[Cc: kexec mailing list] Hi Eric, Dave, On Wed, 2019-06-12 at 15:15 -0700, Prakhar Srivastava wrote: > During soft reboot(kexec_file_load) boot cmdline args > are not measured.Thus the new kernel on load boots with > an assumption of cold reboot. > > This patch makes a call to the ima hook ima_kexec_cmdline, > added in "Define a new IMA hook to measure the boot command > line arguments" > to measure the boot cmdline args into the ima log. > > - call ima_kexec_cmdline from kexec_file_load. > - move the call ima_add_kexec_buffer after the cmdline > args have been measured. > > Signed-off-by: Prakhar Srivastava <prsriva02@xxxxxxxxx> Cc: Eric W. Biederman <ebiederm@xxxxxxxxxxxx> Cc: Dave Young <dyoung@xxxxxxxxxx> Any chance we could get some Acks? thanks, Mimi > --- > kernel/kexec_file.c | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > > diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c > index 072b6ee55e3f..b0c724e5d86c 100644 > --- a/kernel/kexec_file.c > +++ b/kernel/kexec_file.c > @@ -198,9 +198,6 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, > return ret; > image->kernel_buf_len = size; > > - /* IMA needs to pass the measurement list to the next kernel. */ > - ima_add_kexec_buffer(image); > - > /* Call arch image probe handlers */ > ret = arch_kexec_kernel_image_probe(image, image->kernel_buf, > image->kernel_buf_len); > @@ -241,8 +238,14 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, > ret = -EINVAL; > goto out; > } > + > + ima_kexec_cmdline(image->cmdline_buf, > + image->cmdline_buf_len - 1); > } > > + /* IMA needs to pass the measurement list to the next kernel. */ > + ima_add_kexec_buffer(image); > + > /* Call arch image load handlers */ > ldata = arch_kexec_kernel_image_load(image); > _______________________________________________ kexec mailing list kexec@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/kexec