On Wed, Dec 22, 2021 at 05:13:56PM -0500, Mimi Zohar wrote:
> Hi Bruno,
>
> On Wed, 2021-12-22 at 16:16 -0300, Bruno Meneguele wrote:
> > The measurement list is dumped during a soft reset (kexec) through the call
> > to "print_hex_dump(KERN_DEBUG, ...)", which ignores the DEBUG build flag.
> > Instead, use "print_hex_dump_debug(...)", honoring the build flag.
> >
> > Signed-off-by: Bruno Meneguele <bmeneg@xxxxxxxxxx>
>
> The patch description needs to at least explain why using
> print_hex_dump() isn't sufficent. Look at how print_hex_dump() is
> defined. Based on whether CONFIG_DYNAMIC_DEBUG is enabled, different
> functions are used.
Sending the v2 in a sec :)
Thanks Mimi
>
> Mimi
>
> > ---
> > security/integrity/ima/ima_kexec.c | 6 +++---
> > 1 file changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
> > index f799cc278a9a..13753136f03f 100644
> > --- a/security/integrity/ima/ima_kexec.c
> > +++ b/security/integrity/ima/ima_kexec.c
> > @@ -61,9 +61,9 @@ static int ima_dump_measurement_list(unsigned long *buffer_size, void **buffer,
> > }
> > memcpy(file.buf, &khdr, sizeof(khdr));
> >
> > - print_hex_dump(KERN_DEBUG, "ima dump: ", DUMP_PREFIX_NONE,
> > - 16, 1, file.buf,
> > - file.count < 100 ? file.count : 100, true);
> > + print_hex_dump_debug("ima dump: ", DUMP_PREFIX_NONE, 16, 1,
> > + file.buf, file.count < 100 ? file.count : 100,
> > + true);
> >
> > *buffer_size = file.count;
> > *buffer = file.buf;
>
>
--
bmeneg
PGP Key: http://bmeneg.com/pubkey.txt
Attachment:
signature.asc
Description: PGP signature
