Re: [PATCH v2 1/3] ima: Add ima_validate_range() for previous kernel IMA buffer

Next message: syzbot: "[syzbot] [bpf?] KMSAN: uninit-value in bpf_prog_test_run_skb"
Previous message: Aaron Yang: "[PATCH v1] mm/damon/pa: initialize 'folio' to NULL to prevent use of uninitialized value"
In reply to: Mimi Zohar: "Re: [PATCH v2 1/3] ima: Add ima_validate_range() for previous kernel IMA buffer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Harshit Mogalapalli

Date: Wed Dec 31 2025 - 01:00:33 EST

Hi Mimi,

On 31/12/25 02:05, Mimi Zohar wrote:

Hi Harshit,

Thanks for reviewing.

The subject line could be written at a higher level. Perhaps base it on the
ima_validate_range() function comment "verify a physical buffer lies in
addressable RAM" (e.g. ima: verify the previous kernel's IMA buffer lies in
addressable RAM).

Sure, will do. Thanks for the suggestion.

Regards,
Harshit

On Mon, 2025-12-29 at 00:15 -0800, Harshit Mogalapalli wrote:

When the second-stage kernel is booted with a limiting command line
(e.g. "mem=<size>"), the IMA measurement buffer handed over from the
previous kernel may fall outside the addressable RAM of the new kernel.
Accessing such a buffer can fault during early restore.

Introduce a small generic helper, ima_validate_range(), which verifies
that a physical [start, end] range for the previous-kernel IMA buffer
lies within addressable memory:
- On x86, use pfn_range_is_mapped().
- On OF based architectures, use page_is_ram().

Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@xxxxxxxxxx>