| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <875z928pha.fsf@morokweng.localdomain>
Date: Fri, 28 Aug 2020 17:50:09 -0300
From: Thiago Jung Bauermann <bauerman@...ux.ibm.com>
To: Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
Cc: zohar@...ux.ibm.com, robh@...nel.org, gregkh@...uxfoundation.org,
james.morse@....com, catalin.marinas@....com, sashal@...nel.org,
will@...nel.org, mpe@...erman.id.au, benh@...nel.crashing.org,
paulus@...ba.org, robh+dt@...nel.org, frowand.list@...il.com,
vincenzo.frascino@....com, mark.rutland@....com,
dmitry.kasatkin@...il.com, jmorris@...ei.org, serge@...lyn.com,
pasha.tatashin@...een.com, allison@...utok.net,
kstewart@...uxfoundation.org, takahiro.akashi@...aro.org,
tglx@...utronix.de, masahiroy@...nel.org, bhsharma@...hat.com,
mbrugger@...e.com, hsinyi@...omium.org, tao.li@...o.com,
christophe.leroy@....fr, linux-integrity@...r.kernel.org,
linux-kernel@...r.kernel.org, devicetree@...r.kernel.org,
prsriva@...ux.microsoft.com, balajib@...ux.microsoft.com
Subject: Re: [PATCH v4 4/5] arm64: Store IMA log information in kimage used
for kexec
Lakshmi Ramasubramanian <nramas@...ux.microsoft.com> writes:
> Address and size of the buffer containing the IMA measurement log need
> to be passed from the current kernel to the next kernel on kexec.
>
> Add address and size fields to "struct kimage_arch" for ARM64 platform
> to hold the address and size of the IMA measurement log buffer.
> Define an architecture specific function for ARM64 namely
> arch_ima_add_kexec_buffer() that will set the address and size of
> the current kernel's IMA buffer to be passed to the next kernel on kexec.
>
> Co-developed-by: Prakhar Srivastava <prsriva@...ux.microsoft.com>
> Signed-off-by: Prakhar Srivastava <prsriva@...ux.microsoft.com>
> Signed-off-by: Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
Reviewed-by: Thiago Jung Bauermann <bauerman@...ux.ibm.com>
IMHO this patch and the next one can be squashed together. Also, a minor
comment below.
> ---
> arch/arm64/include/asm/ima.h | 17 +++++++++++++++++
> arch/arm64/include/asm/kexec.h | 3 +++
> arch/arm64/kernel/machine_kexec_file.c | 17 +++++++++++++++++
> 3 files changed, 37 insertions(+)
> create mode 100644 arch/arm64/include/asm/ima.h
>
> diff --git a/arch/arm64/include/asm/ima.h b/arch/arm64/include/asm/ima.h
> new file mode 100644
> index 000000000000..70ac39b74607
> --- /dev/null
> +++ b/arch/arm64/include/asm/ima.h
> @@ -0,0 +1,17 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +#ifndef _ASM_ARCH_IMA_H
> +#define _ASM_ARCH_IMA_H
> +
> +struct kimage;
> +
> +#ifdef CONFIG_IMA_KEXEC
> +int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
> + size_t size);
> +#else
> +static inline int arch_ima_add_kexec_buffer(struct kimage *image,
> + unsigned long load_addr, size_t size)
> +{
> + return 0;
> +}
There's no need to define arch_ima_add_kexec_buffer() if
CONFIG_IMA_KEXEC isn't set because in that case, the code which calls
this function in ima_add_kexec_buffer() won't be part of the build.
> +#endif /* CONFIG_IMA_KEXEC */
> +#endif /* _ASM_ARCH_IMA_H */
--
Thiago Jung Bauermann
IBM Linux Technology Center
Powered by blists - more mailing lists