lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <f9652da1-78a5-443c-9893-41d76007a974@linux.ibm.com>
Date: Tue, 29 Apr 2025 15:06:40 -0400
From: Stefan Berger <stefanb@...ux.ibm.com>
To: steven chen <chenste@...ux.microsoft.com>, zohar@...ux.ibm.com,
        roberto.sassu@...weicloud.com, roberto.sassu@...wei.com,
        eric.snowberg@...cle.com, ebiederm@...ssion.com, paul@...l-moore.com,
        code@...icks.com, bauermann@...abnow.com,
        linux-integrity@...r.kernel.org, kexec@...ts.infradead.org,
        linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Cc: madvenka@...ux.microsoft.com, nramas@...ux.microsoft.com,
        James.Bottomley@...senPartnership.com, bhe@...hat.com,
        vgoyal@...hat.com, dyoung@...hat.com
Subject: Re: [PATCH v13 8/9] ima: make the kexec extra memory configurable



On 4/21/25 6:25 PM, steven chen wrote:
> From: Steven Chen <chenste@...ux.microsoft.com>
> 
> The extra memory allocated for carrying the IMA measurement list across
> kexec is hard-coded as half a PAGE.  Make it configurable.
> 
> Define a Kconfig option, IMA_KEXEC_EXTRA_MEMORY_KB, to configure the
> extra memory (in kb) to be allocated for IMA measurements added during
> kexec soft reboot.  Ensure the default value of the option is set such
> that extra half a page of memory for additional measurements is allocated
> for the additional measurements.
> 
> Update ima_add_kexec_buffer() function to allocate memory based on the
> Kconfig option value, rather than the currently hard-coded one.
> 
> Suggested-by: Stefan Berger <stefanb@...ux.ibm.com>
> Co-developed-by: Tushar Sugandhi <tusharsu@...ux.microsoft.com>
> Signed-off-by: Tushar Sugandhi <tusharsu@...ux.microsoft.com>
> Signed-off-by: Steven Chen <chenste@...ux.microsoft.com>
> Reviewed-by: Stefan Berger <stefanb@...ux.ibm.com>
> Reviewed-by: Mimi Zohar <zohar@...ux.ibm.com>
> Acked-by: Baoquan He <bhe@...hat.com>
> ---
>   security/integrity/ima/Kconfig     | 11 +++++++++++
>   security/integrity/ima/ima_kexec.c | 16 +++++++++++-----
>   2 files changed, 22 insertions(+), 5 deletions(-)
> 
> diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
> index 475c32615006..976e75f9b9ba 100644
> --- a/security/integrity/ima/Kconfig
> +++ b/security/integrity/ima/Kconfig
> @@ -321,4 +321,15 @@ config IMA_DISABLE_HTABLE
>   	help
>   	   This option disables htable to allow measurement of duplicate records.
>   
> +config IMA_KEXEC_EXTRA_MEMORY_KB
> +	int "Extra memory for IMA measurements added during kexec soft reboot"
> +	range 0 40
> +	depends on IMA_KEXEC
> +	default 0
> +	help
> +	  IMA_KEXEC_EXTRA_MEMORY_KB determines the extra memory to be
> +	  allocated (in kb) for IMA measurements added during kexec soft reboot.
> +	  If set to the default value of 0, an extra half page of memory for those
> +	  additional measurements will be allocated.

If you have an IMA policy taking quite a few measurements and you are 
fast after reboot to log in to initiate the 'kexec load' (While system 
is still starting up), the system may end up with loss of measurements 
very easily if the default is 0 and pages are small. -> Set the default 
to the max? Also, would we expect distros to all go through the new 
config option and choose 40 or will they likely leave it at 0?

> +
>   endif
> diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
> index ed867734ee70..d1c9d369ba08 100644
> --- a/security/integrity/ima/ima_kexec.c
> +++ b/security/integrity/ima/ima_kexec.c
> @@ -118,6 +118,7 @@ void ima_add_kexec_buffer(struct kimage *image)
>   				  .buf_min = 0, .buf_max = ULONG_MAX,
>   				  .top_down = true };
>   	unsigned long binary_runtime_size;
> +	unsigned long extra_memory;
>   
>   	/* use more understandable variable names than defined in kbuf */
>   	size_t kexec_buffer_size = 0;
> @@ -125,15 +126,20 @@ void ima_add_kexec_buffer(struct kimage *image)
>   	int ret;
>   
>   	/*
> -	 * Reserve an extra half page of memory for additional measurements
> -	 * added during the kexec load.
> +	 * Reserve extra memory for measurements added during kexec.
>   	 */
> -	binary_runtime_size = ima_get_binary_runtime_size();
> +	if (CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB <= 0)
> +		extra_memory = PAGE_SIZE / 2;
> +	else
> +		extra_memory = CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB * 1024;
> +
> +	binary_runtime_size = ima_get_binary_runtime_size() + extra_memory;
> +
>   	if (binary_runtime_size >= ULONG_MAX - PAGE_SIZE)
>   		kexec_segment_size = ULONG_MAX;
>   	else
> -		kexec_segment_size = ALIGN(ima_get_binary_runtime_size() +
> -					   PAGE_SIZE / 2, PAGE_SIZE);
> +		kexec_segment_size = ALIGN(binary_runtime_size, PAGE_SIZE);
> +
>   	if ((kexec_segment_size == ULONG_MAX) ||
>   	    ((kexec_segment_size >> PAGE_SHIFT) > totalram_pages() / 2)) {
>   		pr_err("Binary measurement list too large.\n");

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ