Re: [PATCH v9 1/7] ima: copy only complete measurement records across kexec
From: steven chen
Date: Tue Mar 11 2025 - 19:45:25 EST
On 3/11/2025 5:44 AM, Mimi Zohar wrote:
On Thu, 2025-03-06 at 21:51 -0500, Mimi Zohar wrote:
On Thu, 2025-03-06 at 14:45 -0800, steven chen wrote:
On 3/5/2025 4:27 AM, Mimi Zohar wrote:
On Wed, 2025-03-05 at 20:08 +0800, Baoquan He wrote:
On 03/04/25 at 11:03am, steven chen wrote:
Carrying the IMA measurement list across kexec requires allocating a
buffer and copying the measurement records. Separate allocating the
buffer and copying the measurement records into separate functions in
order to allocate the buffer at kexec 'load' and copy the measurements
at kexec 'execute'.
This patch includes the following changes:
I don't know why one patch need include so many changes. From below log,
it should be split into separate patches. It may not need to make one
patch to reflect one change, we should at least split and wrap several
kind of changes to ease patch understanding and reviewing. My personal
opinion.
Agreed, well explained.
Mimi
- Refactor ima_dump_measurement_list() to move the memory allocation
to a separate function ima_alloc_kexec_file_buf() which allocates
buffer of size 'kexec_segment_size' at kexec 'load'.
- Make the local variable ima_kexec_file in ima_dump_measurement_list()
a local static to the file, so that it can be accessed from
ima_alloc_kexec_file_buf(). Compare actual memory required to ensure
there is enough memory for the entire measurement record.
- Copy only complete measurement records.
- Make necessary changes to the function ima_add_kexec_buffer() to call
the above two functions.
- Compared the memory size allocated with memory size of the entire
measurement record. Copy only complete measurement records if there
is enough memory. If there is not enough memory, it will not copy
any IMA measurement records, and this situation will result in a
failure of remote attestation.
Suggested-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
Signed-off-by: Tushar Sugandhi <tusharsu@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: steven chen <chenste@xxxxxxxxxxxxxxxxxxx>
I will split this patch into the following two patches:
ima: define and call ima_alloc_kexec_file_buf
ima: copy measurement records as much as possible across kexec
Steven, breaking up code into patches is in order to simplify patch review.
This is done by limiting each patch to a single "logical change" [1]. For
example, the change below has nothing to do with "separate allocating the buffer
and copying the measurement records into separate functions".
/* This is an append-only list, no need to hold the RCU read lock */
list_for_each_entry_rcu(qe, &ima_measurements, later, true) {
- if (file.count < file.size) {
+ entry_size += ima_get_binary_runtime_entry_size(qe->entry);
+ if (entry_size <= segment_size) {
khdr.count++;
- ima_measurements_show(&file, qe);
+ ima_measurements_show(&ima_kexec_file, qe);
} else {
ret = -EINVAL;
+ pr_err("IMA log file is too big for Kexec buf\n");
break;
}
}
The original code potentially copied a partial last measurement record, not a
complete measurement record. For ease of review, the above change is fine, but
it needs to be a separate patch.
Patches:
1. ima: copy only complete measurement records across kexec
2. ima: define and call ima_alloc_kexec_file_buf()
Steven,
The alternative would be to revert using ima_get_binary_runtime_entry_size() and
simply use "ima_kexec_file.count < ima_kexec_file.size". Only
ima_kexec_file.size would be initialized in ima_alloc_kexec_buf(). The rest
would remain in ima_dump_measurement_list(). get_binary_runtime_size() wouldn't
need to be made global.
To further simplify the patch review, first define a separate patch to just
rename the seq_file "file" to "ima_kexec_file".
Mimi
Hi Mimi,
I will work on it.
Thanks,
Steven