On 2/7/2025 11:15 AM, Mimi Zohar wrote:
Hi Steven,
On Mon, 2025-02-03 at 15:20 -0800, steven chen wrote:
Currently, the mechanism to map and unmap segments to the kimage
structure is not available to the subsystems outside of kexec. This
functionality is needed when IMA is allocating the memory segments
during kexec 'load' operation. Implement functions to map and unmap
segments to kimage.
Implement kimage_map_segment() to enable mapping of IMA buffer source
pages to the kimage structure post kexec 'load'. This function,
accepting a kimage pointer, an address, and a size, will gather the
source pages within the specified address range, create an array of page
pointers, and map these to a contiguous virtual address range. The
function returns the start of this range if successful, or NULL if
unsuccessful.
Implement kimage_unmap_segment() for unmapping segments
using vunmap().
From: Tushar Sugandhi <tusharsu@xxxxxxxxxxxxxxxxxxx>
Author: Tushar Sugandhi <tusharsu@xxxxxxxxxxxxxxxxxxx>
Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
I don't recall previously adding my "Reviewed-by" tag.
Eric, I'd appreciate your reviewing this and the subsequent patch "[PATCH v7 3/7]
ima: kexec: skip IMA segment validation after kexec soft reboot" in particular.
Hi Eric, Could you help to review this patch as Mimi mentioned? Thanks!
Signed-off-by: Tushar Sugandhi <tusharsu@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: steven chen <chenste@xxxxxxxxxxxxxxxxxxx>
---
include/linux/kexec.h | 7 ++++++
kernel/kexec_core.c | 54 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 61 insertions(+)
diff --git a/include/linux/kexec.h b/include/linux/kexec.h
index f0e9f8eda7a3..f8413ea5c8c8 100644
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@@ -467,6 +467,9 @@ extern bool kexec_file_dbg_print;
#define kexec_dprintk(fmt, arg...) \
do { if (kexec_file_dbg_print) pr_info(fmt, ##arg); } while (0)
+extern void *kimage_map_segment(struct kimage *image,
+ unsigned long addr, unsigned long size);
scripts/Checkpatch.pl complains about the parenthesis alignment here and elsewhere.
Mimi
+extern void kimage_unmap_segment(void *buffer);
#else /* !CONFIG_KEXEC_CORE */
struct pt_regs;
struct task_struct;
@@ -474,6 +477,10 @@ static inline void __crash_kexec(struct pt_regs *regs) { }
static inline void crash_kexec(struct pt_regs *regs) { }
static inline int kexec_should_crash(struct task_struct *p) { return 0; }
static inline int kexec_crash_loaded(void) { return 0; }
+static inline void *kimage_map_segment(struct kimage *image,
+ unsigned long addr, unsigned long size)
+{ return NULL; }
+static inline void kimage_unmap_segment(void *buffer) { }
#define kexec_in_progress false
#endif /* CONFIG_KEXEC_CORE */
Thanks, Mimi, I will update in next version
