lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Yrwg1aYEnFz38V6+@noodles-fedora.dhcp.thefacebook.com>
Date:   Wed, 29 Jun 2022 09:52:50 +0000
From:   Jonathan McDowell <noodles@...com>
To:     Borislav Petkov <bp@...en8.de>
CC:     kernel test robot <lkp@...el.com>,
        "llvm@...ts.linux.dev" <llvm@...ts.linux.dev>,
        "kbuild-all@...ts.01.org" <kbuild-all@...ts.01.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "x86@...nel.org" <x86@...nel.org>,
        Mimi Zohar <zohar@...ux.ibm.com>, Baoquan He <bhe@...hat.com>,
        "devicetree@...r.kernel.org" <devicetree@...r.kernel.org>,
        "linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
        "kexec@...ts.infradead.org" <kexec@...ts.infradead.org>
Subject: [PATCH] of: Correctly annotate IMA kexec buffer functions

On Wed, Jun 29, 2022 at 10:38:46AM +0200, Borislav Petkov wrote:
> On Wed, Jun 29, 2022 at 10:52:13AM +0800, kernel test robot wrote:
> > tree:   https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86/kdump
> > head:   69243968bd526641e549ed231c750ce92e3eeb35
> > commit: 69243968bd526641e549ed231c750ce92e3eeb35 [1/1] x86/kexec: Carry forward IMA measurement log on kexec
> 
> I've zapped it from tip for the time being.

This turns out to be the old OF code that can now be hit on x86 when
CONFIG_OF=y because it defines HAVE_IMA_KEXEC. I suspect the warning
already exists on ARM64/PowerPC. Fix is to mark those functions up in
the same manner as the new x86 variants.

Below is on top of what was in tip; I can roll a v7 if preferred but
I think seeing the fix on its own is clearer.
---

ima_free_kexec_buffer() calls into memblock_phys_free() so must be
annotated __meminit. Equally ima_kexec_get_buffer() is executed during
__init so can be marked as such. This was already done in the new x86
IMA kexec passing functions but not for the pre-existing OF based
functions.

Signed-off-by: Jonathan McDowell <noodles@...com>
Reported-by: kernel test robot <lkp@...el.com>
---
 drivers/of/kexec.c  | 4 ++--
 include/linux/ima.h | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/of/kexec.c b/drivers/of/kexec.c
index d3ec430fa403..95cd5532b503 100644
--- a/drivers/of/kexec.c
+++ b/drivers/of/kexec.c
@@ -124,7 +124,7 @@ static int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr,
  *
  * Return: 0 on success, negative errno on error.
  */
-int ima_get_kexec_buffer(void **addr, size_t *size)
+int __init ima_get_kexec_buffer(void **addr, size_t *size)
 {
 	int ret, len;
 	unsigned long tmp_addr;
@@ -148,7 +148,7 @@ int ima_get_kexec_buffer(void **addr, size_t *size)
 /**
  * ima_free_kexec_buffer - free memory used by the IMA buffer
  */
-int ima_free_kexec_buffer(void)
+int __meminit ima_free_kexec_buffer(void)
 {
 	int ret;
 	unsigned long addr;
diff --git a/include/linux/ima.h b/include/linux/ima.h
index ff4bd993e432..8d4698e63190 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -141,8 +141,8 @@ static inline int ima_measure_critical_data(const char *event_label,
 #endif /* CONFIG_IMA */
 
 #ifdef CONFIG_HAVE_IMA_KEXEC
-int ima_free_kexec_buffer(void);
-int ima_get_kexec_buffer(void **addr, size_t *size);
+int __meminit ima_free_kexec_buffer(void);
+int __init ima_get_kexec_buffer(void **addr, size_t *size);
 #endif
 
 #ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
-- 
2.36.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ