lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 6 Dec 2020 17:54:20 -0800
From:   Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
To:     Thiago Jung Bauermann <bauerman@...ux.ibm.com>
Cc:     zohar@...ux.ibm.com, robh@...nel.org, gregkh@...uxfoundation.org,
        james.morse@....com, catalin.marinas@....com, sashal@...nel.org,
        will@...nel.org, mpe@...erman.id.au, benh@...nel.crashing.org,
        paulus@...ba.org, robh+dt@...nel.org, frowand.list@...il.com,
        vincenzo.frascino@....com, mark.rutland@....com,
        dmitry.kasatkin@...il.com, jmorris@...ei.org, serge@...lyn.com,
        pasha.tatashin@...een.com, allison@...utok.net,
        kstewart@...uxfoundation.org, takahiro.akashi@...aro.org,
        tglx@...utronix.de, masahiroy@...nel.org, bhsharma@...hat.com,
        mbrugger@...e.com, hsinyi@...omium.org, tao.li@...o.com,
        christophe.leroy@....fr, linux-integrity@...r.kernel.org,
        linux-kernel@...r.kernel.org, devicetree@...r.kernel.org,
        prsriva@...ux.microsoft.com, balajib@...ux.microsoft.com
Subject: Re: [PATCH v10 4/8] powerpc: Use ima kexec node functions

On 12/5/20 11:51 AM, Thiago Jung Bauermann wrote:
> 
> Lakshmi Ramasubramanian <nramas@...ux.microsoft.com> writes:
> 
>> do_get_kexec_buffer() and get_addr_size_cells() are called by
>> ima_get_kexec_buffer(), ima_free_kexec_buffer, and remove_ima_buffer()
>> to retrieve the address and size of the buffer used for carrying
>> forward the IMA measurement log across kexec system call. These
>> functions correctly handle a device tree property that is a child node
>> of the root node, but not anything other than the immediate root
>> child nodes.
>>
>> Use the architecture independent functions get_ima_kexec_buffer()
>> and get_root_addr_size_cells() defined in "drivers/of/ima_kexec.c",
> 
> s/ima_kexec.c/kexec.c/
Thanks for catching this. I'll fix it.

> 
>> to get the address and size of the IMA measurement log buffer from
>> the device tree. Remove do_get_kexec_buffer() and get_addr_size_cells()
>> since they are not used anymore.
>>
>> Co-developed-by: Prakhar Srivastava <prsriva@...ux.microsoft.com>
>> Signed-off-by: Prakhar Srivastava <prsriva@...ux.microsoft.com>
>> Signed-off-by: Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
> 
> Looks good. Thanks!
> 
> Reviewed-by: Thiago Jung Bauermann <bauerman@...ux.ibm.com>

Thanks Thiago.

  -lakshmi

>> ---
>>   arch/powerpc/kexec/ima.c | 58 +++++-----------------------------------
>>   1 file changed, 7 insertions(+), 51 deletions(-)
>>
>> diff --git a/arch/powerpc/kexec/ima.c b/arch/powerpc/kexec/ima.c
>> index a36c39db4b1a..906e8212435d 100644
>> --- a/arch/powerpc/kexec/ima.c
>> +++ b/arch/powerpc/kexec/ima.c
>> @@ -13,40 +13,6 @@
>>   #include <linux/libfdt.h>
>>   #include <asm/ima.h>
>>   
>> -static int get_addr_size_cells(int *addr_cells, int *size_cells)
>> -{
>> -	struct device_node *root;
>> -
>> -	root = of_find_node_by_path("/");
>> -	if (!root)
>> -		return -EINVAL;
>> -
>> -	*addr_cells = of_n_addr_cells(root);
>> -	*size_cells = of_n_size_cells(root);
>> -
>> -	of_node_put(root);
>> -
>> -	return 0;
>> -}
>> -
>> -static int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr,
>> -			       size_t *size)
>> -{
>> -	int ret, addr_cells, size_cells;
>> -
>> -	ret = get_addr_size_cells(&addr_cells, &size_cells);
>> -	if (ret)
>> -		return ret;
>> -
>> -	if (len < 4 * (addr_cells + size_cells))
>> -		return -ENOENT;
>> -
>> -	*addr = of_read_number(prop, addr_cells);
>> -	*size = of_read_number(prop + 4 * addr_cells, size_cells);
>> -
>> -	return 0;
>> -}
>> -
>>   /**
>>    * ima_get_kexec_buffer - get IMA buffer from the previous kernel
>>    * @addr:	On successful return, set to point to the buffer contents.
>> @@ -56,16 +22,11 @@ static int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr,
>>    */
>>   int ima_get_kexec_buffer(void **addr, size_t *size)
>>   {
>> -	int ret, len;
>> +	int ret;
>>   	unsigned long tmp_addr;
>>   	size_t tmp_size;
>> -	const void *prop;
>>   
>> -	prop = of_get_property(of_chosen, "linux,ima-kexec-buffer", &len);
>> -	if (!prop)
>> -		return -ENOENT;
>> -
>> -	ret = do_get_kexec_buffer(prop, len, &tmp_addr, &tmp_size);
>> +	ret = get_ima_kexec_buffer(NULL, 0, &tmp_addr, &tmp_size);
>>   	if (ret)
>>   		return ret;
>>   
>> @@ -89,7 +50,7 @@ int ima_free_kexec_buffer(void)
>>   	if (!prop)
>>   		return -ENOENT;
>>   
>> -	ret = do_get_kexec_buffer(prop->value, prop->length, &addr, &size);
>> +	ret = get_ima_kexec_buffer(NULL, 0, &addr, &size);
>>   	if (ret)
>>   		return ret;
>>   
>> @@ -98,7 +59,6 @@ int ima_free_kexec_buffer(void)
>>   		return ret;
>>   
>>   	return memblock_free(addr, size);
>> -
>>   }
>>   
>>   /**
>> @@ -112,19 +72,15 @@ int ima_free_kexec_buffer(void)
>>    */
>>   void remove_ima_buffer(void *fdt, int chosen_node)
>>   {
>> -	int ret, len;
>> +	int ret;
>>   	unsigned long addr;
>>   	size_t size;
>> -	const void *prop;
>>   
>> -	prop = fdt_getprop(fdt, chosen_node, "linux,ima-kexec-buffer", &len);
>> -	if (!prop)
>> +	ret = get_ima_kexec_buffer(fdt, chosen_node, &addr, &size);
>> +	if (ret)
>>   		return;
>>   
>> -	ret = do_get_kexec_buffer(prop, len, &addr, &size);
>>   	fdt_delprop(fdt, chosen_node, "linux,ima-kexec-buffer");
>> -	if (ret)
>> -		return;
>>   
>>   	ret = delete_fdt_mem_rsv(fdt, addr, size);
>>   	if (!ret)
>> @@ -191,7 +147,7 @@ int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
>>   	if (!image->arch.ima_buffer_size)
>>   		return 0;
>>   
>> -	ret = get_addr_size_cells(&addr_cells, &size_cells);
>> +	ret = get_root_addr_size_cells(&addr_cells, &size_cells);
>>   	if (ret)
>>   		return ret;
> 
> 

Powered by blists - more mailing lists