* [PATCH v2 1/2] ima: Free IMA measurement buffer on error
@ 2021-02-04 17:49 Lakshmi Ramasubramanian
2021-02-04 17:49 ` [PATCH v2 2/2] ima: Free IMA measurement buffer after kexec syscall Lakshmi Ramasubramanian
2021-02-05 10:05 ` [PATCH v2 1/2] ima: Free IMA measurement buffer on error Greg KH
0 siblings, 2 replies; 8+ messages in thread
From: Lakshmi Ramasubramanian @ 2021-02-04 17:49 UTC (permalink / raw)
To: zohar, bauerman, dmitry.kasatkin, ebiederm, gregkh, sashal, tyhicks
Cc: linux-integrity, linuxppc-dev, linux-kernel
IMA allocates kernel virtual memory to carry forward the measurement
list, from the current kernel to the next kernel on kexec system call,
in ima_add_kexec_buffer() function. In error code paths this memory
is not freed resulting in memory leak.
Free the memory allocated for the IMA measurement list in
the error code paths in ima_add_kexec_buffer() function.
Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Suggested-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Fixes: 7b8589cc29e7 ("ima: on soft reboot, save the measurement list")
---
security/integrity/ima/ima_kexec.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
index 121de3e04af2..206ddcaa5c67 100644
--- a/security/integrity/ima/ima_kexec.c
+++ b/security/integrity/ima/ima_kexec.c
@@ -119,6 +119,7 @@ void ima_add_kexec_buffer(struct kimage *image)
ret = kexec_add_buffer(&kbuf);
if (ret) {
pr_err("Error passing over kexec measurement buffer.\n");
+ vfree(kexec_buffer);
return;
}
--
2.30.0
^ permalink raw reply related [flat|nested] 8+ messages in thread* [PATCH v2 2/2] ima: Free IMA measurement buffer after kexec syscall
2021-02-04 17:49 [PATCH v2 1/2] ima: Free IMA measurement buffer on error Lakshmi Ramasubramanian
@ 2021-02-04 17:49 ` Lakshmi Ramasubramanian
2021-02-05 10:05 ` Greg KH
2021-02-05 10:05 ` [PATCH v2 1/2] ima: Free IMA measurement buffer on error Greg KH
1 sibling, 1 reply; 8+ messages in thread
From: Lakshmi Ramasubramanian @ 2021-02-04 17:49 UTC (permalink / raw)
To: zohar, bauerman, dmitry.kasatkin, ebiederm, gregkh, sashal, tyhicks
Cc: linux-integrity, linuxppc-dev, linux-kernel
IMA allocates kernel virtual memory to carry forward the measurement
list, from the current kernel to the next kernel on kexec system call,
in ima_add_kexec_buffer() function. This buffer is not freed before
completing the kexec system call resulting in memory leak.
Add ima_buffer field in "struct kimage" to store the virtual address
of the buffer allocated for the IMA measurement list.
Free the memory allocated for the IMA measurement list in
kimage_file_post_load_cleanup() function.
Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Suggested-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Reviewed-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Reviewed-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Fixes: 7b8589cc29e7 ("ima: on soft reboot, save the measurement list")
---
include/linux/kexec.h | 5 +++++
kernel/kexec_file.c | 5 +++++
security/integrity/ima/ima_kexec.c | 2 ++
3 files changed, 12 insertions(+)
diff --git a/include/linux/kexec.h b/include/linux/kexec.h
index 9e93bef52968..5f61389f5f36 100644
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@@ -300,6 +300,11 @@ struct kimage {
/* Information for loading purgatory */
struct purgatory_info purgatory_info;
#endif
+
+#ifdef CONFIG_IMA_KEXEC
+ /* Virtual address of IMA measurement buffer for kexec syscall */
+ void *ima_buffer;
+#endif
};
/* kexec interface functions */
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index b02086d70492..5c3447cf7ad5 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -166,6 +166,11 @@ void kimage_file_post_load_cleanup(struct kimage *image)
vfree(pi->sechdrs);
pi->sechdrs = NULL;
+#ifdef CONFIG_IMA_KEXEC
+ vfree(image->ima_buffer);
+ image->ima_buffer = NULL;
+#endif /* CONFIG_IMA_KEXEC */
+
/* See if architecture has anything to cleanup post load */
arch_kimage_file_post_load_cleanup(image);
diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
index 206ddcaa5c67..e29bea3dd4cc 100644
--- a/security/integrity/ima/ima_kexec.c
+++ b/security/integrity/ima/ima_kexec.c
@@ -129,6 +129,8 @@ void ima_add_kexec_buffer(struct kimage *image)
return;
}
+ image->ima_buffer = kexec_buffer;
+
pr_debug("kexec measurement buffer for the loaded kernel at 0x%lx.\n",
kbuf.mem);
}
--
2.30.0
^ permalink raw reply related [flat|nested] 8+ messages in thread* Re: [PATCH v2 2/2] ima: Free IMA measurement buffer after kexec syscall
2021-02-04 17:49 ` [PATCH v2 2/2] ima: Free IMA measurement buffer after kexec syscall Lakshmi Ramasubramanian
@ 2021-02-05 10:05 ` Greg KH
0 siblings, 0 replies; 8+ messages in thread
From: Greg KH @ 2021-02-05 10:05 UTC (permalink / raw)
To: Lakshmi Ramasubramanian
Cc: zohar, bauerman, dmitry.kasatkin, ebiederm, sashal, tyhicks,
linux-integrity, linuxppc-dev, linux-kernel
On Thu, Feb 04, 2021 at 09:49:51AM -0800, Lakshmi Ramasubramanian wrote:
> IMA allocates kernel virtual memory to carry forward the measurement
> list, from the current kernel to the next kernel on kexec system call,
> in ima_add_kexec_buffer() function. This buffer is not freed before
> completing the kexec system call resulting in memory leak.
>
> Add ima_buffer field in "struct kimage" to store the virtual address
> of the buffer allocated for the IMA measurement list.
> Free the memory allocated for the IMA measurement list in
> kimage_file_post_load_cleanup() function.
>
> Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
> Suggested-by: Tyler Hicks <tyhicks@linux.microsoft.com>
> Reviewed-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
> Reviewed-by: Tyler Hicks <tyhicks@linux.microsoft.com>
> Fixes: 7b8589cc29e7 ("ima: on soft reboot, save the measurement list")
> ---
> include/linux/kexec.h | 5 +++++
> kernel/kexec_file.c | 5 +++++
> security/integrity/ima/ima_kexec.c | 2 ++
> 3 files changed, 12 insertions(+)
<formletter>
This is not the correct way to submit patches for inclusion in the
stable kernel tree. Please read:
https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
for how to do this properly.
</formletter>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2 1/2] ima: Free IMA measurement buffer on error
2021-02-04 17:49 [PATCH v2 1/2] ima: Free IMA measurement buffer on error Lakshmi Ramasubramanian
2021-02-04 17:49 ` [PATCH v2 2/2] ima: Free IMA measurement buffer after kexec syscall Lakshmi Ramasubramanian
@ 2021-02-05 10:05 ` Greg KH
2021-02-05 17:39 ` Lakshmi Ramasubramanian
1 sibling, 1 reply; 8+ messages in thread
From: Greg KH @ 2021-02-05 10:05 UTC (permalink / raw)
To: Lakshmi Ramasubramanian
Cc: zohar, bauerman, dmitry.kasatkin, ebiederm, sashal, tyhicks,
linux-integrity, linuxppc-dev, linux-kernel
On Thu, Feb 04, 2021 at 09:49:50AM -0800, Lakshmi Ramasubramanian wrote:
> IMA allocates kernel virtual memory to carry forward the measurement
> list, from the current kernel to the next kernel on kexec system call,
> in ima_add_kexec_buffer() function. In error code paths this memory
> is not freed resulting in memory leak.
>
> Free the memory allocated for the IMA measurement list in
> the error code paths in ima_add_kexec_buffer() function.
>
> Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
> Suggested-by: Tyler Hicks <tyhicks@linux.microsoft.com>
> Fixes: 7b8589cc29e7 ("ima: on soft reboot, save the measurement list")
> ---
> security/integrity/ima/ima_kexec.c | 1 +
> 1 file changed, 1 insertion(+)
<formletter>
This is not the correct way to submit patches for inclusion in the
stable kernel tree. Please read:
https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
for how to do this properly.
</formletter>
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [PATCH v2 1/2] ima: Free IMA measurement buffer on error
2021-02-05 10:05 ` [PATCH v2 1/2] ima: Free IMA measurement buffer on error Greg KH
@ 2021-02-05 17:39 ` Lakshmi Ramasubramanian
2021-02-05 17:49 ` Mimi Zohar
0 siblings, 1 reply; 8+ messages in thread
From: Lakshmi Ramasubramanian @ 2021-02-05 17:39 UTC (permalink / raw)
To: Greg KH
Cc: zohar, bauerman, dmitry.kasatkin, ebiederm, sashal, tyhicks,
linux-integrity, linuxppc-dev, linux-kernel
On 2/5/21 2:05 AM, Greg KH wrote:
> On Thu, Feb 04, 2021 at 09:49:50AM -0800, Lakshmi Ramasubramanian wrote:
>> IMA allocates kernel virtual memory to carry forward the measurement
>> list, from the current kernel to the next kernel on kexec system call,
>> in ima_add_kexec_buffer() function. In error code paths this memory
>> is not freed resulting in memory leak.
>>
>> Free the memory allocated for the IMA measurement list in
>> the error code paths in ima_add_kexec_buffer() function.
>>
>> Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
>> Suggested-by: Tyler Hicks <tyhicks@linux.microsoft.com>
>> Fixes: 7b8589cc29e7 ("ima: on soft reboot, save the measurement list")
>> ---
>> security/integrity/ima/ima_kexec.c | 1 +
>> 1 file changed, 1 insertion(+)
>
> <formletter>
>
> This is not the correct way to submit patches for inclusion in the
> stable kernel tree. Please read:
> https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
> for how to do this properly.
>
> </formletter>
>
Thanks for the info Greg.
I will re-submit the two patches in the proper format.
-lakshmi
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [PATCH v2 1/2] ima: Free IMA measurement buffer on error
2021-02-05 17:39 ` Lakshmi Ramasubramanian
@ 2021-02-05 17:49 ` Mimi Zohar
2021-02-05 17:59 ` Lakshmi Ramasubramanian
0 siblings, 1 reply; 8+ messages in thread
From: Mimi Zohar @ 2021-02-05 17:49 UTC (permalink / raw)
To: Lakshmi Ramasubramanian, Greg KH
Cc: bauerman, dmitry.kasatkin, ebiederm, sashal, tyhicks,
linux-integrity, linuxppc-dev, linux-kernel
On Fri, 2021-02-05 at 09:39 -0800, Lakshmi Ramasubramanian wrote:
> On 2/5/21 2:05 AM, Greg KH wrote:
> > On Thu, Feb 04, 2021 at 09:49:50AM -0800, Lakshmi Ramasubramanian wrote:
> >> IMA allocates kernel virtual memory to carry forward the measurement
> >> list, from the current kernel to the next kernel on kexec system call,
> >> in ima_add_kexec_buffer() function. In error code paths this memory
> >> is not freed resulting in memory leak.
> >>
> >> Free the memory allocated for the IMA measurement list in
> >> the error code paths in ima_add_kexec_buffer() function.
> >>
> >> Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
> >> Suggested-by: Tyler Hicks <tyhicks@linux.microsoft.com>
> >> Fixes: 7b8589cc29e7 ("ima: on soft reboot, save the measurement list")
> >> ---
> >> security/integrity/ima/ima_kexec.c | 1 +
> >> 1 file changed, 1 insertion(+)
> >
> > <formletter>
> >
> > This is not the correct way to submit patches for inclusion in the
> > stable kernel tree. Please read:
> > https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
> > for how to do this properly.
> >
> > </formletter>
> >
>
> Thanks for the info Greg.
>
> I will re-submit the two patches in the proper format.
No need. I'm testing these patches now. I'm not exactly sure what the
problem is. Stable wasn't Cc'ed. Is it that you sent the patch
directly to Greg or added "Fixes"?
thanks,
Mimi
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [PATCH v2 1/2] ima: Free IMA measurement buffer on error
2021-02-05 17:49 ` Mimi Zohar
@ 2021-02-05 17:59 ` Lakshmi Ramasubramanian
2021-02-23 23:33 ` Petr Vorel
0 siblings, 1 reply; 8+ messages in thread
From: Lakshmi Ramasubramanian @ 2021-02-05 17:59 UTC (permalink / raw)
To: Mimi Zohar, Greg KH
Cc: bauerman, dmitry.kasatkin, ebiederm, sashal, tyhicks,
linux-integrity, linuxppc-dev, linux-kernel
On 2/5/21 9:49 AM, Mimi Zohar wrote:
Hi Mimi,
> On Fri, 2021-02-05 at 09:39 -0800, Lakshmi Ramasubramanian wrote:
>> On 2/5/21 2:05 AM, Greg KH wrote:
>>> On Thu, Feb 04, 2021 at 09:49:50AM -0800, Lakshmi Ramasubramanian wrote:
>>>> IMA allocates kernel virtual memory to carry forward the measurement
>>>> list, from the current kernel to the next kernel on kexec system call,
>>>> in ima_add_kexec_buffer() function. In error code paths this memory
>>>> is not freed resulting in memory leak.
>>>>
>>>> Free the memory allocated for the IMA measurement list in
>>>> the error code paths in ima_add_kexec_buffer() function.
>>>>
>>>> Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
>>>> Suggested-by: Tyler Hicks <tyhicks@linux.microsoft.com>
>>>> Fixes: 7b8589cc29e7 ("ima: on soft reboot, save the measurement list")
>>>> ---
>>>> security/integrity/ima/ima_kexec.c | 1 +
>>>> 1 file changed, 1 insertion(+)
>>>
>>> <formletter>
>>>
>>> This is not the correct way to submit patches for inclusion in the
>>> stable kernel tree. Please read:
>>> https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
>>> for how to do this properly.
>>>
>>> </formletter>
>>>
>>
>> Thanks for the info Greg.
>>
>> I will re-submit the two patches in the proper format.
>
> No need. I'm testing these patches now. I'm not exactly sure what the
> problem is. Stable wasn't Cc'ed. Is it that you sent the patch
> directly to Greg or added "Fixes"?
>
I had not Cced stable, but had "Fixes" tag in the patch.
Fixes: 7b8589cc29e7 ("ima: on soft reboot, save the measurement list")
The problem is that the buffer allocated for forwarding the IMA
measurement list is not freed - at the end of the kexec call and also in
an error path. Please see the patch description for
[PATCH v2 2/2] ima: Free IMA measurement buffer after kexec syscall
IMA allocates kernel virtual memory to carry forward the measurement
list, from the current kernel to the next kernel on kexec system call,
in ima_add_kexec_buffer() function. This buffer is not freed before
completing the kexec system call resulting in memory leak.
thanks,
-lakshmi
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [PATCH v2 1/2] ima: Free IMA measurement buffer on error
2021-02-05 17:59 ` Lakshmi Ramasubramanian
@ 2021-02-23 23:33 ` Petr Vorel
0 siblings, 0 replies; 8+ messages in thread
From: Petr Vorel @ 2021-02-23 23:33 UTC (permalink / raw)
To: Lakshmi Ramasubramanian
Cc: Mimi Zohar, Greg KH, bauerman, dmitry.kasatkin, ebiederm, sashal,
tyhicks, linux-integrity, linuxppc-dev, linux-kernel
Hi all,
<snip>
> > > > <formletter>
> > > > This is not the correct way to submit patches for inclusion in the
> > > > stable kernel tree. Please read:
> > > > https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
> > > > for how to do this properly.
> > > > </formletter>
> > > Thanks for the info Greg.
> > > I will re-submit the two patches in the proper format.
> > No need. I'm testing these patches now. I'm not exactly sure what the
> > problem is. Stable wasn't Cc'ed. Is it that you sent the patch
> > directly to Greg or added "Fixes"?
> I had not Cced stable, but had "Fixes" tag in the patch.
> Fixes: 7b8589cc29e7 ("ima: on soft reboot, save the measurement list")
> The problem is that the buffer allocated for forwarding the IMA measurement
> list is not freed - at the end of the kexec call and also in an error path.
> Please see the patch description for
> [PATCH v2 2/2] ima: Free IMA measurement buffer after kexec syscall
> IMA allocates kernel virtual memory to carry forward the measurement
> list, from the current kernel to the next kernel on kexec system call,
> in ima_add_kexec_buffer() function. This buffer is not freed before
> completing the kexec system call resulting in memory leak.
> thanks,
> -lakshmi
Mimi, Lakshmi, it looks like these two fixes haven't been submitted to stable kernels.
Could you please submit them?
Thanks a lot!
Kind regards,
Petr
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-02-23 23:38 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-04 17:49 [PATCH v2 1/2] ima: Free IMA measurement buffer on error Lakshmi Ramasubramanian
2021-02-04 17:49 ` [PATCH v2 2/2] ima: Free IMA measurement buffer after kexec syscall Lakshmi Ramasubramanian
2021-02-05 10:05 ` Greg KH
2021-02-05 10:05 ` [PATCH v2 1/2] ima: Free IMA measurement buffer on error Greg KH
2021-02-05 17:39 ` Lakshmi Ramasubramanian
2021-02-05 17:49 ` Mimi Zohar
2021-02-05 17:59 ` Lakshmi Ramasubramanian
2021-02-23 23:33 ` Petr Vorel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).