lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20201030174429.29893-4-nramas@linux.microsoft.com>
Date:   Fri, 30 Oct 2020 10:44:28 -0700
From:   Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
To:     zohar@...ux.ibm.com, bauerman@...ux.ibm.com, robh@...nel.org,
        gregkh@...uxfoundation.org, james.morse@....com,
        catalin.marinas@....com, sashal@...nel.org, will@...nel.org,
        mpe@...erman.id.au, benh@...nel.crashing.org, paulus@...ba.org,
        robh+dt@...nel.org, frowand.list@...il.com,
        vincenzo.frascino@....com, mark.rutland@....com,
        dmitry.kasatkin@...il.com, jmorris@...ei.org, serge@...lyn.com,
        pasha.tatashin@...een.com, allison@...utok.net,
        kstewart@...uxfoundation.org, takahiro.akashi@...aro.org,
        tglx@...utronix.de, masahiroy@...nel.org, bhsharma@...hat.com,
        mbrugger@...e.com, hsinyi@...omium.org, tao.li@...o.com,
        christophe.leroy@....fr
Cc:     linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org,
        devicetree@...r.kernel.org, prsriva@...ux.microsoft.com,
        balajib@...ux.microsoft.com
Subject: [PATCH v8 3/4] arm64: Store IMA log information in kimage used for kexec

Address and size of the buffer containing the IMA measurement log need
to be passed from the current kernel to the next kernel on kexec.

Add address and size fields to "struct kimage_arch" for ARM64 platform
to hold the address and size of the IMA measurement log buffer.
Define an architecture specific function for ARM64 namely
arch_ima_add_kexec_buffer() that will set the address and size of
the current kernel's IMA buffer to be passed to the next kernel on kexec.

Co-developed-by: Prakhar Srivastava <prsriva@...ux.microsoft.com>
Signed-off-by: Prakhar Srivastava <prsriva@...ux.microsoft.com>
Signed-off-by: Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
Reviewed-by: Thiago Jung Bauermann <bauerman@...ux.ibm.com>
---
 arch/arm64/include/asm/ima.h   | 18 ++++++++++++++++++
 arch/arm64/include/asm/kexec.h |  3 +++
 arch/arm64/kernel/Makefile     |  1 +
 arch/arm64/kernel/ima_kexec.c  | 34 ++++++++++++++++++++++++++++++++++
 4 files changed, 56 insertions(+)
 create mode 100644 arch/arm64/include/asm/ima.h
 create mode 100644 arch/arm64/kernel/ima_kexec.c

diff --git a/arch/arm64/include/asm/ima.h b/arch/arm64/include/asm/ima.h
new file mode 100644
index 000000000000..507fc94ddaba
--- /dev/null
+++ b/arch/arm64/include/asm/ima.h
@@ -0,0 +1,18 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/*
+ * Copyright (C) 2019 Microsoft Corporation
+ *
+ * Author: Prakhar Srivastava <prsriva@...ux.microsoft.com>
+ *
+ */
+#ifndef _ASM_ARCH_IMA_H
+#define _ASM_ARCH_IMA_H
+
+struct kimage;
+
+#ifdef CONFIG_IMA_KEXEC
+int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
+			      size_t size);
+#endif /* CONFIG_IMA_KEXEC */
+
+#endif /* _ASM_ARCH_IMA_H */
diff --git a/arch/arm64/include/asm/kexec.h b/arch/arm64/include/asm/kexec.h
index d24b527e8c00..7bd60c185ad3 100644
--- a/arch/arm64/include/asm/kexec.h
+++ b/arch/arm64/include/asm/kexec.h
@@ -100,6 +100,9 @@ struct kimage_arch {
 	void *elf_headers;
 	unsigned long elf_headers_mem;
 	unsigned long elf_headers_sz;
+
+	phys_addr_t ima_buffer_addr;
+	size_t ima_buffer_size;
 };
 
 extern const struct kexec_file_ops kexec_image_ops;
diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile
index bbaf0bc4ad60..1cddf55fb601 100644
--- a/arch/arm64/kernel/Makefile
+++ b/arch/arm64/kernel/Makefile
@@ -60,6 +60,7 @@ obj-$(CONFIG_ARM_SDE_INTERFACE)		+= sdei.o
 obj-$(CONFIG_ARM64_PTR_AUTH)		+= pointer_auth.o
 obj-$(CONFIG_SHADOW_CALL_STACK)		+= scs.o
 obj-$(CONFIG_ARM64_MTE)			+= mte.o
+obj-$(CONFIG_IMA_KEXEC)			+= ima_kexec.o
 
 obj-y					+= vdso/ probes/
 obj-$(CONFIG_COMPAT_VDSO)		+= vdso32/
diff --git a/arch/arm64/kernel/ima_kexec.c b/arch/arm64/kernel/ima_kexec.c
new file mode 100644
index 000000000000..1847f1230710
--- /dev/null
+++ b/arch/arm64/kernel/ima_kexec.c
@@ -0,0 +1,34 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2019 Microsoft Corporation
+ *
+ * Author: Prakhar Srivastava <prsriva@...ux.microsoft.com>
+ *
+ * File: ima_kexec.c
+ *       Defines IMA kexec functions.
+ */
+
+#include <linux/kernel.h>
+#include <linux/kexec.h>
+#include <linux/types.h>
+#include <asm/ima.h>
+
+/**
+ * arch_ima_add_kexec_buffer - do arch-specific steps to add the IMA buffer
+ *
+ * @image: kimage structure to set ima buffer information in for kexec
+ * @load_addr: Start address of the IMA buffer
+ * @size: size of the IMA buffer
+ *
+ * Architectures should use this function to pass on the IMA buffer
+ * information to the next kernel.
+ *
+ * Return: 0 on success, negative errno on error.
+ */
+int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
+			      size_t size)
+{
+	image->arch.ima_buffer_addr = load_addr;
+	image->arch.ima_buffer_size = size;
+	return 0;
+}
-- 
2.29.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ