Re: [PATCH v10 1/8] ima: rename variable the ser_file "file" to "ima_kexec_file"
From: steven chen
Date: Fri Mar 21 2025 - 12:18:29 EST
On 3/18/2025 7:43 PM, Baoquan He wrote:
On 03/18/25 at 11:10am, Stefan Berger wrote:
On 3/17/25 9:04 PM, steven chen wrote:
The name of the local variable "file" of type seq_file defined in the
ima_dump_measurement_list function is too generic. To better reflect the
purpose of the variable, rename it to "ima_kexec_file". This change will
help improve code readability and maintainability by making the variable's
role more explicit.
The variable ima_kexec_file is indeed the memory allocated for copying IMA
measurement records. The ima_dump_measurement_list function calculates the
actual memory occupied by the IMA logs and compares it with the allocated
memory. If there is enough memory, it copies all IMA measurement records;
otherwise, it does not copy any records, which would result in a failure
of remote attestation.
Suggested-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
Signed-off-by: steven chen <chenste@xxxxxxxxxxxxxxxxxxx>
---
security/integrity/ima/ima_kexec.c | 39 ++++++++++++++++++------------
1 file changed, 24 insertions(+), 15 deletions(-)
diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
index 9d45f4d26f73..8567619889d1 100644
--- a/security/integrity/ima/ima_kexec.c
+++ b/security/integrity/ima/ima_kexec.c
@@ -15,33 +15,41 @@
#include "ima.h"
#ifdef CONFIG_IMA_KEXEC
+/*
+ * Copy the measurement list to the allocated memory
+ * compare the size of IMA measurement list with the size of the allocated memory
Compare the size of the IMA ... memory.
+ * if the size of the allocated memory is not less than the size of IMA measurement list
+ * copy the measurement list to the allocated memory.
+ * else
+ * return error
If the size of the allocated memory is not less than the size of IMA
measurement list, copy the measurement list to the allocated memory, return
an error otherwise.
Ack the suggested change.
Thanks for the comments.