On 02/12/25 at 08:03am, Mimi Zohar wrote: > On Mon, 2025-02-10 at 09:06 -0800, steven chen wrote: > > On 2/7/2025 11:15 AM, Mimi Zohar wrote: > > > Hi Steven, > > > > > > On Mon, 2025-02-03 at 15:20 -0800, steven chen wrote: > > > > Currently, the mechanism to map and unmap segments to the kimage > > > > structure is not available to the subsystems outside of kexec. This > > > > functionality is needed when IMA is allocating the memory segments > > > > during kexec 'load' operation. Implement functions to map and unmap > > > > segments to kimage. > > > > > > > > Implement kimage_map_segment() to enable mapping of IMA buffer source > > > > pages to the kimage structure post kexec 'load'. This function, > > > > accepting a kimage pointer, an address, and a size, will gather the > > > > source pages within the specified address range, create an array of page > > > > pointers, and map these to a contiguous virtual address range. The > > > > function returns the start of this range if successful, or NULL if > > > > unsuccessful. > > > > > > > > Implement kimage_unmap_segment() for unmapping segments > > > > using vunmap(). > > > > > > > > From: Tushar Sugandhi <tusharsu@xxxxxxxxxxxxxxxxxxx> > > > > Author: Tushar Sugandhi <tusharsu@xxxxxxxxxxxxxxxxxxx> > > > > Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx> > > > > Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> > > > I don't recall previously adding my "Reviewed-by" tag. > > > > > > Eric, I'd appreciate your reviewing this and the subsequent patch "[PATCH v7 3/7] > > > ima: kexec: skip IMA segment validation after kexec soft reboot" in particular. > > Hi Eric, Could you help to review this patch as Mimi mentioned? Thanks! > > > > > > > Signed-off-by: Tushar Sugandhi <tusharsu@xxxxxxxxxxxxxxxxxxx> > > Steven, since these patches impact kdump, before re-posting the patch set, please > include the following tags before your Signed-off-by tag on the kexec patches. Thanks, Mimi. Yes, Steven, please add me in CC when reposting. Thanks in advance. I will check this version to see if there's impact on kexec/kdump from my side. And by the way, kdump should not need IMA, it's better be disabled by default. I will have a look and try disabling it in kdump kernel, while really appreciate it if any IMA expert can do it. Thanks Baoquan