From: Tushar Sugandhi <tusharsu@linux.microsoft.com>
To: zohar@linux.ibm.com, roberto.sassu@huaweicloud.com,
roberto.sassu@huawei.com, eric.snowberg@oracle.com,
stefanb@linux.ibm.com, ebiederm@xmission.com, noodles@fb.com,
bauermann@kolabnow.com, linux-integrity@vger.kernel.org,
kexec@lists.infradead.org
Cc: code@tyhicks.com, nramas@linux.microsoft.com, paul@paul-moore.com
Subject: [PATCH v3 4/7] kexec: update kexec_file_load syscall to alloc ima buffer after load
Date: Fri, 15 Dec 2023 17:07:26 -0800 [thread overview]
Message-ID: <20231216010729.2904751-5-tusharsu@linux.microsoft.com> (raw)
In-Reply-To: <20231216010729.2904751-1-tusharsu@linux.microsoft.com>
Implement function kimage_file_post_load() to call ima_kexec_post_load()
This ensures the IMA buffer allocated at kexec 'load' is mapped to a
segment in the next loaded Kernel image.
Modify the kexec_file_load() syscall to call kimage_file_post_load() after
the image has been loaded and prepared for kexec. Call the function
kimage_file_post_load() only for kexec soft reboot scenarios and not
for KEXEC_FILE_ON_CRASH scenarios.
Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
---
kernel/kexec_file.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index bf758fd5062c..ee38799ff1a3 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -184,6 +184,11 @@ kimage_validate_signature(struct kimage *image)
}
#endif
+void kimage_file_post_load(struct kimage *image)
+{
+ ima_kexec_post_load(image);
+}
+
/*
* In file mode list of segments is prepared by kernel. Copy relevant
* data from user space, do error checking, prepare segment list
@@ -399,6 +404,9 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
kimage_terminate(image);
+ if (!(flags & KEXEC_FILE_ON_CRASH))
+ kimage_file_post_load(image);
+
ret = machine_kexec_post_load(image);
if (ret)
goto out;
--
2.25.1
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
WARNING: multiple messages have this Message-ID (diff)
From: Tushar Sugandhi <tusharsu@linux.microsoft.com>
To: zohar@linux.ibm.com, roberto.sassu@huaweicloud.com,
roberto.sassu@huawei.com, eric.snowberg@oracle.com,
stefanb@linux.ibm.com, ebiederm@xmission.com, noodles@fb.com,
bauermann@kolabnow.com, linux-integrity@vger.kernel.org,
kexec@lists.infradead.org
Cc: code@tyhicks.com, nramas@linux.microsoft.com, paul@paul-moore.com
Subject: [PATCH v3 4/7] kexec: update kexec_file_load syscall to alloc ima buffer after load
Date: Fri, 15 Dec 2023 17:07:26 -0800 [thread overview]
Message-ID: <20231216010729.2904751-5-tusharsu@linux.microsoft.com> (raw)
In-Reply-To: <20231216010729.2904751-1-tusharsu@linux.microsoft.com>
Implement function kimage_file_post_load() to call ima_kexec_post_load()
This ensures the IMA buffer allocated at kexec 'load' is mapped to a
segment in the next loaded Kernel image.
Modify the kexec_file_load() syscall to call kimage_file_post_load() after
the image has been loaded and prepared for kexec. Call the function
kimage_file_post_load() only for kexec soft reboot scenarios and not
for KEXEC_FILE_ON_CRASH scenarios.
Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
---
kernel/kexec_file.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index bf758fd5062c..ee38799ff1a3 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -184,6 +184,11 @@ kimage_validate_signature(struct kimage *image)
}
#endif
+void kimage_file_post_load(struct kimage *image)
+{
+ ima_kexec_post_load(image);
+}
+
/*
* In file mode list of segments is prepared by kernel. Copy relevant
* data from user space, do error checking, prepare segment list
@@ -399,6 +404,9 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
kimage_terminate(image);
+ if (!(flags & KEXEC_FILE_ON_CRASH))
+ kimage_file_post_load(image);
+
ret = machine_kexec_post_load(image);
if (ret)
goto out;
--
2.25.1
next prev parent reply other threads:[~2023-12-16 1:07 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-16 1:07 [PATCH v3 0/7] ima: kexec: measure events between kexec load and execute Tushar Sugandhi
2023-12-16 1:07 ` Tushar Sugandhi
2023-12-16 1:07 ` [PATCH v3 1/7] ima: define and call ima_alloc_kexec_file_buf Tushar Sugandhi
2023-12-16 1:07 ` Tushar Sugandhi
2023-12-20 16:13 ` Mimi Zohar
2023-12-20 16:13 ` Mimi Zohar
2024-01-05 19:47 ` Tushar Sugandhi
2024-01-05 19:47 ` Tushar Sugandhi
2023-12-16 1:07 ` [PATCH v3 2/7] ima: kexec: move ima log copy from kexec load to execute Tushar Sugandhi
2023-12-16 1:07 ` Tushar Sugandhi
2023-12-20 19:02 ` Mimi Zohar
2023-12-20 19:02 ` Mimi Zohar
2024-01-11 23:29 ` Tushar Sugandhi
2024-01-11 23:29 ` Tushar Sugandhi
2024-01-12 17:06 ` Mimi Zohar
2024-01-12 17:06 ` Mimi Zohar
2024-01-12 17:26 ` Tushar Sugandhi
2024-01-12 17:26 ` Tushar Sugandhi
2023-12-16 1:07 ` [PATCH v3 3/7] ima: kexec: map IMA buffer source pages to image after kexec load Tushar Sugandhi
2023-12-16 1:07 ` Tushar Sugandhi
2023-12-16 1:07 ` Tushar Sugandhi [this message]
2023-12-16 1:07 ` [PATCH v3 4/7] kexec: update kexec_file_load syscall to alloc ima buffer after load Tushar Sugandhi
2023-12-16 1:07 ` [PATCH v3 5/7] ima: suspend measurements during buffer copy at kexec execute Tushar Sugandhi
2023-12-16 1:07 ` Tushar Sugandhi
2023-12-20 20:44 ` Mimi Zohar
2023-12-20 20:44 ` Mimi Zohar
2024-01-05 19:50 ` Tushar Sugandhi
2024-01-05 19:50 ` Tushar Sugandhi
2024-01-11 17:30 ` Mimi Zohar
2024-01-11 17:30 ` Mimi Zohar
2024-01-11 18:17 ` Tushar Sugandhi
2024-01-11 18:17 ` Tushar Sugandhi
2023-12-16 1:07 ` [PATCH v3 6/7] ima: configure memory to log events between kexec load and execute Tushar Sugandhi
2023-12-16 1:07 ` Tushar Sugandhi
2023-12-20 20:15 ` Mimi Zohar
2023-12-20 20:15 ` Mimi Zohar
2024-01-05 20:20 ` Tushar Sugandhi
2024-01-05 20:20 ` Tushar Sugandhi
2024-01-07 17:00 ` Mimi Zohar
2024-01-07 17:00 ` Mimi Zohar
2024-01-11 18:13 ` Tushar Sugandhi
2024-01-11 18:13 ` Tushar Sugandhi
2024-01-11 19:20 ` Stefan Berger
2024-01-11 19:20 ` Stefan Berger
2024-01-11 20:52 ` Tushar Sugandhi
2024-01-11 20:52 ` Tushar Sugandhi
2024-01-12 17:44 ` Mimi Zohar
2024-01-12 17:44 ` Mimi Zohar
2024-01-12 18:23 ` Tushar Sugandhi
2024-01-12 18:23 ` Tushar Sugandhi
2023-12-16 1:07 ` [PATCH v3 7/7] ima: measure kexec load and exec events as critical data Tushar Sugandhi
2023-12-16 1:07 ` Tushar Sugandhi
2023-12-20 20:41 ` Mimi Zohar
2023-12-20 20:41 ` Mimi Zohar
2024-01-05 20:22 ` Tushar Sugandhi
2024-01-05 20:22 ` Tushar Sugandhi
2024-01-07 14:24 ` Mimi Zohar
2024-01-07 14:24 ` Mimi Zohar
2024-01-11 17:56 ` Tushar Sugandhi
2024-01-11 17:56 ` Tushar Sugandhi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231216010729.2904751-5-tusharsu@linux.microsoft.com \
--to=tusharsu@linux.microsoft.com \
--cc=bauermann@kolabnow.com \
--cc=code@tyhicks.com \
--cc=ebiederm@xmission.com \
--cc=eric.snowberg@oracle.com \
--cc=kexec@lists.infradead.org \
--cc=linux-integrity@vger.kernel.org \
--cc=noodles@fb.com \
--cc=nramas@linux.microsoft.com \
--cc=paul@paul-moore.com \
--cc=roberto.sassu@huawei.com \
--cc=roberto.sassu@huaweicloud.com \
--cc=stefanb@linux.ibm.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.