Re: [PATCH v7 1/7] ima: define and call ima_alloc_kexec_file_buf

From: steven chen
Date: Fri Feb 07 2025 - 14:21:05 EST

Next message: Bowman, Terry: "Re: [PATCH v5 13/16] cxl/pci: Add error handler for CXL PCIe Port RAS errors"
Previous message: Hector Martin: "Re: On community influencing (was Re: [PATCH v8 2/2] rust: add dma coherent allocator abstraction.)"
In reply to: Mimi Zohar: "Re: [PATCH v7 1/7] ima: define and call ima_alloc_kexec_file_buf"
Next in thread: Mimi Zohar: "Re: [PATCH v7 1/7] ima: define and call ima_alloc_kexec_file_buf"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/6/2025 8:49 AM, Mimi Zohar wrote:

Thanks, Steven, for picking up and working on Tushar's patch set.

I normally finish reviewing the patch set, before commenting. In this case, there's
a generic comment that relates to all of the patches. It's also a way of letting you
know that I've started reviewing the patch set. The remaining comments will come
after I finish reviewing the patch set.

On Mon, 2025-02-03 at 15:20 -0800, steven chen wrote:

Carrying the IMA measurement list across kexec requires allocating a
buffer and copying the measurement records. Separate allocating the
buffer and copying the measurement records into separate functions in
order to allocate the buffer at kexec 'load' and copy the measurements
at kexec 'execute'.

This patch includes the following changes:
- Refactor ima_dump_measurement_list() to move the memory allocation
   to a separate function ima_alloc_kexec_file_buf() which allocates
   buffer of size 'kexec_segment_size' at kexec 'load'.
- Make the local variable ima_kexec_file in ima_dump_measurement_list()
   a local static to the file, so that it can be accessed from
   ima_alloc_kexec_file_buf(). Compare actual memory required to ensure
   there is enough memory for the entire measurement record.
- Copy as many measurement events as possible.
- Make necessary changes to the function ima_add_kexec_buffer() to call
   the above two functions.
- Compared the memory size allocated with memory size of the entire
   measurement record. If there is not enough memory, it will copy as many
   IMA measurement records as possible, and this situation will result
   in a failure of remote attestation.

Author: Tushar Sugandhi <tusharsu@xxxxxxxxxxxxxxxxxxx>

I understand you want to credit Tushar for the patch, but the mechanism is described
in Documentation/process/submitting-patches.rst. Refer to the paragraph on "Co-
developed-by". There is no tag named "Author".

Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
Suggested-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>

"Suggested-by" goes before the Signed-off-by tag(s). "Reviewed-by" tag goes after
your and/or Tushar's Signed-off-tag.

Signed-off-by: Tushar Sugandhi <tusharsu@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: steven chen <chenste@xxxxxxxxxxxxxxxxxxx>

Before the "Co-developed-by" tag was defined, it was implied simply by this ordering
of the "Signed-off-by" tags.

For those patches you didn't modify, simply import Tushar's patch with him as the
author and add your Signed-off-by tag after his.

thanks,

Mimi

Thanks Mimi, will update it in next release.

Next message: Bowman, Terry: "Re: [PATCH v5 13/16] cxl/pci: Add error handler for CXL PCIe Port RAS errors"
Previous message: Hector Martin: "Re: On community influencing (was Re: [PATCH v8 2/2] rust: add dma coherent allocator abstraction.)"
In reply to: Mimi Zohar: "Re: [PATCH v7 1/7] ima: define and call ima_alloc_kexec_file_buf"
Next in thread: Mimi Zohar: "Re: [PATCH v7 1/7] ima: define and call ima_alloc_kexec_file_buf"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]