[PATCH v7 1/7] ima: define and call ima_alloc_kexec_file_buf

steven chen chenste at linux.microsoft.com
Fri Feb 7 19:20:55 UTC 2025 

On 2/6/2025 8:49 AM, Mimi Zohar wrote:
> Thanks, Steven, for picking up and working on Tushar's patch set.
>
> I normally finish reviewing the patch set, before commenting.  In this case, there's
> a generic comment that relates to all of the patches.  It's also a way of letting you
> know that I've started reviewing the patch set.  The remaining comments will come
> after I finish reviewing the patch set.
>
> On Mon, 2025-02-03 at 15:20 -0800, steven chen wrote:
>> Carrying the IMA measurement list across kexec requires allocating a
>> buffer and copying the measurement records.  Separate allocating the
>> buffer and copying the measurement records into separate functions in
>> order to allocate the buffer at kexec 'load' and copy the measurements
>> at kexec 'execute'.
>>
>> This patch includes the following changes:
>>   - Refactor ima_dump_measurement_list() to move the memory allocation
>>     to a separate function ima_alloc_kexec_file_buf() which allocates
>>     buffer of size 'kexec_segment_size' at kexec 'load'.
>>   - Make the local variable ima_kexec_file in ima_dump_measurement_list()
>>     a local static to the file, so that it can be accessed from
>>     ima_alloc_kexec_file_buf(). Compare actual memory required to ensure
>>     there is enough memory for the entire measurement record.
>>   - Copy as many measurement events as possible.
>>   - Make necessary changes to the function ima_add_kexec_buffer() to call
>>     the above two functions.
>>   - Compared the memory size allocated with memory size of the entire
>>     measurement record. If there is not enough memory, it will copy as many
>>     IMA measurement records as possible, and this situation will result
>>     in a failure of remote attestation.
>>
>> Author: Tushar Sugandhi <tusharsu at linux.microsoft.com>
> I understand you want to credit Tushar for the patch, but the mechanism is described
> in Documentation/process/submitting-patches.rst.  Refer to the paragraph on "Co-
> developed-by".  There is no tag named "Author".
>
>> Reviewed-by: Stefan Berger <stefanb at linux.ibm.com>
>> Suggested-by: Mimi Zohar <zohar at linux.ibm.com>
> "Suggested-by" goes before the Signed-off-by tag(s). "Reviewed-by" tag goes after
> your and/or Tushar's Signed-off-tag.
>
>> Signed-off-by: Tushar Sugandhi <tusharsu at linux.microsoft.com>
>> Signed-off-by: steven chen <chenste at linux.microsoft.com>
> Before the "Co-developed-by" tag was defined, it was implied simply by this ordering
> of the "Signed-off-by" tags.
>
> For those patches you didn't modify, simply import Tushar's patch with him as the
> author and add your Signed-off-by tag after his.
>
> thanks,
>
> Mimi

Thanks Mimi, will update it in next release.

More information about the Linux-security-module-archive mailing list