Adding Eric to cc.
On 7/7/23 06:00, Mimi Zohar wrote:
Hi Tushar,
On Mon, 2023-07-03 at 14:57 -0700, Tushar Sugandhi wrote:
IMA does not provide a mechanism to allocate memory for IMA log storage
during kexec operation.
The IMA measurement list is currently being carried across kexec, so
obviously a buffer is being allocated for it. IMA not allocating
memory for the measurment list is not the problem statement. Please
concisely provide the problem statement, explaining why IMA needs to
allocate the buffer.
I meant IMA does not provide separate functions to allocate buffer and
populate measurements. Both operations are wrapped in an atomic
ima_dump_measurement_list().
As I mentioned in the comment in the cover letter, if there is no such
technical limitation to allocate the buffer and copy the measurements at
kexec ‘execute’ – I will make the necessary code changes and update the
above line in the patch description accordingly.
The function should handle the scenario where
the kexec load is called multiple times.
Currently the buffer is being freed with the kexec 'unload'. With this
patch IMA is allocating a buffer for the measurement list, which needs
to be freed independently of the kexec 'unload'.
If we end up allocating the buffer at kexec ‘execute’ (which results in
soft boot to next Kernel) – is it technically possible that
kexec ‘unload’ being called after calling kexec ‘execute’?
If not, should I still free the buffer at kexec ‘unload’ in this
scenario?
~Tushar
Implement a function to allocate buffer of size kexec_segment_size at
kexec load. If the buffer was already allocated, free that buffer and
reallocate. Finally, initialihze ima_khdr struct.
The patch operates under the assumption that the segment size does not
change between kexec load and execute.
Signed-off-by: Tushar Sugandhi <tusharsu@xxxxxxxxxxxxxxxxxxx>