On Wed, 12 Jul 2023 at 03:15, Tushar Sugandhi
<tusharsu@xxxxxxxxxxxxxxxxxxx> wrote:
>
>
> On 7/7/23 01:20, RuiRui Yang wrote:
> > On Tue, 4 Jul 2023 at 05:58, Tushar Sugandhi
> > <tusharsu@xxxxxxxxxxxxxxxxxxx> wrote:
> >> The kexec_file_load syscall is used to load a new kernel for kexec.
> >> The syscall needs to update its function to call ima_kexec_post_load, which
> >> was implemented in a previous patch. ima_kexec_post_load takes care of
> >> mapping the measurement list for the next kernel and registering a reboot
> >> notifier if it's not already registered.
> >>
> >> Modify the kexec_file_load syscall to call ima_kexec_post_load after the
> >> image has been loaded and prepared for kexec. This ensures that the IMA
> >> measurement list will be available to the next kernel after a kexec reboot.
> >> This also ensures the measurements taken in the window between kexec load
> >> and execute are captured and passed to the next kernel.
> >>
> >> Declare the kimage_file_post_load function in the kernel/kexec_internal.h,
> >> so it can be properly used in the syscall.
> >>
> >> Signed-off-by: Tushar Sugandhi <tusharsu@xxxxxxxxxxxxxxxxxxx>
> >> ---
> >> kernel/kexec_file.c | 7 +++++++
> >> kernel/kexec_internal.h | 1 +
> >> 2 files changed, 8 insertions(+)
> >>
> >> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
> >> index f989f5f1933b..efe28e77280c 100644
> >> --- a/kernel/kexec_file.c
> >> +++ b/kernel/kexec_file.c
> >> @@ -184,6 +184,11 @@ kimage_validate_signature(struct kimage *image)
> >> }
> >> #endif
> >>
> >> +void kimage_file_post_load(struct kimage *image)
> >> +{
> >> + ima_kexec_post_load(image);
> >> +}
> >> +
> >> /*
> >> * In file mode list of segments is prepared by kernel. Copy relevant
> >> * data from user space, do error checking, prepare segment list
> >> @@ -399,6 +404,8 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
> >>
> >> kimage_terminate(image);
> >>
> >> + kimage_file_post_load(image);
> > I think it should be only done for the reboot case, please just
> > exclude the kdump case here..
> >
> Thanks for the feedback RuiRui. Appreciate it.
>
> Conceptually I agree with you that this needs to be done only for reboot.
> I need to figure out how to do it implementation wise.
>
> If you can give me pointers/suggestions, that would help.
Hi Tushar,
You can check the flags argument in the function
if (flags & KEXEC_FILE_ON_CRASH) is true then this is a kdump kernel
loading, just skip the kimage_file_post_load in that case?
>
> ~Tushar
> >> +
> >> ret = machine_kexec_post_load(image);
> >> if (ret)
> >> goto out;
> >> diff --git a/kernel/kexec_internal.h b/kernel/kexec_internal.h
> >> index 74da1409cd14..98dd5fcafaf0 100644
> >> --- a/kernel/kexec_internal.h
> >> +++ b/kernel/kexec_internal.h
> >> @@ -30,6 +30,7 @@ static inline void kexec_unlock(void)
> >>
> >> #ifdef CONFIG_KEXEC_FILE
> >> #include <linux/purgatory.h>
> >> +void kimage_file_post_load(struct kimage *image);
> >> void kimage_file_post_load_cleanup(struct kimage *image);
> >> extern char kexec_purgatory[];
> >> extern size_t kexec_purgatory_size;
> >> --
> >> 2.25.1
> >>
> >>
> >> _______________________________________________
> >> kexec mailing list
> >> kexec@xxxxxxxxxxxxxxxxxxx
> >> http://lists.infradead.org/mailman/listinfo/kexec
> >>
>
