| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6fd5510827a2ebb91aee8c72432e248e967fa5be.camel@linux.ibm.com>
Date: Fri, 07 Feb 2025 14:15:53 -0500
From: Mimi Zohar <zohar@...ux.ibm.com>
To: steven chen <chenste@...ux.microsoft.com>, stefanb@...ux.ibm.com,
roberto.sassu@...weicloud.com, roberto.sassu@...wei.com,
eric.snowberg@...cle.com, ebiederm@...ssion.com, paul@...l-moore.com,
code@...icks.com, bauermann@...abnow.com,
linux-integrity@...r.kernel.org, kexec@...ts.infradead.org,
linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Cc: madvenka@...ux.microsoft.com, nramas@...ux.microsoft.com,
James.Bottomley@...senPartnership.com
Subject: Re: [PATCH v7 2/7] kexec: define functions to map and unmap segments
Hi Steven,
On Mon, 2025-02-03 at 15:20 -0800, steven chen wrote:
> Currently, the mechanism to map and unmap segments to the kimage
> structure is not available to the subsystems outside of kexec. This
> functionality is needed when IMA is allocating the memory segments
> during kexec 'load' operation. Implement functions to map and unmap
> segments to kimage.
>
> Implement kimage_map_segment() to enable mapping of IMA buffer source
> pages to the kimage structure post kexec 'load'. This function,
> accepting a kimage pointer, an address, and a size, will gather the
> source pages within the specified address range, create an array of page
> pointers, and map these to a contiguous virtual address range. The
> function returns the start of this range if successful, or NULL if
> unsuccessful.
>
> Implement kimage_unmap_segment() for unmapping segments
> using vunmap().
>
> From: Tushar Sugandhi <tusharsu@...ux.microsoft.com>
> Author: Tushar Sugandhi <tusharsu@...ux.microsoft.com>
> Reviewed-by: Stefan Berger <stefanb@...ux.ibm.com>
> Reviewed-by: Mimi Zohar <zohar@...ux.ibm.com>
I don't recall previously adding my "Reviewed-by" tag.
Eric, I'd appreciate your reviewing this and the subsequent patch "[PATCH v7 3/7]
ima: kexec: skip IMA segment validation after kexec soft reboot" in particular.
> Signed-off-by: Tushar Sugandhi <tusharsu@...ux.microsoft.com>
> Signed-off-by: steven chen <chenste@...ux.microsoft.com>
> ---
> include/linux/kexec.h | 7 ++++++
> kernel/kexec_core.c | 54 +++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 61 insertions(+)
>
> diff --git a/include/linux/kexec.h b/include/linux/kexec.h
> index f0e9f8eda7a3..f8413ea5c8c8 100644
> --- a/include/linux/kexec.h
> +++ b/include/linux/kexec.h
> @@ -467,6 +467,9 @@ extern bool kexec_file_dbg_print;
> #define kexec_dprintk(fmt, arg...) \
> do { if (kexec_file_dbg_print) pr_info(fmt, ##arg); } while (0)
>
> +extern void *kimage_map_segment(struct kimage *image,
> + unsigned long addr, unsigned long size);
scripts/Checkpatch.pl complains about the parenthesis alignment here and elsewhere.
Mimi
> +extern void kimage_unmap_segment(void *buffer);
> #else /* !CONFIG_KEXEC_CORE */
> struct pt_regs;
> struct task_struct;
> @@ -474,6 +477,10 @@ static inline void __crash_kexec(struct pt_regs *regs) { }
> static inline void crash_kexec(struct pt_regs *regs) { }
> static inline int kexec_should_crash(struct task_struct *p) { return 0; }
> static inline int kexec_crash_loaded(void) { return 0; }
> +static inline void *kimage_map_segment(struct kimage *image,
> + unsigned long addr, unsigned long size)
> +{ return NULL; }
> +static inline void kimage_unmap_segment(void *buffer) { }
> #define kexec_in_progress false
> #endif /* CONFIG_KEXEC_CORE */
>
Powered by blists - more mailing lists