use the defined property string.
2020-07-20 15:23 ` [PATCH V3 6/6] Add the property used for carrying forward the IMA measurement logs and update the code to use the defined property string Prakhar Srivastava
@ 2020-07-20 15:34 ` Greg KH
0 siblings, 0 replies; 10+ messages in thread
From: Greg KH @ 2020-07-20 15:34 UTC (permalink / raw)
To: Prakhar Srivastava
Cc: linux-integrity, linux-kernel, devicetree, catalin.marinas, will,
mpe, benh, paulus, robh+dt, frowand.list, zohar, dmitry.kasatkin,
jmorris, serge, pasha.tatashin, allison, kstewart,
takahiro.akashi, tglx, vincenzo.frascino, mark.rutland,
masahiroy, james.morse, bhsharma, mbrugger, hsinyi, tao.li,
christophe.leroy, nramas, tusharsu, balajib, bauerman, robh
On Mon, Jul 20, 2020 at 08:23:42AM -0700, Prakhar Srivastava wrote:
> Signed-off-by: Prakhar Srivastava <prsriva@linux.microsoft.com>
Again, subject line, no changelog :(
> ---
> arch/arm64/kernel/machine_kexec_file.c | 19 ++++++++++---------
> arch/powerpc/kexec/ima.c | 8 +++++---
> 2 files changed, 15 insertions(+), 12 deletions(-)
>
> diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c
> index 066670c43626..59058901e641 100644
> --- a/arch/arm64/kernel/machine_kexec_file.c
> +++ b/arch/arm64/kernel/machine_kexec_file.c
> @@ -24,14 +24,15 @@
> #include <asm/byteorder.h>
>
> /* relevant device tree properties */
> -#define FDT_PROP_KEXEC_ELFHDR "linux,elfcorehdr"
> -#define FDT_PROP_MEM_RANGE "linux,usable-memory-range"
> -#define FDT_PROP_INITRD_START "linux,initrd-start"
> -#define FDT_PROP_INITRD_END "linux,initrd-end"
> -#define FDT_PROP_BOOTARGS "bootargs"
> -#define FDT_PROP_KASLR_SEED "kaslr-seed"
> -#define FDT_PROP_RNG_SEED "rng-seed"
> -#define RNG_SEED_SIZE 128
> +#define FDT_PROP_KEXEC_ELFHDR "linux,elfcorehdr"
> +#define FDT_PROP_MEM_RANGE "linux,usable-memory-range"
> +#define FDT_PROP_INITRD_START "linux,initrd-start"
> +#define FDT_PROP_INITRD_END "linux,initrd-end"
> +#define FDT_PROP_BOOTARGS "bootargs"
> +#define FDT_PROP_KASLR_SEED "kaslr-seed"
> +#define FDT_PROP_RNG_SEED "rng-seed"
> +#define FDT_PROP_IMA_KEXEC_BUFFER "linux,ima-kexec-buffer"
> +#define RNG_SEED_SIZE 128
Why did you reformat all of these?
>
> const struct kexec_file_ops * const kexec_file_loaders[] = {
> &kexec_image_ops,
> @@ -157,7 +158,7 @@ static int setup_dtb(struct kimage *image,
> if (image->arch.ima_buffer_size > 0) {
>
> ret = fdt_appendprop_addrrange(dtb, 0, off,
> - "linux,ima-kexec-buffer",
> + FDT_PROP_IMA_KEXEC_BUFFER,
> image->arch.ima_buffer_addr,
> image->arch.ima_buffer_size);
> if (ret)
> diff --git a/arch/powerpc/kexec/ima.c b/arch/powerpc/kexec/ima.c
> index a9e4e9f04273..7d6c43b2eacb 100644
> --- a/arch/powerpc/kexec/ima.c
> +++ b/arch/powerpc/kexec/ima.c
> @@ -12,6 +12,8 @@
> #include <linux/memblock.h>
> #include <linux/libfdt.h>
>
> +#define FDT_PROP_IMA_KEXEC_BUFFER "linux,ima-kexec-buffer"
> +
Why are you mixing arm64 and powerpc patches together that do not do the
same thing???
Shouldn't there be a common place for these strings and not spread out
all over the kernel in random places?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 10+ messages in thread