| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9dd19d7824aad9be423d8ef57cbfc7b0faf689d5.camel@linux.ibm.com>
Date: Fri, 07 Feb 2025 14:36:49 -0500
From: Mimi Zohar <zohar@...ux.ibm.com>
To: steven chen <chenste@...ux.microsoft.com>, stefanb@...ux.ibm.com,
roberto.sassu@...weicloud.com, roberto.sassu@...wei.com,
eric.snowberg@...cle.com, ebiederm@...ssion.com, paul@...l-moore.com,
code@...icks.com, bauermann@...abnow.com,
linux-integrity@...r.kernel.org, kexec@...ts.infradead.org,
linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Cc: madvenka@...ux.microsoft.com, nramas@...ux.microsoft.com,
James.Bottomley@...senPartnership.com
Subject: Re: [PATCH v7 1/7] ima: define and call ima_alloc_kexec_file_buf
On Thu, 2025-02-06 at 11:49 -0500, Mimi Zohar wrote:
> Thanks, Steven, for picking up and working on Tushar's patch set.
>
> I normally finish reviewing the patch set, before commenting. In this case,
> there's
> a generic comment that relates to all of the patches. It's also a way of letting
> you
> know that I've started reviewing the patch set. The remaining comments will come
> after I finish reviewing the patch set.
>
> On Mon, 2025-02-03 at 15:20 -0800, steven chen wrote:
> > Carrying the IMA measurement list across kexec requires allocating a
> > buffer and copying the measurement records. Separate allocating the
> > buffer and copying the measurement records into separate functions in
> > order to allocate the buffer at kexec 'load' and copy the measurements
> > at kexec 'execute'.
> >
> > This patch includes the following changes:
> > - Refactor ima_dump_measurement_list() to move the memory allocation
> > to a separate function ima_alloc_kexec_file_buf() which allocates
> > buffer of size 'kexec_segment_size' at kexec 'load'.
> > - Make the local variable ima_kexec_file in ima_dump_measurement_list()
> > a local static to the file, so that it can be accessed from
> > ima_alloc_kexec_file_buf(). Compare actual memory required to ensure
> > there is enough memory for the entire measurement record.
> > - Copy as many measurement events as possible.
> > - Make necessary changes to the function ima_add_kexec_buffer() to call
> > the above two functions.
> > - Compared the memory size allocated with memory size of the entire
> > measurement record. If there is not enough memory, it will copy as many
> > IMA measurement records as possible, and this situation will result
> > in a failure of remote attestation.
> >
> > Author: Tushar Sugandhi <tusharsu@...ux.microsoft.com>
>
> I understand you want to credit Tushar for the patch, but the mechanism is
> described
> in Documentation/process/submitting-patches.rst. Refer to the paragraph on "Co-
> developed-by". There is no tag named "Author".
>
> > Reviewed-by: Stefan Berger <stefanb@...ux.ibm.com>
> > Suggested-by: Mimi Zohar <zohar@...ux.ibm.com>
>
> "Suggested-by" goes before the Signed-off-by tag(s). "Reviewed-by" tag goes after
> your and/or Tushar's Signed-off-tag.
>
> > Signed-off-by: Tushar Sugandhi <tusharsu@...ux.microsoft.com>
> > Signed-off-by: steven chen <chenste@...ux.microsoft.com>
>
> Before the "Co-developed-by" tag was defined, it was implied simply by this
> ordering
> of the "Signed-off-by" tags.
>
> For those patches you didn't modify, simply import Tushar's patch with him as the
> author and add your Signed-off-by tag after his.
Thanks, Steven. The patch set at this point is bi-sect safe. The are just a few
formatting cleanups based on "scripts/checkpatch --strict --codespell". Before re-
posting, please re-base on the next-integrity branch and address the missing
"kexec_execute" critical data.
Eric is the kexec maintainer so we need his Ack.
thanks,
Mimi
Powered by blists - more mailing lists