git.ipfire.org Git - thirdparty/linux.git/commit

author	Steven Chen <chenste@linux.microsoft.com>
	Mon, 21 Apr 2025 22:25:12 +0000 (15:25 -0700)
committer	Mimi Zohar <zohar@linux.ibm.com>
	Tue, 29 Apr 2025 19:54:54 +0000 (15:54 -0400)
commit	9f0ec4b16f2b41d663f688a8012e9e52b2657eba
tree	8ce381ba34327ad60129ed8d738466217340d9fd	tree \| snapshot
parent	f18e502db673c75f762d47101dafcf58f30e2733	commit \| diff

ima: kexec: move IMA log copy from kexec load to execute

The IMA log is currently copied to the new kernel during kexec 'load' using
ima_dump_measurement_list(). However, the IMA measurement list copied at
kexec 'load' may result in loss of IMA measurements records that only
occurred after the kexec 'load'. Move the IMA measurement list log copy
from kexec 'load' to 'execute'

Make the kexec_segment_size variable a local static variable within the
file, so it can be accessed during both kexec 'load' and 'execute'.

Define kexec_post_load() as a wrapper for calling ima_kexec_post_load() and
machine_kexec_post_load(). Replace the existing direct call to
machine_kexec_post_load() with kexec_post_load().

When there is insufficient memory to copy all the measurement logs, copy as
much of the measurement list as possible.

Co-developed-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Signed-off-by: Steven Chen <chenste@linux.microsoft.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com> # ppc64/kvm
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

kernel/kexec_file.c		diff \| blob \| blame \| history
security/integrity/ima/ima_kexec.c		diff \| blob \| blame \| history