> --- a/security/integrity/ima/ima_kexec.c
> +++ b/security/integrity/ima/ima_kexec.c
> @@ -121,6 +121,7 @@ void ima_add_kexec_buffer(struct kimage *image)
> .buf_min = 0, .buf_max = ULONG_MAX,
> .top_down = true };
> unsigned long binary_runtime_size;
> + unsigned long extra_size;
>
> /* use more understandable variable names than defined in kbuf */
> void *kexec_buffer = NULL;
> @@ -128,15 +129,19 @@ void ima_add_kexec_buffer(struct kimage *image)
> int ret;
>
> /*
> - * Reserve an extra half page of memory for additional measurements
> - * added during the kexec load.
> + * Reserve extra memory for measurements added during kexec.
> */
The memory is still being allocated at kexec "load", so the extra memory is for
additional measurement records "since" kexec load.
Mimi
> - binary_runtime_size = ima_get_binary_runtime_size();
> + if (CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB <= 0)
> + extra_size = PAGE_SIZE / 2;
> + else
> + extra_size = CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB * 1024;
> + binary_runtime_size = ima_get_binary_runtime_size() + extra_size;
> +
> if (binary_runtime_size >= ULONG_MAX - PAGE_SIZE)
> kexec_segment_size = ULONG_MAX;
> else
> - kexec_segment_size = ALIGN(ima_get_binary_runtime_size() +
> - PAGE_SIZE / 2, PAGE_SIZE);
> + kexec_segment_size = ALIGN(binary_runtime_size, PAGE_SIZE);
> +
> if ((kexec_segment_size == ULONG_MAX) ||
> ((kexec_segment_size >> PAGE_SHIFT) > totalram_pages() / 2)) {
> pr_err("Binary measurement list too large.\n");
_______________________________________________
kexec mailing list
kexec@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/kexec
