Re: [PATCH v5 12/13] ima: Return error on deleting measurements already copied during kexec

Next message: Bryan O'Donoghue: "Re: [PATCH 5/6] media: qcom: camss: enable vfe for Glymur"
Previous message: Ulf Hansson: "Re: [PATCH v2] mmc: sdhci: add signal voltage switch in sdhci_resume_host"
In reply to: Mimi Zohar: "Re: [PATCH v5 12/13] ima: Return error on deleting measurements already copied during kexec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Roberto Sassu

Date: Fri May 29 2026 - 11:09:33 EST

On Tue, 2026-05-26 at 10:02 -0400, Mimi Zohar wrote:
> On Wed, 2026-04-29 at 18:03 +0200, Roberto Sassu wrote:
> > From: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
> >
> > Refuse to delete staged or active list measurements, if a kexec racing with
> > the deletion already copied those measurements in the kexec buffer. In this
> > way, user space becomes aware that those measurements are going to appear
> > in the secondary kernel, and thus they don't have to be saved twice.
>
> There are two reboot notifiers: one to prevent additional measurements extending
> the TPM, while the other copies the measurements for kexec. This patch prevents
> deleting the staged measurements after the latter notifier.
>
> Instead of introducing a specific method for detecting whether the measurement
> list has been copied, rely on one of the two existing reboot notifiers. The
> simplest method would test "ima_measurements_suspended", which would prevent
> deleting the staged measurements a bit earlier.

Testing that the reboot notifier fired (with the
ima_measurements_suspended variable) is not enough to know whether the
measurements dump took place or not.

We need a flag (one is enough) protected by ima_extend_list_mutex, so
that we know reliably which event occurred first, or the dump or the
staging/delete (which are also protected by ima_extend_list_mutex).

Roberto