Re: [PATCH v2 1/3] ima: Add ima_validate_range() for previous kernel IMA buffer

Next message: Heinrich Schuchardt: "Re: [PATCH v2 11/13] dt-bindings: riscv: Add Supm extension description"
Previous message: Tomas Borquez: "[PATCH v2 6/6] staging: iio: ad9832: add sysfs documentation"
In reply to: Harshit Mogalapalli: "[PATCH v2 1/3] ima: Add ima_validate_range() for previous kernel IMA buffer"
Next in thread: Harshit Mogalapalli: "Re: [PATCH v2 1/3] ima: Add ima_validate_range() for previous kernel IMA buffer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Mimi Zohar

Date: Tue Dec 30 2025 - 15:36:32 EST

Hi Harshit,

The subject line could be written at a higher level. Perhaps base it on the
ima_validate_range() function comment "verify a physical buffer lies in
addressable RAM" (e.g. ima: verify the previous kernel's IMA buffer lies in
addressable RAM).

On Mon, 2025-12-29 at 00:15 -0800, Harshit Mogalapalli wrote:
> When the second-stage kernel is booted with a limiting command line
> (e.g. "mem=<size>"), the IMA measurement buffer handed over from the
> previous kernel may fall outside the addressable RAM of the new kernel.
> Accessing such a buffer can fault during early restore.
>
> Introduce a small generic helper, ima_validate_range(), which verifies
> that a physical [start, end] range for the previous-kernel IMA buffer
> lies within addressable memory:
> - On x86, use pfn_range_is_mapped().
> - On OF based architectures, use page_is_ram().
>
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@xxxxxxxxxx>

--
thanks,

Mimi