From: Tushar Sugandhi <tusharsu@linux.microsoft.com> To: zohar@linux.ibm.com, roberto.sassu@huaweicloud.com, roberto.sassu@huawei.com, eric.snowberg@oracle.com, stefanb@linux.ibm.com, ebiederm@xmission.com, noodles@fb.com, bauermann@kolabnow.com, linux-integrity@vger.kernel.org, kexec@lists.infradead.org Cc: code@tyhicks.com, nramas@linux.microsoft.com, paul@paul-moore.com Subject: [PATCH v3 4/7] kexec: update kexec_file_load syscall to alloc ima buffer after load Date: Fri, 15 Dec 2023 17:07:26 -0800 [thread overview] Message-ID: <20231216010729.2904751-5-tusharsu@linux.microsoft.com> (raw) In-Reply-To: <20231216010729.2904751-1-tusharsu@linux.microsoft.com> Implement function kimage_file_post_load() to call ima_kexec_post_load() This ensures the IMA buffer allocated at kexec 'load' is mapped to a segment in the next loaded Kernel image. Modify the kexec_file_load() syscall to call kimage_file_post_load() after the image has been loaded and prepared for kexec. Call the function kimage_file_post_load() only for kexec soft reboot scenarios and not for KEXEC_FILE_ON_CRASH scenarios. Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com> --- kernel/kexec_file.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index bf758fd5062c..ee38799ff1a3 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -184,6 +184,11 @@ kimage_validate_signature(struct kimage *image) } #endif +void kimage_file_post_load(struct kimage *image) +{ + ima_kexec_post_load(image); +} + /* * In file mode list of segments is prepared by kernel. Copy relevant * data from user space, do error checking, prepare segment list @@ -399,6 +404,9 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd, kimage_terminate(image); + if (!(flags & KEXEC_FILE_ON_CRASH)) + kimage_file_post_load(image); + ret = machine_kexec_post_load(image); if (ret) goto out; -- 2.25.1 _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec
WARNING: multiple messages have this Message-ID (diff)
From: Tushar Sugandhi <tusharsu@linux.microsoft.com> To: zohar@linux.ibm.com, roberto.sassu@huaweicloud.com, roberto.sassu@huawei.com, eric.snowberg@oracle.com, stefanb@linux.ibm.com, ebiederm@xmission.com, noodles@fb.com, bauermann@kolabnow.com, linux-integrity@vger.kernel.org, kexec@lists.infradead.org Cc: code@tyhicks.com, nramas@linux.microsoft.com, paul@paul-moore.com Subject: [PATCH v3 4/7] kexec: update kexec_file_load syscall to alloc ima buffer after load Date: Fri, 15 Dec 2023 17:07:26 -0800 [thread overview] Message-ID: <20231216010729.2904751-5-tusharsu@linux.microsoft.com> (raw) In-Reply-To: <20231216010729.2904751-1-tusharsu@linux.microsoft.com> Implement function kimage_file_post_load() to call ima_kexec_post_load() This ensures the IMA buffer allocated at kexec 'load' is mapped to a segment in the next loaded Kernel image. Modify the kexec_file_load() syscall to call kimage_file_post_load() after the image has been loaded and prepared for kexec. Call the function kimage_file_post_load() only for kexec soft reboot scenarios and not for KEXEC_FILE_ON_CRASH scenarios. Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com> --- kernel/kexec_file.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index bf758fd5062c..ee38799ff1a3 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -184,6 +184,11 @@ kimage_validate_signature(struct kimage *image) } #endif +void kimage_file_post_load(struct kimage *image) +{ + ima_kexec_post_load(image); +} + /* * In file mode list of segments is prepared by kernel. Copy relevant * data from user space, do error checking, prepare segment list @@ -399,6 +404,9 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd, kimage_terminate(image); + if (!(flags & KEXEC_FILE_ON_CRASH)) + kimage_file_post_load(image); + ret = machine_kexec_post_load(image); if (ret) goto out; -- 2.25.1
next prev parent reply other threads:[~2023-12-16 1:07 UTC|newest] Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-12-16 1:07 [PATCH v3 0/7] ima: kexec: measure events between kexec load and execute Tushar Sugandhi 2023-12-16 1:07 ` Tushar Sugandhi 2023-12-16 1:07 ` [PATCH v3 1/7] ima: define and call ima_alloc_kexec_file_buf Tushar Sugandhi 2023-12-16 1:07 ` Tushar Sugandhi 2023-12-20 16:13 ` Mimi Zohar 2023-12-20 16:13 ` Mimi Zohar 2024-01-05 19:47 ` Tushar Sugandhi 2024-01-05 19:47 ` Tushar Sugandhi 2023-12-16 1:07 ` [PATCH v3 2/7] ima: kexec: move ima log copy from kexec load to execute Tushar Sugandhi 2023-12-16 1:07 ` Tushar Sugandhi 2023-12-20 19:02 ` Mimi Zohar 2023-12-20 19:02 ` Mimi Zohar 2024-01-11 23:29 ` Tushar Sugandhi 2024-01-11 23:29 ` Tushar Sugandhi 2024-01-12 17:06 ` Mimi Zohar 2024-01-12 17:06 ` Mimi Zohar 2024-01-12 17:26 ` Tushar Sugandhi 2024-01-12 17:26 ` Tushar Sugandhi 2023-12-16 1:07 ` [PATCH v3 3/7] ima: kexec: map IMA buffer source pages to image after kexec load Tushar Sugandhi 2023-12-16 1:07 ` Tushar Sugandhi 2023-12-16 1:07 ` Tushar Sugandhi [this message] 2023-12-16 1:07 ` [PATCH v3 4/7] kexec: update kexec_file_load syscall to alloc ima buffer after load Tushar Sugandhi 2023-12-16 1:07 ` [PATCH v3 5/7] ima: suspend measurements during buffer copy at kexec execute Tushar Sugandhi 2023-12-16 1:07 ` Tushar Sugandhi 2023-12-20 20:44 ` Mimi Zohar 2023-12-20 20:44 ` Mimi Zohar 2024-01-05 19:50 ` Tushar Sugandhi 2024-01-05 19:50 ` Tushar Sugandhi 2024-01-11 17:30 ` Mimi Zohar 2024-01-11 17:30 ` Mimi Zohar 2024-01-11 18:17 ` Tushar Sugandhi 2024-01-11 18:17 ` Tushar Sugandhi 2023-12-16 1:07 ` [PATCH v3 6/7] ima: configure memory to log events between kexec load and execute Tushar Sugandhi 2023-12-16 1:07 ` Tushar Sugandhi 2023-12-20 20:15 ` Mimi Zohar 2023-12-20 20:15 ` Mimi Zohar 2024-01-05 20:20 ` Tushar Sugandhi 2024-01-05 20:20 ` Tushar Sugandhi 2024-01-07 17:00 ` Mimi Zohar 2024-01-07 17:00 ` Mimi Zohar 2024-01-11 18:13 ` Tushar Sugandhi 2024-01-11 18:13 ` Tushar Sugandhi 2024-01-11 19:20 ` Stefan Berger 2024-01-11 19:20 ` Stefan Berger 2024-01-11 20:52 ` Tushar Sugandhi 2024-01-11 20:52 ` Tushar Sugandhi 2024-01-12 17:44 ` Mimi Zohar 2024-01-12 17:44 ` Mimi Zohar 2024-01-12 18:23 ` Tushar Sugandhi 2024-01-12 18:23 ` Tushar Sugandhi 2023-12-16 1:07 ` [PATCH v3 7/7] ima: measure kexec load and exec events as critical data Tushar Sugandhi 2023-12-16 1:07 ` Tushar Sugandhi 2023-12-20 20:41 ` Mimi Zohar 2023-12-20 20:41 ` Mimi Zohar 2024-01-05 20:22 ` Tushar Sugandhi 2024-01-05 20:22 ` Tushar Sugandhi 2024-01-07 14:24 ` Mimi Zohar 2024-01-07 14:24 ` Mimi Zohar 2024-01-11 17:56 ` Tushar Sugandhi 2024-01-11 17:56 ` Tushar Sugandhi
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20231216010729.2904751-5-tusharsu@linux.microsoft.com \ --to=tusharsu@linux.microsoft.com \ --cc=bauermann@kolabnow.com \ --cc=code@tyhicks.com \ --cc=ebiederm@xmission.com \ --cc=eric.snowberg@oracle.com \ --cc=kexec@lists.infradead.org \ --cc=linux-integrity@vger.kernel.org \ --cc=noodles@fb.com \ --cc=nramas@linux.microsoft.com \ --cc=paul@paul-moore.com \ --cc=roberto.sassu@huawei.com \ --cc=roberto.sassu@huaweicloud.com \ --cc=stefanb@linux.ibm.com \ --cc=zohar@linux.ibm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.