On 03/18/25 at 11:10am, Stefan Berger wrote: > > > On 3/17/25 9:04 PM, steven chen wrote: > > The name of the local variable "file" of type seq_file defined in the > > ima_dump_measurement_list function is too generic. To better reflect the > > purpose of the variable, rename it to "ima_kexec_file". This change will > > help improve code readability and maintainability by making the variable's > > role more explicit. > > > > The variable ima_kexec_file is indeed the memory allocated for copying IMA > > measurement records. The ima_dump_measurement_list function calculates the > > actual memory occupied by the IMA logs and compares it with the allocated > > memory. If there is enough memory, it copies all IMA measurement records; > > otherwise, it does not copy any records, which would result in a failure > > of remote attestation. > > > > Suggested-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> > > Signed-off-by: steven chen <chenste@xxxxxxxxxxxxxxxxxxx> > > > > --- > > security/integrity/ima/ima_kexec.c | 39 ++++++++++++++++++------------ > > 1 file changed, 24 insertions(+), 15 deletions(-) > > > > diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c > > index 9d45f4d26f73..8567619889d1 100644 > > --- a/security/integrity/ima/ima_kexec.c > > +++ b/security/integrity/ima/ima_kexec.c > > @@ -15,33 +15,41 @@ > > #include "ima.h" > > #ifdef CONFIG_IMA_KEXEC > > +/* > > + * Copy the measurement list to the allocated memory > > + * compare the size of IMA measurement list with the size of the allocated memory > > Compare the size of the IMA ... memory. > > > > + * if the size of the allocated memory is not less than the size of IMA measurement list > > + * copy the measurement list to the allocated memory. > > + * else > > + * return error > > If the size of the allocated memory is not less than the size of IMA > measurement list, copy the measurement list to the allocated memory, return > an error otherwise. Ack the suggested change.
