From nobody Thu Dec 18 23:24:28 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 970002236E4; Mon, 21 Apr 2025 22:25:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745274334; cv=none; b=PvEhq8pAFvdXCcE3XGZDs27nQnRlp2irMeXZQBPdFZ+KOEgaMEf9A0vNsQskeT9zKLjRRZPY1tw/5VJvDIthhJnqtNQeo4La+AlG6JmB3fhmX3dF0uc89Nluwc0cxTYBu6W6N0nxU3NIEfAZN2yCUBefPd3AukE0YdWTubkzOzA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745274334; c=relaxed/simple; bh=HELCfmwqx3yMea+D8s9bEoqSl5vsNlgJQOMcReZ/sDo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PPyntMeiiDiutUzymKXH2r/dlhW/TdhHYShRD6opa4fUbeZQ2WNfYyMI/d69AJxpEWZzhAsA93srCWZfMzmQ6MgiSzUl7l0TwMD9BrBocI/bcz2C6TQzHv4Nro39GwyPLCeps0UOeH4bziZM8ek0N7IVghMSZYCPZj3+g283nkg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=sZaa5B7H; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="sZaa5B7H" Received: from DESKTOP-VOT081N.hsd1.ga.comcast.net (unknown [20.110.218.7]) by linux.microsoft.com (Postfix) with ESMTPSA id 50F93203B865; Mon, 21 Apr 2025 15:25:30 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 50F93203B865 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1745274332; bh=7dFA2+OJcHq/e4k0fFHXAh1pIByJPkomq2SyTZBGciM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=sZaa5B7HG/9hTUo4bgoQTWCcLaB7Jh8xCUxdkRYruGMx53gUHcTuGu/Sgfh1sWsGR UJyzka8dzSPKB+eCU6GXJygGXq+9Jg3/zu10GUytIekNaP7NBRIlycwtCgv/V2Dtwt 0HMxE5ApYv6sxvbfttWWCMfvfYCUdMykSkGTcj7s= From: steven chen To: zohar@linux.ibm.com, stefanb@linux.ibm.com, roberto.sassu@huaweicloud.com, roberto.sassu@huawei.com, eric.snowberg@oracle.com, ebiederm@xmission.com, paul@paul-moore.com, code@tyhicks.com, bauermann@kolabnow.com, linux-integrity@vger.kernel.org, kexec@lists.infradead.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Cc: madvenka@linux.microsoft.com, nramas@linux.microsoft.com, James.Bottomley@HansenPartnership.com, bhe@redhat.com, vgoyal@redhat.com, dyoung@redhat.com Subject: [PATCH v13 1/9] ima: rename variable the seq_file "file" to "ima_kexec_file" Date: Mon, 21 Apr 2025 15:25:07 -0700 Message-ID: <20250421222516.9830-2-chenste@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250421222516.9830-1-chenste@linux.microsoft.com> References: <20250421222516.9830-1-chenste@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Steven Chen Before making the function local seq_file "file" variable file static global, rename it to "ima_kexec_file". Signed-off-by: Steven Chen Acked-by: Baoquan He --- security/integrity/ima/ima_kexec.c | 31 +++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/im= a_kexec.c index 9d45f4d26f73..650beb74346c 100644 --- a/security/integrity/ima/ima_kexec.c +++ b/security/integrity/ima/ima_kexec.c @@ -18,30 +18,30 @@ static int ima_dump_measurement_list(unsigned long *buffer_size, void **bu= ffer, unsigned long segment_size) { + struct seq_file ima_kexec_file; struct ima_queue_entry *qe; - struct seq_file file; struct ima_kexec_hdr khdr; int ret =3D 0; =20 /* segment size can't change between kexec load and execute */ - file.buf =3D vmalloc(segment_size); - if (!file.buf) { + ima_kexec_file.buf =3D vmalloc(segment_size); + if (!ima_kexec_file.buf) { ret =3D -ENOMEM; goto out; } =20 - file.file =3D NULL; - file.size =3D segment_size; - file.read_pos =3D 0; - file.count =3D sizeof(khdr); /* reserved space */ + ima_kexec_file.file =3D NULL; + ima_kexec_file.size =3D segment_size; + ima_kexec_file.read_pos =3D 0; + ima_kexec_file.count =3D sizeof(khdr); /* reserved space */ =20 memset(&khdr, 0, sizeof(khdr)); khdr.version =3D 1; /* This is an append-only list, no need to hold the RCU read lock */ list_for_each_entry_rcu(qe, &ima_measurements, later, true) { - if (file.count < file.size) { + if (ima_kexec_file.count < ima_kexec_file.size) { khdr.count++; - ima_measurements_show(&file, qe); + ima_measurements_show(&ima_kexec_file, qe); } else { ret =3D -EINVAL; break; @@ -55,23 +55,24 @@ static int ima_dump_measurement_list(unsigned long *buf= fer_size, void **buffer, * fill in reserved space with some buffer details * (eg. version, buffer size, number of measurements) */ - khdr.buffer_size =3D file.count; + khdr.buffer_size =3D ima_kexec_file.count; if (ima_canonical_fmt) { khdr.version =3D cpu_to_le16(khdr.version); khdr.count =3D cpu_to_le64(khdr.count); khdr.buffer_size =3D cpu_to_le64(khdr.buffer_size); } - memcpy(file.buf, &khdr, sizeof(khdr)); + memcpy(ima_kexec_file.buf, &khdr, sizeof(khdr)); =20 print_hex_dump_debug("ima dump: ", DUMP_PREFIX_NONE, 16, 1, - file.buf, file.count < 100 ? file.count : 100, + ima_kexec_file.buf, ima_kexec_file.count < 100 ? + ima_kexec_file.count : 100, true); =20 - *buffer_size =3D file.count; - *buffer =3D file.buf; + *buffer_size =3D ima_kexec_file.count; + *buffer =3D ima_kexec_file.buf; out: if (ret =3D=3D -EINVAL) - vfree(file.buf); + vfree(ima_kexec_file.buf); return ret; } =20 --=20 2.43.0 From nobody Thu Dec 18 23:24:28 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3B8CB224AE4; Mon, 21 Apr 2025 22:25:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745274336; cv=none; b=JQJjdilnPw6eIcrTj1PPUEHcpJR/Iq1K0ZkdytqljJj/TU0QaXvDXjujugRa9eiak0ztetQhGcbUWIOCUyW8MujU8cAJOR2seVyTiWJAGIgOM27LK7WhCVfP+E5rKEnl3RNDTHBXcuijCh5gq+Cjzqra9IJnW21hVWrkSchCr40= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745274336; c=relaxed/simple; bh=jygzxH5VKpOvsWN0n66rkjiR+sI0RaY1DndvyqxUW9o=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rN+J4un8NWSMQRTVp9BngpEPOjBTgZ4v9amfNn9zcRekOBb72MqAHfMiDtZ5AwCL0Fw6kVWjlwuvPcrY5R2wJUFr5pEx+E8YMBLXfR8DJZGnKtMPOWYPK+a2gOaKIOYFY5KW1ZE7WRpZQXU8EeTLbTMWzSVIX2Mu5SEpkJRaJMk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=HT+7dbnz; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="HT+7dbnz" Received: from DESKTOP-VOT081N.hsd1.ga.comcast.net (unknown [20.110.218.7]) by linux.microsoft.com (Postfix) with ESMTPSA id BD21C203B86F; Mon, 21 Apr 2025 15:25:32 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com BD21C203B86F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1745274334; bh=OhLeHH8qkJgkp47mKp8k5q0SWo6uUAk7Wl6ng3yPD2o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=HT+7dbnz3dGW/nvbVxve+EscOBwLHpFDM6o92MWsIf1swSqKX34KVpLlGCms0qMNC 7TvGMThJW5ZsCzSD1sif9hL4MeRtC0/+Ldlzrspi0ljIzGneZZdSa0JNX7eJrpw9Is wQWM3Mjqkd8DPkaCf7yqzGDpDKWMUObY+3hoPVsU= From: steven chen To: zohar@linux.ibm.com, stefanb@linux.ibm.com, roberto.sassu@huaweicloud.com, roberto.sassu@huawei.com, eric.snowberg@oracle.com, ebiederm@xmission.com, paul@paul-moore.com, code@tyhicks.com, bauermann@kolabnow.com, linux-integrity@vger.kernel.org, kexec@lists.infradead.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Cc: madvenka@linux.microsoft.com, nramas@linux.microsoft.com, James.Bottomley@HansenPartnership.com, bhe@redhat.com, vgoyal@redhat.com, dyoung@redhat.com Subject: [PATCH v13 2/9] ima: define and call ima_alloc_kexec_file_buf() Date: Mon, 21 Apr 2025 15:25:08 -0700 Message-ID: <20250421222516.9830-3-chenste@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250421222516.9830-1-chenste@linux.microsoft.com> References: <20250421222516.9830-1-chenste@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Steven Chen In the current implementation, the ima_dump_measurement_list() API is=20 called during the kexec "load" phase, where a buffer is allocated and=20 the measurement records are copied. Due to this, new events added after kexec load but before kexec execute are not carried over to the new kernel during kexec operation Carrying the IMA measurement list across kexec requires allocating a buffer and copying the measurement records. Separate allocating the buffer and copying the measurement records into separate functions in order to allocate the buffer at kexec 'load' and copy the measurements at kexec 'execute'. After moving the vfree() here at this stage in the patch set, the IMA measurement list fails to verify when doing two consecutive "kexec -s -l" with/without a "kexec -s -u" in between. Only after "ima: kexec: move=20 IMA log copy from kexec load to execute" the IMA measurement list verifies properly with the vfree() here. Co-developed-by: Tushar Sugandhi Signed-off-by: Tushar Sugandhi Signed-off-by: Steven Chen Acked-by: Baoquan He Reviewed-by: Stefan Berger --- security/integrity/ima/ima_kexec.c | 46 +++++++++++++++++++++++------- 1 file changed, 35 insertions(+), 11 deletions(-) diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/im= a_kexec.c index 650beb74346c..b12ac3619b8f 100644 --- a/security/integrity/ima/ima_kexec.c +++ b/security/integrity/ima/ima_kexec.c @@ -15,26 +15,46 @@ #include "ima.h" =20 #ifdef CONFIG_IMA_KEXEC +static struct seq_file ima_kexec_file; + +static void ima_free_kexec_file_buf(struct seq_file *sf) +{ + vfree(sf->buf); + sf->buf =3D NULL; + sf->size =3D 0; + sf->read_pos =3D 0; + sf->count =3D 0; +} + +static int ima_alloc_kexec_file_buf(size_t segment_size) +{ + ima_free_kexec_file_buf(&ima_kexec_file); + + /* segment size can't change between kexec load and execute */ + ima_kexec_file.buf =3D vmalloc(segment_size); + if (!ima_kexec_file.buf) + return -ENOMEM; + + ima_kexec_file.size =3D segment_size; + ima_kexec_file.read_pos =3D 0; + ima_kexec_file.count =3D sizeof(struct ima_kexec_hdr); /* reserved space = */ + + return 0; +} + static int ima_dump_measurement_list(unsigned long *buffer_size, void **bu= ffer, unsigned long segment_size) { - struct seq_file ima_kexec_file; struct ima_queue_entry *qe; struct ima_kexec_hdr khdr; int ret =3D 0; =20 /* segment size can't change between kexec load and execute */ - ima_kexec_file.buf =3D vmalloc(segment_size); if (!ima_kexec_file.buf) { - ret =3D -ENOMEM; - goto out; + pr_err("Kexec file buf not allocated\n"); + return -EINVAL; } =20 - ima_kexec_file.file =3D NULL; - ima_kexec_file.size =3D segment_size; - ima_kexec_file.read_pos =3D 0; - ima_kexec_file.count =3D sizeof(khdr); /* reserved space */ - memset(&khdr, 0, sizeof(khdr)); khdr.version =3D 1; /* This is an append-only list, no need to hold the RCU read lock */ @@ -71,8 +91,6 @@ static int ima_dump_measurement_list(unsigned long *buffe= r_size, void **buffer, *buffer_size =3D ima_kexec_file.count; *buffer =3D ima_kexec_file.buf; out: - if (ret =3D=3D -EINVAL) - vfree(ima_kexec_file.buf); return ret; } =20 @@ -111,6 +129,12 @@ void ima_add_kexec_buffer(struct kimage *image) return; } =20 + ret =3D ima_alloc_kexec_file_buf(kexec_segment_size); + if (ret < 0) { + pr_err("Not enough memory for the kexec measurement buffer.\n"); + return; + } + ima_dump_measurement_list(&kexec_buffer_size, &kexec_buffer, kexec_segment_size); if (!kexec_buffer) { --=20 2.43.0 From nobody Thu Dec 18 23:24:28 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C13AB225775; Mon, 21 Apr 2025 22:25:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745274339; cv=none; b=cKY0mqXUsMPSTlndrmCeyoG7TtBfr5aISn7qqkIgPW9aSzm20WcjjflOXqZGll47p+tVR6mHO/DQ0ckTgYjYOuFNi8SZ05bCkOru6kX9bXqVMdx+chqmL7C8TKzjdZHCmWUt4WOinpznqr4MbDScdb1et+iWtDTuuMy3+OhbnQ0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745274339; c=relaxed/simple; bh=0I1oP4Npt+Ni2/r6dznzJWvJybWEyXi7//77sm0TbDg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=nQf9zfRgHiTFKYz5rvSmcDfDF76sA+ZgCPnr8uHdLKX2LDOhUXdda7PBjHU8KMNIB9AMAwosgrfwoXiOiK9kbCjEqEDXcD7FjkWe9t3jY+mrzkwhoYbAvXJ+SnDbAHS1zpkWNYVzuoxgnn3tNg0cXZ0SORCSivt05yzi/zf/NFA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=a0Ci4Pro; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="a0Ci4Pro" Received: from DESKTOP-VOT081N.hsd1.ga.comcast.net (unknown [20.110.218.7]) by linux.microsoft.com (Postfix) with ESMTPSA id 3A2AD203B86E; Mon, 21 Apr 2025 15:25:35 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 3A2AD203B86E DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1745274337; bh=M8lVlTeC+R/wKuKKAawkw0aqZeda8hmdI9p3e9lXCCM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=a0Ci4ProJ9nSnwpdZonU6Z1Dq+jnLflQy3V4zhEUqtRIgQ3apNmf1eyfjTYXBZWRa x8cJwxWQRxeAn0zAW8HZ5z2Jw9vM6MsKs/SPJMXMnuYJ58s6MTGhmpzgymkuk4+7Zw eGtwdJ+g2yBsbVsUDltx9eNTU0PKPAJFTfNgGZp8= From: steven chen To: zohar@linux.ibm.com, stefanb@linux.ibm.com, roberto.sassu@huaweicloud.com, roberto.sassu@huawei.com, eric.snowberg@oracle.com, ebiederm@xmission.com, paul@paul-moore.com, code@tyhicks.com, bauermann@kolabnow.com, linux-integrity@vger.kernel.org, kexec@lists.infradead.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Cc: madvenka@linux.microsoft.com, nramas@linux.microsoft.com, James.Bottomley@HansenPartnership.com, bhe@redhat.com, vgoyal@redhat.com, dyoung@redhat.com Subject: [PATCH v13 3/9] kexec: define functions to map and unmap segments Date: Mon, 21 Apr 2025 15:25:09 -0700 Message-ID: <20250421222516.9830-4-chenste@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250421222516.9830-1-chenste@linux.microsoft.com> References: <20250421222516.9830-1-chenste@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Steven Chen Implement kimage_map_segment() to enable IMA to map the measurement log=20 list to the kimage structure during the kexec 'load' stage. This function gathers the source pages within the specified address range, and maps them to a contiguous virtual address range. This is a preparation for later usage. Implement kimage_unmap_segment() for unmapping segments using vunmap(). Cc: Eric Biederman Cc: Baoquan He =20 Cc: Vivek Goyal Cc: Dave Young Co-developed-by: Tushar Sugandhi Signed-off-by: Tushar Sugandhi Signed-off-by: steven chen Acked-by: Baoquan He Reviewed-by tags "Reviewed-by: Stefan Berger " to=20 Tested-by tag for this patch set: "Tested-by: Stefan Berger=20 --- include/linux/kexec.h | 6 +++++ kernel/kexec_core.c | 54 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+) diff --git a/include/linux/kexec.h b/include/linux/kexec.h index f0e9f8eda7a3..7d6b12f8b8d0 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -467,13 +467,19 @@ extern bool kexec_file_dbg_print; #define kexec_dprintk(fmt, arg...) \ do { if (kexec_file_dbg_print) pr_info(fmt, ##arg); } while (0) =20 +extern void *kimage_map_segment(struct kimage *image, unsigned long addr, = unsigned long size); +extern void kimage_unmap_segment(void *buffer); #else /* !CONFIG_KEXEC_CORE */ struct pt_regs; struct task_struct; +struct kimage; static inline void __crash_kexec(struct pt_regs *regs) { } static inline void crash_kexec(struct pt_regs *regs) { } static inline int kexec_should_crash(struct task_struct *p) { return 0; } static inline int kexec_crash_loaded(void) { return 0; } +static inline void *kimage_map_segment(struct kimage *image, unsigned long= addr, unsigned long size) +{ return NULL; } +static inline void kimage_unmap_segment(void *buffer) { } #define kexec_in_progress false #endif /* CONFIG_KEXEC_CORE */ =20 diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c index c0bdc1686154..a5e378e1dc7f 100644 --- a/kernel/kexec_core.c +++ b/kernel/kexec_core.c @@ -867,6 +867,60 @@ int kimage_load_segment(struct kimage *image, return result; } =20 +void *kimage_map_segment(struct kimage *image, + unsigned long addr, unsigned long size) +{ + unsigned long src_page_addr, dest_page_addr =3D 0; + unsigned long eaddr =3D addr + size; + kimage_entry_t *ptr, entry; + struct page **src_pages; + unsigned int npages; + void *vaddr =3D NULL; + int i; + + /* + * Collect the source pages and map them in a contiguous VA range. + */ + npages =3D PFN_UP(eaddr) - PFN_DOWN(addr); + src_pages =3D kmalloc_array(npages, sizeof(*src_pages), GFP_KERNEL); + if (!src_pages) { + pr_err("Could not allocate ima pages array.\n"); + return NULL; + } + + i =3D 0; + for_each_kimage_entry(image, ptr, entry) { + if (entry & IND_DESTINATION) { + dest_page_addr =3D entry & PAGE_MASK; + } else if (entry & IND_SOURCE) { + if (dest_page_addr >=3D addr && dest_page_addr < eaddr) { + src_page_addr =3D entry & PAGE_MASK; + src_pages[i++] =3D + virt_to_page(__va(src_page_addr)); + if (i =3D=3D npages) + break; + dest_page_addr +=3D PAGE_SIZE; + } + } + } + + /* Sanity check. */ + WARN_ON(i < npages); + + vaddr =3D vmap(src_pages, npages, VM_MAP, PAGE_KERNEL); + kfree(src_pages); + + if (!vaddr) + pr_err("Could not map ima buffer.\n"); + + return vaddr; +} + +void kimage_unmap_segment(void *segment_buffer) +{ + vunmap(segment_buffer); +} + struct kexec_load_limit { /* Mutex protects the limit count. */ struct mutex mutex; --=20 2.43.0 From nobody Thu Dec 18 23:24:28 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 267E2226CE4; Mon, 21 Apr 2025 22:25:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745274342; cv=none; b=YnTUbnC1IkIWygGOgfEVJ2b1DKxU/GtfxpUiXg0WOR94TFN/K17w4eDm35dj1eA8Ay7P+RMQPS3m0kL4bF6g+M18ijQU03asCkmBb6FupbX6G8p4Cabo1y9cGScdnCGW8iGqY2sIxwuakMFbD97k1zLRWKrAXz/7NSW60fuyIHQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745274342; c=relaxed/simple; bh=nUzvZlz0kFXK8f1OkHwJrlCdXsKIoFQO2tX7gzLN4uw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Ly+dSAY0xAq4XEXXhAodl4g6pxKyM5pApxDkLCC4VF8ATzWitEOQqtNmfi5ZuOeJj6laoEgCyzk+N1TerOKRH8GqA80lI75dRqTtcqLvzU4ksMTYWAAC/Q7WYleYs8gj4RNcyLXahM0jzgA0PCi9XOYwWhZI6HYNS32zWopOB5s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=W2Y7nmAn; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="W2Y7nmAn" Received: from DESKTOP-VOT081N.hsd1.ga.comcast.net (unknown [20.110.218.7]) by linux.microsoft.com (Postfix) with ESMTPSA id AA275203B86C; Mon, 21 Apr 2025 15:25:37 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com AA275203B86C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1745274339; bh=MiqAzXObv2omepy5lJKLE7NO586d6ZTiSnYnz65g+4c=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=W2Y7nmAnS3KpbaCexVvhfgKrjhuXhSRxhW6Nx9OK7e8KcwlK1O2eM6GJysuHFpbBy 2jIW27G0oYJ4I206uTnUuMHHBwope7RoBFLvB98jx4HhjABI22q4RUdGCreg+3u+vK ouM2YTJr2PqHDKbk4TFv3V3H4F2PoJpxq3vunK6g= From: steven chen To: zohar@linux.ibm.com, stefanb@linux.ibm.com, roberto.sassu@huaweicloud.com, roberto.sassu@huawei.com, eric.snowberg@oracle.com, ebiederm@xmission.com, paul@paul-moore.com, code@tyhicks.com, bauermann@kolabnow.com, linux-integrity@vger.kernel.org, kexec@lists.infradead.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Cc: madvenka@linux.microsoft.com, nramas@linux.microsoft.com, James.Bottomley@HansenPartnership.com, bhe@redhat.com, vgoyal@redhat.com, dyoung@redhat.com Subject: [PATCH v13 4/9] ima: kexec: skip IMA segment validation after kexec soft reboot Date: Mon, 21 Apr 2025 15:25:10 -0700 Message-ID: <20250421222516.9830-5-chenste@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250421222516.9830-1-chenste@linux.microsoft.com> References: <20250421222516.9830-1-chenste@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Steven Chen Currently, the function kexec_calculate_store_digests() calculates and stores the digest of the segment during the kexec_file_load syscall, where the IMA segment is also allocated. Later, the IMA segment will be updated with the measurement log at the kexec execute stage when a kexec reboot is initiated. Therefore, the digests should be updated for the IMA segment in the normal case. The problem is that the content of memory segments carried over to the new kernel during the kexec systemcall can be changed at kexec 'execute' stage, but the size and the location of the memory segments cannot be changed at kexec 'execute' stage. To address this, skip the calculation and storage of the digest for the IMA segment in kexec_calculate_store_digests() so that it is not added=20 to the purgatory_sha_regions. With this change, the IMA segment is not included in the digest calculation, storage, and verification. Cc: Eric Biederman Cc: Baoquan He =20 Cc: Vivek Goyal Cc: Dave Young Co-developed-by: Tushar Sugandhi Signed-off-by: Tushar Sugandhi Signed-off-by: Steven Chen Reviewed-by: Stefan Berger Reviewed-by: Mimi Zohar Acked-by: Baoquan He --- include/linux/kexec.h | 3 +++ kernel/kexec_file.c | 22 ++++++++++++++++++++++ security/integrity/ima/ima_kexec.c | 3 +++ 3 files changed, 28 insertions(+) diff --git a/include/linux/kexec.h b/include/linux/kexec.h index 7d6b12f8b8d0..107e726f2ef3 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -362,6 +362,9 @@ struct kimage { =20 phys_addr_t ima_buffer_addr; size_t ima_buffer_size; + + unsigned long ima_segment_index; + bool is_ima_segment_index_set; #endif =20 /* Core ELF header buffer */ diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index 3eedb8c226ad..606132253c79 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -38,6 +38,21 @@ void set_kexec_sig_enforced(void) } #endif =20 +#ifdef CONFIG_IMA_KEXEC +static bool check_ima_segment_index(struct kimage *image, int i) +{ + if (image->is_ima_segment_index_set && i =3D=3D image->ima_segment_index) + return true; + else + return false; +} +#else +static bool check_ima_segment_index(struct kimage *image, int i) +{ + return false; +} +#endif + static int kexec_calculate_store_digests(struct kimage *image); =20 /* Maximum size in bytes for kernel/initrd files. */ @@ -764,6 +779,13 @@ static int kexec_calculate_store_digests(struct kimage= *image) if (ksegment->kbuf =3D=3D pi->purgatory_buf) continue; =20 + /* + * Skip the segment if ima_segment_index is set and matches + * the current index + */ + if (check_ima_segment_index(image, i)) + continue; + ret =3D crypto_shash_update(desc, ksegment->kbuf, ksegment->bufsz); if (ret) diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/im= a_kexec.c index b12ac3619b8f..7e0a19c3483f 100644 --- a/security/integrity/ima/ima_kexec.c +++ b/security/integrity/ima/ima_kexec.c @@ -145,6 +145,7 @@ void ima_add_kexec_buffer(struct kimage *image) kbuf.buffer =3D kexec_buffer; kbuf.bufsz =3D kexec_buffer_size; kbuf.memsz =3D kexec_segment_size; + image->is_ima_segment_index_set =3D false; ret =3D kexec_add_buffer(&kbuf); if (ret) { pr_err("Error passing over kexec measurement buffer.\n"); @@ -155,6 +156,8 @@ void ima_add_kexec_buffer(struct kimage *image) image->ima_buffer_addr =3D kbuf.mem; image->ima_buffer_size =3D kexec_segment_size; image->ima_buffer =3D kexec_buffer; + image->ima_segment_index =3D image->nr_segments - 1; + image->is_ima_segment_index_set =3D true; =20 kexec_dprintk("kexec measurement buffer for the loaded kernel at 0x%lx.\n= ", kbuf.mem); --=20 2.43.0 From nobody Thu Dec 18 23:24:28 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 55490225775; Mon, 21 Apr 2025 22:25:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745274343; cv=none; b=eLNk0NcSyXrEEc2HOjBt3QPKWhlCLMbqfKQwZ/khc0G9asUSeWT+y94fRsMArnSronm8gwpFHcR7LnSFA4pxrXBaATfrS+K2dtLdjgWqL3BF5ZaSKVjw42KO5L9QlCU69KFs/W9RNzAHFkqVx/HnrrWYpKLIwIKn3bJYWcS03SE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745274343; c=relaxed/simple; bh=ep5hoCheHKVEAtuxkukKJc6B/FpwA2Gi/1bwxXEak8w=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=YMBVrh9+gxslXOTSoWgTif4fBJHaSGMgavxSEhqV8NfgQP3KY2Pbc4mTX9/NfoPl6Aj5FPfunfAgxQyfvTlPNzWLEWkmc0wFc/HXsQcUae3miaoB6T15/39Z4YwA5rZyLdVvh0bMUTEjkghLYTEgbUL60O4s83Qrj1eInIHNWbE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=MdoYqlCS; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="MdoYqlCS" Received: from DESKTOP-VOT081N.hsd1.ga.comcast.net (unknown [20.110.218.7]) by linux.microsoft.com (Postfix) with ESMTPSA id 1FBF6203B872; Mon, 21 Apr 2025 15:25:40 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 1FBF6203B872 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1745274342; bh=I1XbzaRAmgoeuh/TNUrZkXNkO8KOvtrE3h9mj9fnJZo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MdoYqlCShRstXxa8GSNmrhQ6gqr8BTOAfDWMqCju+T69ZgMmW381StuoxoF+KCNVi wV7P3AaH7Cx2DQ0D6r8pye8jSu8r91t+fRFIESjw0YRpukufLxxwysaKHMU5W0UA6D W1kp03tF/GiklYSQjoJF2HJVLh5XAMYmS2Fh6h5g= From: steven chen To: zohar@linux.ibm.com, stefanb@linux.ibm.com, roberto.sassu@huaweicloud.com, roberto.sassu@huawei.com, eric.snowberg@oracle.com, ebiederm@xmission.com, paul@paul-moore.com, code@tyhicks.com, bauermann@kolabnow.com, linux-integrity@vger.kernel.org, kexec@lists.infradead.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Cc: madvenka@linux.microsoft.com, nramas@linux.microsoft.com, James.Bottomley@HansenPartnership.com, bhe@redhat.com, vgoyal@redhat.com, dyoung@redhat.com Subject: [PATCH v13 5/9] ima: kexec: define functions to copy IMA log at soft boot Date: Mon, 21 Apr 2025 15:25:11 -0700 Message-ID: <20250421222516.9830-6-chenste@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250421222516.9830-1-chenste@linux.microsoft.com> References: <20250421222516.9830-1-chenste@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Steven Chen The IMA log is currently copied to the new kernel during kexec 'load'=20 using ima_dump_measurement_list(). However, the log copied at kexec=20 'load' may result in loss of IMA measurements that only occurred after kexec "load'. Setup the needed infrastructure to move the IMA log copy=20 from kexec 'load' to 'execute'. Define a new IMA hook ima_update_kexec_buffer() as a stub function. It will be used to call ima_dump_measurement_list() during kexec 'execute'. Implement ima_kexec_post_load() function to be invoked after the new=20 Kernel image has been loaded for kexec. ima_kexec_post_load() maps the=20 IMA buffer to a segment in the newly loaded Kernel. It also registers=20 the reboot notifier_block to trigger ima_update_kexec_buffer() at=20 kexec 'execute'. Set the priority of register_reboot_notifier to INT_MIN to ensure that the IMA log copy operation will happen at the end of the operation chain, so=20 that all the IMA measurement records extended into the TPM are copied Co-developed-by: Tushar Sugandhi Signed-off-by: Tushar Sugandhi Cc: Eric Biederman Cc: Baoquan He =20 Cc: Vivek Goyal Cc: Dave Young Signed-off-by: Steven Chen Reviewed-by: Mimi Zohar Acked-by: Baoquan He Reviewed-by: Stefan Berger --- include/linux/ima.h | 3 ++ security/integrity/ima/ima_kexec.c | 47 ++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) diff --git a/include/linux/ima.h b/include/linux/ima.h index 0bae61a15b60..8e29cb4e6a01 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -32,6 +32,9 @@ static inline void ima_appraise_parse_cmdline(void) {} =20 #ifdef CONFIG_IMA_KEXEC extern void ima_add_kexec_buffer(struct kimage *image); +extern void ima_kexec_post_load(struct kimage *image); +#else +static inline void ima_kexec_post_load(struct kimage *image) {} #endif =20 #else diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/im= a_kexec.c index 7e0a19c3483f..e79f6caf895b 100644 --- a/security/integrity/ima/ima_kexec.c +++ b/security/integrity/ima/ima_kexec.c @@ -12,10 +12,14 @@ #include #include #include +#include +#include #include "ima.h" =20 #ifdef CONFIG_IMA_KEXEC +static bool ima_kexec_update_registered; static struct seq_file ima_kexec_file; +static void *ima_kexec_buffer; =20 static void ima_free_kexec_file_buf(struct seq_file *sf) { @@ -162,6 +166,49 @@ void ima_add_kexec_buffer(struct kimage *image) kexec_dprintk("kexec measurement buffer for the loaded kernel at 0x%lx.\n= ", kbuf.mem); } + +/* + * Called during kexec execute so that IMA can update the measurement list. + */ +static int ima_update_kexec_buffer(struct notifier_block *self, + unsigned long action, void *data) +{ + return NOTIFY_OK; +} + +static struct notifier_block update_buffer_nb =3D { + .notifier_call =3D ima_update_kexec_buffer, + .priority =3D INT_MIN +}; + +/* + * Create a mapping for the source pages that contain the IMA buffer + * so we can update it later. + */ +void ima_kexec_post_load(struct kimage *image) +{ + if (ima_kexec_buffer) { + kimage_unmap_segment(ima_kexec_buffer); + ima_kexec_buffer =3D NULL; + } + + if (!image->ima_buffer_addr) + return; + + ima_kexec_buffer =3D kimage_map_segment(image, + image->ima_buffer_addr, + image->ima_buffer_size); + if (!ima_kexec_buffer) { + pr_err("Could not map measurements buffer.\n"); + return; + } + + if (!ima_kexec_update_registered) { + register_reboot_notifier(&update_buffer_nb); + ima_kexec_update_registered =3D true; + } +} + #endif /* IMA_KEXEC */ =20 /* --=20 2.43.0 From nobody Thu Dec 18 23:24:28 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3C36F2288CC; Mon, 21 Apr 2025 22:25:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745274346; cv=none; b=b2f92Y5JySF6a2R3M5yqQMY5VMy1Te0Gkvwt1PFjpLNpjFt/NPjJ1/edajL5wtZ+Ggs33EE/WA8TH4DWe0VtpN1F2R0bM4WJhfCDktFh/spYMDqiWOJ4JIGGbVTQkohhe8RNapDHLBxBwDCDyoE834xSjgf+3zZzDlTHWe4OJiE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745274346; c=relaxed/simple; bh=ZxzYUa6hSNSZtM9O6CxEUEMjZj10ROlY/ON58BHEYzE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ChaEs8/o94n4u6980UmI3FxRgUYIUpa2Pye/PG8AyploclYADIKfEBsAt9+LJFQu0FfLv6GdIsftderBSIoVrSZAFD4o33ZetRc1qVUL20utl1yb6B+/DbmV52A5JqHraqgWrS4Sx8JiAh9+nGurdAW4DjX59n1ezAHHf5g6AkQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=PRLyileH; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="PRLyileH" Received: from DESKTOP-VOT081N.hsd1.ga.comcast.net (unknown [20.110.218.7]) by linux.microsoft.com (Postfix) with ESMTPSA id 89A39203B873; Mon, 21 Apr 2025 15:25:42 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 89A39203B873 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1745274344; bh=HL4S/TcZxL8WY/O6ODZ4pmEtTDFZ9jUTZ8riufUGoII=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PRLyileHwPUj9vJsSaUhTrYAOyeVB2dp93FPB1Ehb1Q3vk3VrQnWMY45DNrGr7p2O 5pj+1yqu7fljhbwz+5jz9UGF78W/k41x18feWHy9ev0123KTWGiXf/nzgJgm8kC8QV WZ1lGkE8CYUS95q8gcQVG87Q08zXw9C6C5jkRCjg= From: steven chen To: zohar@linux.ibm.com, stefanb@linux.ibm.com, roberto.sassu@huaweicloud.com, roberto.sassu@huawei.com, eric.snowberg@oracle.com, ebiederm@xmission.com, paul@paul-moore.com, code@tyhicks.com, bauermann@kolabnow.com, linux-integrity@vger.kernel.org, kexec@lists.infradead.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Cc: madvenka@linux.microsoft.com, nramas@linux.microsoft.com, James.Bottomley@HansenPartnership.com, bhe@redhat.com, vgoyal@redhat.com, dyoung@redhat.com Subject: [PATCH v13 6/9] ima: kexec: move IMA log copy from kexec load to execute Date: Mon, 21 Apr 2025 15:25:12 -0700 Message-ID: <20250421222516.9830-7-chenste@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250421222516.9830-1-chenste@linux.microsoft.com> References: <20250421222516.9830-1-chenste@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Steven Chen The IMA log is currently copied to the new kernel during kexec 'load' using ima_dump_measurement_list(). However, the IMA measurement list copied at=20 kexec 'load' may result in loss of IMA measurements records that only=20 occurred after the kexec 'load'. Move the IMA measurement list log copy=20 from kexec 'load' to 'execute' Make the kexec_segment_size variable a local static variable within the=20 file, so it can be accessed during both kexec 'load' and 'execute'. =20 Define kexec_post_load() as a wrapper for calling ima_kexec_post_load() and machine_kexec_post_load(). Replace the existing direct call to machine_kexec_post_load() with kexec_post_load(). =20 When there is insufficient memory to copy all the measurement logs, copy as much of the measurement list as possible. Co-developed-by: Tushar Sugandhi Signed-off-by: Tushar Sugandhi Cc: Eric Biederman Cc: Baoquan He =20 Cc: Vivek Goyal Cc: Dave Young Signed-off-by: Steven Chen --- kernel/kexec_file.c | 11 +++++++- security/integrity/ima/ima_kexec.c | 43 ++++++++++++++++++++---------- 2 files changed, 39 insertions(+), 15 deletions(-) diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index 606132253c79..b3eb515ca051 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -201,6 +201,15 @@ kimage_validate_signature(struct kimage *image) } #endif =20 +static int kexec_post_load(struct kimage *image, unsigned long flags) +{ +#ifdef CONFIG_IMA_KEXEC + if (!(flags & KEXEC_FILE_ON_CRASH)) + ima_kexec_post_load(image); +#endif + return machine_kexec_post_load(image); +} + /* * In file mode list of segments is prepared by kernel. Copy relevant * data from user space, do error checking, prepare segment list @@ -428,7 +437,7 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, i= nitrd_fd, =20 kimage_terminate(image); =20 - ret =3D machine_kexec_post_load(image); + ret =3D kexec_post_load(image, flags); if (ret) goto out; =20 diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/im= a_kexec.c index e79f6caf895b..5c3b3e0b2186 100644 --- a/security/integrity/ima/ima_kexec.c +++ b/security/integrity/ima/ima_kexec.c @@ -19,6 +19,7 @@ #ifdef CONFIG_IMA_KEXEC static bool ima_kexec_update_registered; static struct seq_file ima_kexec_file; +static size_t kexec_segment_size; static void *ima_kexec_buffer; =20 static void ima_free_kexec_file_buf(struct seq_file *sf) @@ -72,9 +73,6 @@ static int ima_dump_measurement_list(unsigned long *buffe= r_size, void **buffer, } } =20 - if (ret < 0) - goto out; - /* * fill in reserved space with some buffer details * (eg. version, buffer size, number of measurements) @@ -94,7 +92,7 @@ static int ima_dump_measurement_list(unsigned long *buffe= r_size, void **buffer, =20 *buffer_size =3D ima_kexec_file.count; *buffer =3D ima_kexec_file.buf; -out: + return ret; } =20 @@ -112,9 +110,8 @@ void ima_add_kexec_buffer(struct kimage *image) unsigned long binary_runtime_size; =20 /* use more understandable variable names than defined in kbuf */ + size_t kexec_buffer_size =3D 0; void *kexec_buffer =3D NULL; - size_t kexec_buffer_size; - size_t kexec_segment_size; int ret; =20 /* @@ -139,13 +136,6 @@ void ima_add_kexec_buffer(struct kimage *image) return; } =20 - ima_dump_measurement_list(&kexec_buffer_size, &kexec_buffer, - kexec_segment_size); - if (!kexec_buffer) { - pr_err("Not enough memory for the kexec measurement buffer.\n"); - return; - } - kbuf.buffer =3D kexec_buffer; kbuf.bufsz =3D kexec_buffer_size; kbuf.memsz =3D kexec_segment_size; @@ -173,7 +163,32 @@ void ima_add_kexec_buffer(struct kimage *image) static int ima_update_kexec_buffer(struct notifier_block *self, unsigned long action, void *data) { - return NOTIFY_OK; + size_t buf_size =3D 0; + int ret =3D NOTIFY_OK; + void *buf =3D NULL; + + if (!kexec_in_progress) { + pr_info("No kexec in progress.\n"); + return ret; + } + + if (!ima_kexec_buffer) { + pr_err("Kexec buffer not set.\n"); + return ret; + } + + ret =3D ima_dump_measurement_list(&buf_size, &buf, kexec_segment_size); + + if (ret) + pr_err("Dump measurements failed. Error:%d\n", ret); + + if (buf_size !=3D 0) + memcpy(ima_kexec_buffer, buf, buf_size); + + kimage_unmap_segment(ima_kexec_buffer); + ima_kexec_buffer =3D NULL; + + return ret; } =20 static struct notifier_block update_buffer_nb =3D { --=20 2.43.0 From nobody Thu Dec 18 23:24:28 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B822B22A4C9; Mon, 21 Apr 2025 22:25:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745274349; cv=none; b=cFA0N3eSe6tgUP6X7YHI08UQwsCRWLbxVxgeilrcIyZrBF+WM/jTE1ECqHrlCffT1j+xSyCA3+AV1sbXYcQgJaixwmETi8rJ1YDM6XDXkxmxIS5z5RkAr0gkaun/Vc4Xng75454UwVFhTQUsIHjdC7Hn7bbvJGTMqfsqR2SU8E8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745274349; c=relaxed/simple; bh=C68aO11fwY5Hq7MhMVBjpxhOBUfYTUWrOF7aOqYOLWM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=af/fqr+l7fYjulckmluh4vJr/Nr7MuGn+FEWjiP3tyrHfFlvge7Z+hm0b46R65eRsNl9WWFmOiPfiN3yIf/oluzT544NANchQYFTfjsKE9zqNZzBmiB7lRWQNYIFoxFWix6xR9qsRdgWnFUfOW29B2eiRlmlyIzwTP88TbZ292U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=q3nC6b3H; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="q3nC6b3H" Received: from DESKTOP-VOT081N.hsd1.ga.comcast.net (unknown [20.110.218.7]) by linux.microsoft.com (Postfix) with ESMTPSA id 4ECFE203B875; Mon, 21 Apr 2025 15:25:45 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 4ECFE203B875 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1745274347; bh=6xgOBYzerQDrucaQC/lEMeygmGpDLxyAasYBprqw4mk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=q3nC6b3Hi7IbCLuLtwW+3lh+1WXvmj68ZrT/fw8ahWDKC88opIExvLYFzI8HSRUqK de3Bt2rmlJzSzacdZccAIvEIYxt4EY55PwlwMtVjtd8yBdqKMoCM5F/YG9ndpYTMPh mbOczUN4dfQ93Ql9HFhdQKSHJ83nRKYDMGOzp4PA= From: steven chen To: zohar@linux.ibm.com, stefanb@linux.ibm.com, roberto.sassu@huaweicloud.com, roberto.sassu@huawei.com, eric.snowberg@oracle.com, ebiederm@xmission.com, paul@paul-moore.com, code@tyhicks.com, bauermann@kolabnow.com, linux-integrity@vger.kernel.org, kexec@lists.infradead.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Cc: madvenka@linux.microsoft.com, nramas@linux.microsoft.com, James.Bottomley@HansenPartnership.com, bhe@redhat.com, vgoyal@redhat.com, dyoung@redhat.com Subject: [PATCH v13 7/9] ima: verify if the segment size has changed Date: Mon, 21 Apr 2025 15:25:13 -0700 Message-ID: <20250421222516.9830-8-chenste@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250421222516.9830-1-chenste@linux.microsoft.com> References: <20250421222516.9830-1-chenste@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Steven Chen kexec 'load' may be called multiple times. Free and realloc the buffer only if the segment_size is changed from the previous kexec 'load' call. Signed-off-by: Steven Chen Acked-by: Baoquan He Reviewed-by: Mimi Zohar Reviewed-by: Stefan Berger --- security/integrity/ima/ima_kexec.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/im= a_kexec.c index 5c3b3e0b2186..ed867734ee70 100644 --- a/security/integrity/ima/ima_kexec.c +++ b/security/integrity/ima/ima_kexec.c @@ -33,6 +33,14 @@ static void ima_free_kexec_file_buf(struct seq_file *sf) =20 static int ima_alloc_kexec_file_buf(size_t segment_size) { + /* + * kexec 'load' may be called multiple times. + * Free and realloc the buffer only if the segment_size is + * changed from the previous kexec 'load' call. + */ + if (ima_kexec_file.buf && ima_kexec_file.size =3D=3D segment_size) + goto out; + ima_free_kexec_file_buf(&ima_kexec_file); =20 /* segment size can't change between kexec load and execute */ @@ -41,6 +49,8 @@ static int ima_alloc_kexec_file_buf(size_t segment_size) return -ENOMEM; =20 ima_kexec_file.size =3D segment_size; + +out: ima_kexec_file.read_pos =3D 0; ima_kexec_file.count =3D sizeof(struct ima_kexec_hdr); /* reserved space = */ =20 --=20 2.43.0 From nobody Thu Dec 18 23:24:28 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3743122A7FD; Mon, 21 Apr 2025 22:25:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745274351; cv=none; b=pi0Q+P3wDF7Kd8TahH/eWSy/rC8BCCzCg/oQCR0qymoBbTECu4fiKtvg/RNt8fUJan86QCEooBDtTapqv+sLkDQ96Lazd5ovbDDugnfc9bH9PEtxJ+snd+Qoy2714k4LzIwVztUvf6oChHU7jaN8q+sahPqVcIfZPuy1JAXlqug= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745274351; c=relaxed/simple; bh=dFGYlucEXVkl8DsYbpSy4lEmNV+cAEt2H3cP5S3BbWw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=S+Ob7GIzYjYlY4UsrcQMkc6/4B6QsuEQnd78RO2lM6NnXIi7bHgrU6JkGOR//jT0BaPXsllw66J5PwWIulEFGNgV/PUbMDV2TZ2j7Gyehm8a9jDNfrcQc+75rZORE+P87DNFsLC5kztVm9+HwksGyiBjITPGqV7kTZ6Da8ItH3c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=HblA7erz; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="HblA7erz" Received: from DESKTOP-VOT081N.hsd1.ga.comcast.net (unknown [20.110.218.7]) by linux.microsoft.com (Postfix) with ESMTPSA id C735B203B86A; Mon, 21 Apr 2025 15:25:47 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com C735B203B86A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1745274349; bh=9dF+KrrSsEWjZm7q8suAuuEUgBlazjWvcfAeNPEq8Go=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=HblA7erzDI/26dTatiIXv7UuD2KDrwSVOzeC94Ab03iJKoqgE/INCVDaAS4XfiDvg St0HHSSJRQ3ehCg6JS3WJVdUzDpa8E5Q6AhrAg+PHun5jgtHFtKq6ocg5D9uuIrtun rvRxVNuNRddib3ziKQk1HXazjWW9ipRjxzAIoTUM= From: steven chen To: zohar@linux.ibm.com, stefanb@linux.ibm.com, roberto.sassu@huaweicloud.com, roberto.sassu@huawei.com, eric.snowberg@oracle.com, ebiederm@xmission.com, paul@paul-moore.com, code@tyhicks.com, bauermann@kolabnow.com, linux-integrity@vger.kernel.org, kexec@lists.infradead.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Cc: madvenka@linux.microsoft.com, nramas@linux.microsoft.com, James.Bottomley@HansenPartnership.com, bhe@redhat.com, vgoyal@redhat.com, dyoung@redhat.com Subject: [PATCH v13 8/9] ima: make the kexec extra memory configurable Date: Mon, 21 Apr 2025 15:25:14 -0700 Message-ID: <20250421222516.9830-9-chenste@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250421222516.9830-1-chenste@linux.microsoft.com> References: <20250421222516.9830-1-chenste@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Steven Chen The extra memory allocated for carrying the IMA measurement list across kexec is hard-coded as half a PAGE. Make it configurable. Define a Kconfig option, IMA_KEXEC_EXTRA_MEMORY_KB, to configure the extra memory (in kb) to be allocated for IMA measurements added during kexec soft reboot. Ensure the default value of the option is set such that extra half a page of memory for additional measurements is allocated for the additional measurements. Update ima_add_kexec_buffer() function to allocate memory based on the Kconfig option value, rather than the currently hard-coded one. Suggested-by: Stefan Berger Co-developed-by: Tushar Sugandhi Signed-off-by: Tushar Sugandhi Signed-off-by: Steven Chen Reviewed-by: Stefan Berger Reviewed-by: Mimi Zohar Acked-by: Baoquan He --- security/integrity/ima/Kconfig | 11 +++++++++++ security/integrity/ima/ima_kexec.c | 16 +++++++++++----- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index 475c32615006..976e75f9b9ba 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -321,4 +321,15 @@ config IMA_DISABLE_HTABLE help This option disables htable to allow measurement of duplicate records. =20 +config IMA_KEXEC_EXTRA_MEMORY_KB + int "Extra memory for IMA measurements added during kexec soft reboot" + range 0 40 + depends on IMA_KEXEC + default 0 + help + IMA_KEXEC_EXTRA_MEMORY_KB determines the extra memory to be + allocated (in kb) for IMA measurements added during kexec soft reboot. + If set to the default value of 0, an extra half page of memory for those + additional measurements will be allocated. + endif diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/im= a_kexec.c index ed867734ee70..d1c9d369ba08 100644 --- a/security/integrity/ima/ima_kexec.c +++ b/security/integrity/ima/ima_kexec.c @@ -118,6 +118,7 @@ void ima_add_kexec_buffer(struct kimage *image) .buf_min =3D 0, .buf_max =3D ULONG_MAX, .top_down =3D true }; unsigned long binary_runtime_size; + unsigned long extra_memory; =20 /* use more understandable variable names than defined in kbuf */ size_t kexec_buffer_size =3D 0; @@ -125,15 +126,20 @@ void ima_add_kexec_buffer(struct kimage *image) int ret; =20 /* - * Reserve an extra half page of memory for additional measurements - * added during the kexec load. + * Reserve extra memory for measurements added during kexec. */ - binary_runtime_size =3D ima_get_binary_runtime_size(); + if (CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB <=3D 0) + extra_memory =3D PAGE_SIZE / 2; + else + extra_memory =3D CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB * 1024; + + binary_runtime_size =3D ima_get_binary_runtime_size() + extra_memory; + if (binary_runtime_size >=3D ULONG_MAX - PAGE_SIZE) kexec_segment_size =3D ULONG_MAX; else - kexec_segment_size =3D ALIGN(ima_get_binary_runtime_size() + - PAGE_SIZE / 2, PAGE_SIZE); + kexec_segment_size =3D ALIGN(binary_runtime_size, PAGE_SIZE); + if ((kexec_segment_size =3D=3D ULONG_MAX) || ((kexec_segment_size >> PAGE_SHIFT) > totalram_pages() / 2)) { pr_err("Binary measurement list too large.\n"); --=20 2.43.0 From nobody Thu Dec 18 23:24:28 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8BFCA22AE45; Mon, 21 Apr 2025 22:25:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745274354; cv=none; b=rxnATx4CvFodPxCs+Q/Ievk7UvpRJng4x0AwJy/yXzxevAGhc2VfCpfO1SwowzURPX8GRGSECuapZrsBVKd+PH5u9ItoHl309N7HYMPDh37Vo9oMsqTmas9T+FiYp7e/naTwJqrowyr3z2/nCOOyg1bhXMmUO+RzM0JbW08J+eM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1745274354; c=relaxed/simple; bh=JWWdsa8lp+LrFXcffOTskLuqlErNEGei91SZN+Ep5Rs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Bwc4wJKaj6/ApuMTQVzppOqmYtYZdlSuBl+swDluYUXDPEZAgQbXDQ7buE7eWLOjQYElxN2IazcTkcm/b48MNXoeGUwgibh/EJJH+79ezwzjAqmvNiRpLesI4tkUhoQMxOGy5VW3uPF1bHNQMm+VUD7ROmrWbimAbbedq2pIjL0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=fmry9bUG; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="fmry9bUG" Received: from DESKTOP-VOT081N.hsd1.ga.comcast.net (unknown [20.110.218.7]) by linux.microsoft.com (Postfix) with ESMTPSA id 406F5203B86F; Mon, 21 Apr 2025 15:25:50 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 406F5203B86F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1745274352; bh=SrfZknngoXtvdKtTmABqW9U7IynhHbXYv+i4I64RFKE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fmry9bUGG2vjujWYCfrnXtHLxtaqe9gPwDpeVFRzDNGDNKRUobkGhEVbgd7l8bNrX /VzO5Wu2Ahs7Hk06cq2peQ9U0d2RJReHTyoCODb7rQ5Ok9FWgb9vxPQPANXipL84zW H7G9EhV7PiIsclqjuA/vs6HueRoo14fnv2Fgq8cE= From: steven chen To: zohar@linux.ibm.com, stefanb@linux.ibm.com, roberto.sassu@huaweicloud.com, roberto.sassu@huawei.com, eric.snowberg@oracle.com, ebiederm@xmission.com, paul@paul-moore.com, code@tyhicks.com, bauermann@kolabnow.com, linux-integrity@vger.kernel.org, kexec@lists.infradead.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Cc: madvenka@linux.microsoft.com, nramas@linux.microsoft.com, James.Bottomley@HansenPartnership.com, bhe@redhat.com, vgoyal@redhat.com, dyoung@redhat.com Subject: [PATCH v13 9/9] ima: measure kexec load and exec events as critical data Date: Mon, 21 Apr 2025 15:25:15 -0700 Message-ID: <20250421222516.9830-10-chenste@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250421222516.9830-1-chenste@linux.microsoft.com> References: <20250421222516.9830-1-chenste@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Steven Chen The amount of memory allocated at kexec load, even with the extra memory allocated, might not be large enough for the entire measurement list. The indeterminate interval between kexec 'load' and 'execute' could exacerbate this problem. Define two new IMA events, 'kexec_load' and 'kexec_execute', to be=20 measured as critical data at kexec 'load' and 'execute' respectively. Report the allocated kexec segment size, IMA binary log size and the runtime measurements count as part of those events. These events, and the values reported through them, serve as markers in the IMA log to verify the IMA events are captured during kexec soft reboot. The presence of a 'kexec_load' event in between the last two 'boot_aggregate' events in the IMA log implies this is a kexec soft reboot, and not a cold-boot. And the absence of 'kexec_execute' event after kexec soft reboot implies missing events in that window which results in inconsistency with TPM PCR quotes, necessitating a cold boot for a successful remote attestation. These critical data events are displayed as hex encoded ascii in the ascii_runtime_measurement_list. Verifying the critical data hash requires=20 calculating the hash of the decoded ascii string. =20 For example, to verify the 'kexec_load' data hash: sudo cat /sys/kernel/security/integrity/ima/ascii_runtime_measurements=20 | grep kexec_load | cut -d' ' -f 6 | xxd -r -p | sha256sum To verify the 'kexec_execute' data hash: sudo cat /sys/kernel/security/integrity/ima/ascii_runtime_measurements=20 | grep kexec_execute | cut -d' ' -f 6 | xxd -r -p | sha256sum Co-developed-by: Tushar Sugandhi Signed-off-by: Tushar Sugandhi Signed-off-by: Steven Chen Reviewed-by: Mimi Zohar Acked-by: Baoquan He Reviewed-by: Stefan Berger --- security/integrity/ima/ima.h | 6 ++++++ security/integrity/ima/ima_kexec.c | 21 +++++++++++++++++++++ security/integrity/ima/ima_queue.c | 5 +++++ 3 files changed, 32 insertions(+) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 24d09ea91b87..34815baf5e21 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -240,6 +240,12 @@ void ima_post_key_create_or_update(struct key *keyring= , struct key *key, unsigned long flags, bool create); #endif =20 +#ifdef CONFIG_IMA_KEXEC +void ima_measure_kexec_event(const char *event_name); +#else +static inline void ima_measure_kexec_event(const char *event_name) {} +#endif + /* * The default binary_runtime_measurements list format is defined as the * platform native format. The canonical format is defined as little-endi= an. diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/im= a_kexec.c index d1c9d369ba08..38cb2500f4c3 100644 --- a/security/integrity/ima/ima_kexec.c +++ b/security/integrity/ima/ima_kexec.c @@ -17,6 +17,8 @@ #include "ima.h" =20 #ifdef CONFIG_IMA_KEXEC +#define IMA_KEXEC_EVENT_LEN 256 + static bool ima_kexec_update_registered; static struct seq_file ima_kexec_file; static size_t kexec_segment_size; @@ -31,6 +33,24 @@ static void ima_free_kexec_file_buf(struct seq_file *sf) sf->count =3D 0; } =20 +void ima_measure_kexec_event(const char *event_name) +{ + char ima_kexec_event[IMA_KEXEC_EVENT_LEN]; + size_t buf_size =3D 0; + long len; + int n; + + buf_size =3D ima_get_binary_runtime_size(); + len =3D atomic_long_read(&ima_htable.len); + + n =3D scnprintf(ima_kexec_event, IMA_KEXEC_EVENT_LEN, + "kexec_segment_size=3D%lu;ima_binary_runtime_size=3D%lu;" + "ima_runtime_measurements_count=3D%ld;", + kexec_segment_size, buf_size, len); + + ima_measure_critical_data("ima_kexec", event_name, ima_kexec_event, n, fa= lse, NULL, 0); +} + static int ima_alloc_kexec_file_buf(size_t segment_size) { /* @@ -53,6 +73,7 @@ static int ima_alloc_kexec_file_buf(size_t segment_size) out: ima_kexec_file.read_pos =3D 0; ima_kexec_file.count =3D sizeof(struct ima_kexec_hdr); /* reserved space = */ + ima_measure_kexec_event("kexec_load"); =20 return 0; } diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/im= a_queue.c index 83d53824aa98..590637e81ad1 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c @@ -241,6 +241,11 @@ static int ima_reboot_notifier(struct notifier_block *= nb, unsigned long action, void *data) { +#ifdef CONFIG_IMA_KEXEC + if (action =3D=3D SYS_RESTART && data && !strcmp(data, "kexec reboot")) + ima_measure_kexec_event("kexec_execute"); +#endif + ima_measurements_suspend(); =20 return NOTIFY_DONE; --=20 2.43.0