diff options
| author | Steven Chen <chenste@linux.microsoft.com> | 2025-04-22 01:25:08 +0300 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.ibm.com> | 2025-04-29 22:54:53 +0300 |
| commit | c95e1acb6d7f00efab73e41b31e0560751e3f469 (patch) | |
| tree | d7959774036f09e94f1bae218deeadf31ecdf1d0 /scripts/lib/kdoc/kdoc_files.py | |
| parent | cb5052282c65dc998d12e4eea8d5133249826c13 (diff) | |
| download | linux-c95e1acb6d7f00efab73e41b31e0560751e3f469.tar.xz | |
ima: define and call ima_alloc_kexec_file_buf()
In the current implementation, the ima_dump_measurement_list() API is
called during the kexec "load" phase, where a buffer is allocated and
the measurement records are copied. Due to this, new events added after
kexec load but before kexec execute are not carried over to the new kernel
during kexec operation
Carrying the IMA measurement list across kexec requires allocating a
buffer and copying the measurement records. Separate allocating the
buffer and copying the measurement records into separate functions in
order to allocate the buffer at kexec 'load' and copy the measurements
at kexec 'execute'.
After moving the vfree() here at this stage in the patch set, the IMA
measurement list fails to verify when doing two consecutive "kexec -s -l"
with/without a "kexec -s -u" in between. Only after "ima: kexec: move
IMA log copy from kexec load to execute" the IMA measurement list verifies
properly with the vfree() here.
Co-developed-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
Signed-off-by: Steven Chen <chenste@linux.microsoft.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Acked-by: Baoquan He <bhe@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com> # ppc64/kvm
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'scripts/lib/kdoc/kdoc_files.py')
0 files changed, 0 insertions, 0 deletions