Message ID | 20211222191623.376174-1-bmeneg@redhat.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | ima: silence measurement list hexdump during kexec | expand |
Hi Bruno, On Wed, 2021-12-22 at 16:16 -0300, Bruno Meneguele wrote: > The measurement list is dumped during a soft reset (kexec) through the call > to "print_hex_dump(KERN_DEBUG, ...)", which ignores the DEBUG build flag. > Instead, use "print_hex_dump_debug(...)", honoring the build flag. > > Signed-off-by: Bruno Meneguele <bmeneg@redhat.com> The patch description needs to at least explain why using print_hex_dump() isn't sufficent. Look at how print_hex_dump() is defined. Based on whether CONFIG_DYNAMIC_DEBUG is enabled, different functions are used. Mimi > --- > security/integrity/ima/ima_kexec.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c > index f799cc278a9a..13753136f03f 100644 > --- a/security/integrity/ima/ima_kexec.c > +++ b/security/integrity/ima/ima_kexec.c > @@ -61,9 +61,9 @@ static int ima_dump_measurement_list(unsigned long *buffer_size, void **buffer, > } > memcpy(file.buf, &khdr, sizeof(khdr)); > > - print_hex_dump(KERN_DEBUG, "ima dump: ", DUMP_PREFIX_NONE, > - 16, 1, file.buf, > - file.count < 100 ? file.count : 100, true); > + print_hex_dump_debug("ima dump: ", DUMP_PREFIX_NONE, 16, 1, > + file.buf, file.count < 100 ? file.count : 100, > + true); > > *buffer_size = file.count; > *buffer = file.buf;
On Wed, Dec 22, 2021 at 05:13:56PM -0500, Mimi Zohar wrote: > Hi Bruno, > > On Wed, 2021-12-22 at 16:16 -0300, Bruno Meneguele wrote: > > The measurement list is dumped during a soft reset (kexec) through the call > > to "print_hex_dump(KERN_DEBUG, ...)", which ignores the DEBUG build flag. > > Instead, use "print_hex_dump_debug(...)", honoring the build flag. > > > > Signed-off-by: Bruno Meneguele <bmeneg@redhat.com> > > The patch description needs to at least explain why using > print_hex_dump() isn't sufficent. Look at how print_hex_dump() is > defined. Based on whether CONFIG_DYNAMIC_DEBUG is enabled, different > functions are used. Sending the v2 in a sec :) Thanks Mimi > > Mimi > > > --- > > security/integrity/ima/ima_kexec.c | 6 +++--- > > 1 file changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c > > index f799cc278a9a..13753136f03f 100644 > > --- a/security/integrity/ima/ima_kexec.c > > +++ b/security/integrity/ima/ima_kexec.c > > @@ -61,9 +61,9 @@ static int ima_dump_measurement_list(unsigned long *buffer_size, void **buffer, > > } > > memcpy(file.buf, &khdr, sizeof(khdr)); > > > > - print_hex_dump(KERN_DEBUG, "ima dump: ", DUMP_PREFIX_NONE, > > - 16, 1, file.buf, > > - file.count < 100 ? file.count : 100, true); > > + print_hex_dump_debug("ima dump: ", DUMP_PREFIX_NONE, 16, 1, > > + file.buf, file.count < 100 ? file.count : 100, > > + true); > > > > *buffer_size = file.count; > > *buffer = file.buf; > >
diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c index f799cc278a9a..13753136f03f 100644 --- a/security/integrity/ima/ima_kexec.c +++ b/security/integrity/ima/ima_kexec.c @@ -61,9 +61,9 @@ static int ima_dump_measurement_list(unsigned long *buffer_size, void **buffer, } memcpy(file.buf, &khdr, sizeof(khdr)); - print_hex_dump(KERN_DEBUG, "ima dump: ", DUMP_PREFIX_NONE, - 16, 1, file.buf, - file.count < 100 ? file.count : 100, true); + print_hex_dump_debug("ima dump: ", DUMP_PREFIX_NONE, 16, 1, + file.buf, file.count < 100 ? file.count : 100, + true); *buffer_size = file.count; *buffer = file.buf;
The measurement list is dumped during a soft reset (kexec) through the call to "print_hex_dump(KERN_DEBUG, ...)", which ignores the DEBUG build flag. Instead, use "print_hex_dump_debug(...)", honoring the build flag. Signed-off-by: Bruno Meneguele <bmeneg@redhat.com> --- security/integrity/ima/ima_kexec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)