diff mbox series

[10/10] kexec: update kexec_file_load syscall to call ima_kexec_post_load

Message ID 20230703215709.1195644-11-tusharsu@linux.microsoft.com (mailing list archive)
State New, archived
Headers show
Series ima: measure events between kexec load and execute | expand

Commit Message

Tushar Sugandhi July 3, 2023, 9:57 p.m. UTC 
The kexec_file_load syscall is used to load a new kernel for kexec.
The syscall needs to update its function to call ima_kexec_post_load, which
was implemented in a previous patch.  ima_kexec_post_load takes care of
mapping the measurement list for the next kernel and registering a reboot
notifier if it's not already registered.

Modify the kexec_file_load syscall to call ima_kexec_post_load after the
image has been loaded and prepared for kexec.  This ensures that the IMA
measurement list will be available to the next kernel after a kexec reboot.
This also ensures the measurements taken in the window between kexec load
and execute are captured and passed to the next kernel. 

Declare the kimage_file_post_load function in the kernel/kexec_internal.h, 
so it can be properly used in the syscall.

Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
---
 kernel/kexec_file.c     | 7 +++++++
 kernel/kexec_internal.h | 1 +
 2 files changed, 8 insertions(+)

Comments

RuiRui Yang July 7, 2023, 8:20 a.m. UTC | #1 
On Tue, 4 Jul 2023 at 05:58, Tushar Sugandhi
<tusharsu@linux.microsoft.com> wrote:
>
> The kexec_file_load syscall is used to load a new kernel for kexec.
> The syscall needs to update its function to call ima_kexec_post_load, which
> was implemented in a previous patch.  ima_kexec_post_load takes care of
> mapping the measurement list for the next kernel and registering a reboot
> notifier if it's not already registered.
>
> Modify the kexec_file_load syscall to call ima_kexec_post_load after the
> image has been loaded and prepared for kexec.  This ensures that the IMA
> measurement list will be available to the next kernel after a kexec reboot.
> This also ensures the measurements taken in the window between kexec load
> and execute are captured and passed to the next kernel.
>
> Declare the kimage_file_post_load function in the kernel/kexec_internal.h,
> so it can be properly used in the syscall.
>
> Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
> ---
>  kernel/kexec_file.c     | 7 +++++++
>  kernel/kexec_internal.h | 1 +
>  2 files changed, 8 insertions(+)
>
> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
> index f989f5f1933b..efe28e77280c 100644
> --- a/kernel/kexec_file.c
> +++ b/kernel/kexec_file.c
> @@ -184,6 +184,11 @@ kimage_validate_signature(struct kimage *image)
>  }
>  #endif
>
> +void kimage_file_post_load(struct kimage *image)
> +{
> +       ima_kexec_post_load(image);
> +}
> +
>  /*
>   * In file mode list of segments is prepared by kernel. Copy relevant
>   * data from user space, do error checking, prepare segment list
> @@ -399,6 +404,8 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
>
>         kimage_terminate(image);
>
> +       kimage_file_post_load(image);

I think it should be only done for the reboot case,  please just
exclude the kdump case here..

> +
>         ret = machine_kexec_post_load(image);
>         if (ret)
>                 goto out;
> diff --git a/kernel/kexec_internal.h b/kernel/kexec_internal.h
> index 74da1409cd14..98dd5fcafaf0 100644
> --- a/kernel/kexec_internal.h
> +++ b/kernel/kexec_internal.h
> @@ -30,6 +30,7 @@ static inline void kexec_unlock(void)
>
>  #ifdef CONFIG_KEXEC_FILE
>  #include <linux/purgatory.h>
> +void kimage_file_post_load(struct kimage *image);
>  void kimage_file_post_load_cleanup(struct kimage *image);
>  extern char kexec_purgatory[];
>  extern size_t kexec_purgatory_size;
> --
> 2.25.1
>
>
> _______________________________________________
> kexec mailing list
> kexec@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/kexec
>
Tushar Sugandhi July 11, 2023, 7:14 p.m. UTC | #2 
On 7/7/23 01:20, RuiRui Yang wrote:
> On Tue, 4 Jul 2023 at 05:58, Tushar Sugandhi
> <tusharsu@linux.microsoft.com> wrote:
>> The kexec_file_load syscall is used to load a new kernel for kexec.
>> The syscall needs to update its function to call ima_kexec_post_load, which
>> was implemented in a previous patch.  ima_kexec_post_load takes care of
>> mapping the measurement list for the next kernel and registering a reboot
>> notifier if it's not already registered.
>>
>> Modify the kexec_file_load syscall to call ima_kexec_post_load after the
>> image has been loaded and prepared for kexec.  This ensures that the IMA
>> measurement list will be available to the next kernel after a kexec reboot.
>> This also ensures the measurements taken in the window between kexec load
>> and execute are captured and passed to the next kernel.
>>
>> Declare the kimage_file_post_load function in the kernel/kexec_internal.h,
>> so it can be properly used in the syscall.
>>
>> Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
>> ---
>>   kernel/kexec_file.c     | 7 +++++++
>>   kernel/kexec_internal.h | 1 +
>>   2 files changed, 8 insertions(+)
>>
>> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
>> index f989f5f1933b..efe28e77280c 100644
>> --- a/kernel/kexec_file.c
>> +++ b/kernel/kexec_file.c
>> @@ -184,6 +184,11 @@ kimage_validate_signature(struct kimage *image)
>>   }
>>   #endif
>>
>> +void kimage_file_post_load(struct kimage *image)
>> +{
>> +       ima_kexec_post_load(image);
>> +}
>> +
>>   /*
>>    * In file mode list of segments is prepared by kernel. Copy relevant
>>    * data from user space, do error checking, prepare segment list
>> @@ -399,6 +404,8 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
>>
>>          kimage_terminate(image);
>>
>> +       kimage_file_post_load(image);
> I think it should be only done for the reboot case,  please just
> exclude the kdump case here..
>
Thanks for the feedback RuiRui.  Appreciate it.

Conceptually I agree with you that this needs to be done only for reboot.
I need to figure out how to do it implementation wise.

If you can give me pointers/suggestions, that would help.

~Tushar
>> +
>>          ret = machine_kexec_post_load(image);
>>          if (ret)
>>                  goto out;
>> diff --git a/kernel/kexec_internal.h b/kernel/kexec_internal.h
>> index 74da1409cd14..98dd5fcafaf0 100644
>> --- a/kernel/kexec_internal.h
>> +++ b/kernel/kexec_internal.h
>> @@ -30,6 +30,7 @@ static inline void kexec_unlock(void)
>>
>>   #ifdef CONFIG_KEXEC_FILE
>>   #include <linux/purgatory.h>
>> +void kimage_file_post_load(struct kimage *image);
>>   void kimage_file_post_load_cleanup(struct kimage *image);
>>   extern char kexec_purgatory[];
>>   extern size_t kexec_purgatory_size;
>> --
>> 2.25.1
>>
>>
>> _______________________________________________
>> kexec mailing list
>> kexec@lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/kexec
>>
RuiRui Yang July 12, 2023, 1:28 a.m. UTC | #3 
On Wed, 12 Jul 2023 at 03:15, Tushar Sugandhi
<tusharsu@linux.microsoft.com> wrote:
>
>
> On 7/7/23 01:20, RuiRui Yang wrote:
> > On Tue, 4 Jul 2023 at 05:58, Tushar Sugandhi
> > <tusharsu@linux.microsoft.com> wrote:
> >> The kexec_file_load syscall is used to load a new kernel for kexec.
> >> The syscall needs to update its function to call ima_kexec_post_load, which
> >> was implemented in a previous patch.  ima_kexec_post_load takes care of
> >> mapping the measurement list for the next kernel and registering a reboot
> >> notifier if it's not already registered.
> >>
> >> Modify the kexec_file_load syscall to call ima_kexec_post_load after the
> >> image has been loaded and prepared for kexec.  This ensures that the IMA
> >> measurement list will be available to the next kernel after a kexec reboot.
> >> This also ensures the measurements taken in the window between kexec load
> >> and execute are captured and passed to the next kernel.
> >>
> >> Declare the kimage_file_post_load function in the kernel/kexec_internal.h,
> >> so it can be properly used in the syscall.
> >>
> >> Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
> >> ---
> >>   kernel/kexec_file.c     | 7 +++++++
> >>   kernel/kexec_internal.h | 1 +
> >>   2 files changed, 8 insertions(+)
> >>
> >> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
> >> index f989f5f1933b..efe28e77280c 100644
> >> --- a/kernel/kexec_file.c
> >> +++ b/kernel/kexec_file.c
> >> @@ -184,6 +184,11 @@ kimage_validate_signature(struct kimage *image)
> >>   }
> >>   #endif
> >>
> >> +void kimage_file_post_load(struct kimage *image)
> >> +{
> >> +       ima_kexec_post_load(image);
> >> +}
> >> +
> >>   /*
> >>    * In file mode list of segments is prepared by kernel. Copy relevant
> >>    * data from user space, do error checking, prepare segment list
> >> @@ -399,6 +404,8 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
> >>
> >>          kimage_terminate(image);
> >>
> >> +       kimage_file_post_load(image);
> > I think it should be only done for the reboot case,  please just
> > exclude the kdump case here..
> >
> Thanks for the feedback RuiRui.  Appreciate it.
>
> Conceptually I agree with you that this needs to be done only for reboot.
> I need to figure out how to do it implementation wise.
>
> If you can give me pointers/suggestions, that would help.

Hi Tushar,

You can check the flags argument in the function
if (flags & KEXEC_FILE_ON_CRASH) is true then this is a kdump kernel
loading, just skip the kimage_file_post_load in that case?

>
> ~Tushar
> >> +
> >>          ret = machine_kexec_post_load(image);
> >>          if (ret)
> >>                  goto out;
> >> diff --git a/kernel/kexec_internal.h b/kernel/kexec_internal.h
> >> index 74da1409cd14..98dd5fcafaf0 100644
> >> --- a/kernel/kexec_internal.h
> >> +++ b/kernel/kexec_internal.h
> >> @@ -30,6 +30,7 @@ static inline void kexec_unlock(void)
> >>
> >>   #ifdef CONFIG_KEXEC_FILE
> >>   #include <linux/purgatory.h>
> >> +void kimage_file_post_load(struct kimage *image);
> >>   void kimage_file_post_load_cleanup(struct kimage *image);
> >>   extern char kexec_purgatory[];
> >>   extern size_t kexec_purgatory_size;
> >> --
> >> 2.25.1
> >>
> >>
> >> _______________________________________________
> >> kexec mailing list
> >> kexec@lists.infradead.org
> >> http://lists.infradead.org/mailman/listinfo/kexec
> >>
>
Tushar Sugandhi July 12, 2023, 7:30 p.m. UTC | #4 
On 7/11/23 18:28, RuiRui Yang wrote:
> On Wed, 12 Jul 2023 at 03:15, Tushar Sugandhi
> <tusharsu@linux.microsoft.com> wrote:
>>
>> On 7/7/23 01:20, RuiRui Yang wrote:
>>> On Tue, 4 Jul 2023 at 05:58, Tushar Sugandhi
>>> <tusharsu@linux.microsoft.com> wrote:
>>>> The kexec_file_load syscall is used to load a new kernel for kexec.
>>>> The syscall needs to update its function to call ima_kexec_post_load, which
>>>> was implemented in a previous patch.  ima_kexec_post_load takes care of
>>>> mapping the measurement list for the next kernel and registering a reboot
>>>> notifier if it's not already registered.
>>>>
>>>> Modify the kexec_file_load syscall to call ima_kexec_post_load after the
>>>> image has been loaded and prepared for kexec.  This ensures that the IMA
>>>> measurement list will be available to the next kernel after a kexec reboot.
>>>> This also ensures the measurements taken in the window between kexec load
>>>> and execute are captured and passed to the next kernel.
>>>>
>>>> Declare the kimage_file_post_load function in the kernel/kexec_internal.h,
>>>> so it can be properly used in the syscall.
>>>>
>>>> Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
>>>> ---
>>>>    kernel/kexec_file.c     | 7 +++++++
>>>>    kernel/kexec_internal.h | 1 +
>>>>    2 files changed, 8 insertions(+)
>>>>
>>>> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
>>>> index f989f5f1933b..efe28e77280c 100644
>>>> --- a/kernel/kexec_file.c
>>>> +++ b/kernel/kexec_file.c
>>>> @@ -184,6 +184,11 @@ kimage_validate_signature(struct kimage *image)
>>>>    }
>>>>    #endif
>>>>
>>>> +void kimage_file_post_load(struct kimage *image)
>>>> +{
>>>> +       ima_kexec_post_load(image);
>>>> +}
>>>> +
>>>>    /*
>>>>     * In file mode list of segments is prepared by kernel. Copy relevant
>>>>     * data from user space, do error checking, prepare segment list
>>>> @@ -399,6 +404,8 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
>>>>
>>>>           kimage_terminate(image);
>>>>
>>>> +       kimage_file_post_load(image);
>>> I think it should be only done for the reboot case,  please just
>>> exclude the kdump case here..
>>>
>> Thanks for the feedback RuiRui.  Appreciate it.
>>
>> Conceptually I agree with you that this needs to be done only for reboot.
>> I need to figure out how to do it implementation wise.
>>
>> If you can give me pointers/suggestions, that would help.
> Hi Tushar,
>
> You can check the flags argument in the function
> if (flags & KEXEC_FILE_ON_CRASH) is true then this is a kdump kernel
> loading, just skip the kimage_file_post_load in that case?
Great.  Thanks for the pointer.  Will do.
~Tushar
>> ~Tushar
>>>> +
>>>>           ret = machine_kexec_post_load(image);
>>>>           if (ret)
>>>>                   goto out;
>>>> diff --git a/kernel/kexec_internal.h b/kernel/kexec_internal.h
>>>> index 74da1409cd14..98dd5fcafaf0 100644
>>>> --- a/kernel/kexec_internal.h
>>>> +++ b/kernel/kexec_internal.h
>>>> @@ -30,6 +30,7 @@ static inline void kexec_unlock(void)
>>>>
>>>>    #ifdef CONFIG_KEXEC_FILE
>>>>    #include <linux/purgatory.h>
>>>> +void kimage_file_post_load(struct kimage *image);
>>>>    void kimage_file_post_load_cleanup(struct kimage *image);
>>>>    extern char kexec_purgatory[];
>>>>    extern size_t kexec_purgatory_size;
>>>> --
>>>> 2.25.1
>>>>
>>>>
>>>> _______________________________________________
>>>> kexec mailing list
>>>> kexec@lists.infradead.org
>>>> http://lists.infradead.org/mailman/listinfo/kexec
>>>>
diff mbox series

Patch

diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index f989f5f1933b..efe28e77280c 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -184,6 +184,11 @@  kimage_validate_signature(struct kimage *image)
 }
 #endif
 
+void kimage_file_post_load(struct kimage *image)
+{
+	ima_kexec_post_load(image);
+}
+
 /*
  * In file mode list of segments is prepared by kernel. Copy relevant
  * data from user space, do error checking, prepare segment list
@@ -399,6 +404,8 @@  SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
 
 	kimage_terminate(image);
 
+	kimage_file_post_load(image);
+
 	ret = machine_kexec_post_load(image);
 	if (ret)
 		goto out;
diff --git a/kernel/kexec_internal.h b/kernel/kexec_internal.h
index 74da1409cd14..98dd5fcafaf0 100644
--- a/kernel/kexec_internal.h
+++ b/kernel/kexec_internal.h
@@ -30,6 +30,7 @@  static inline void kexec_unlock(void)
 
 #ifdef CONFIG_KEXEC_FILE
 #include <linux/purgatory.h>
+void kimage_file_post_load(struct kimage *image);
 void kimage_file_post_load_cleanup(struct kimage *image);
 extern char kexec_purgatory[];
 extern size_t kexec_purgatory_size;