On Thu, 2025-03-06 at 14:45 -0800, steven chen wrote:
> On 3/5/2025 4:27 AM, Mimi Zohar wrote:
> > On Wed, 2025-03-05 at 20:08 +0800, Baoquan He wrote:
> > > On 03/04/25 at 11:03am, steven chen wrote:
> > > > Carrying the IMA measurement list across kexec requires allocating a
> > > > buffer and copying the measurement records. Separate allocating the
> > > > buffer and copying the measurement records into separate functions in
> > > > order to allocate the buffer at kexec 'load' and copy the measurements
> > > > at kexec 'execute'.
> > > >
> > > > This patch includes the following changes:
> > > I don't know why one patch need include so many changes. From below log,
> > > it should be split into separate patches. It may not need to make one
> > > patch to reflect one change, we should at least split and wrap several
> > > kind of changes to ease patch understanding and reviewing. My personal
> > > opinion.
> > Agreed, well explained.
> >
> > Mimi
> >
> > > > - Refactor ima_dump_measurement_list() to move the memory allocation
> > > > to a separate function ima_alloc_kexec_file_buf() which allocates
> > > > buffer of size 'kexec_segment_size' at kexec 'load'.
> > > > - Make the local variable ima_kexec_file in ima_dump_measurement_list()
> > > > a local static to the file, so that it can be accessed from
> > > > ima_alloc_kexec_file_buf(). Compare actual memory required to ensure
> > > > there is enough memory for the entire measurement record.
> > > > - Copy only complete measurement records.
> > > > - Make necessary changes to the function ima_add_kexec_buffer() to call
> > > > the above two functions.
> > > > - Compared the memory size allocated with memory size of the entire
> > > > measurement record. Copy only complete measurement records if there
> > > > is enough memory. If there is not enough memory, it will not copy
> > > > any IMA measurement records, and this situation will result in a
> > > > failure of remote attestation.
> > > >
> > > > Suggested-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
> > > > Signed-off-by: Tushar Sugandhi <tusharsu@xxxxxxxxxxxxxxxxxxx>
> > > > Signed-off-by: steven chen <chenste@xxxxxxxxxxxxxxxxxxx>
>
> I will split this patch into the following two patches:
>
> ima: define and call ima_alloc_kexec_file_buf
> ima: copy measurement records as much as possible across kexec
Steven, breaking up code into patches is in order to simplify patch review.
This is done by limiting each patch to a single "logical change" [1]. For
example, the change below has nothing to do with "separate allocating the buffer
and copying the measurement records into separate functions".
/* This is an append-only list, no need to hold the RCU read lock */
list_for_each_entry_rcu(qe, &ima_measurements, later, true) {
- if (file.count < file.size) {
+ entry_size += ima_get_binary_runtime_entry_size(qe->entry);
+ if (entry_size <= segment_size) {
khdr.count++;
- ima_measurements_show(&file, qe);
+ ima_measurements_show(&ima_kexec_file, qe);
} else {
ret = -EINVAL;
+ pr_err("IMA log file is too big for Kexec buf\n");
break;
}
}
The original code potentially copied a partial last measurement record, not a
complete measurement record. For ease of review, the above change is fine, but
it needs to be a separate patch.
Patches:
1. ima: copy only complete measurement records across kexec
2. ima: define and call ima_alloc_kexec_file_buf()
The original code copied as many measurement records as possible. Please do not
change it.
thanks,
Mimi
[1] Refer to the section "Separate your changes" in
https://www.kernel.org/doc/Documentation/process/submitting-patches.rst
