diff mbox series

of: Correctly annotate IMA kexec buffer functions

Message ID Yrwg1aYEnFz38V6+@noodles-fedora.dhcp.thefacebook.com (mailing list archive)
State New, archived
Headers show
Series of: Correctly annotate IMA kexec buffer functions | expand

Commit Message

Jonathan McDowell June 29, 2022, 9:52 a.m. UTC 
On Wed, Jun 29, 2022 at 10:38:46AM +0200, Borislav Petkov wrote:
> On Wed, Jun 29, 2022 at 10:52:13AM +0800, kernel test robot wrote:
> > tree:   https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86/kdump
> > head:   69243968bd526641e549ed231c750ce92e3eeb35
> > commit: 69243968bd526641e549ed231c750ce92e3eeb35 [1/1] x86/kexec: Carry forward IMA measurement log on kexec
> 
> I've zapped it from tip for the time being.

This turns out to be the old OF code that can now be hit on x86 when
CONFIG_OF=y because it defines HAVE_IMA_KEXEC. I suspect the warning
already exists on ARM64/PowerPC. Fix is to mark those functions up in
the same manner as the new x86 variants.

Below is on top of what was in tip; I can roll a v7 if preferred but
I think seeing the fix on its own is clearer.
---

ima_free_kexec_buffer() calls into memblock_phys_free() so must be
annotated __meminit. Equally ima_kexec_get_buffer() is executed during
__init so can be marked as such. This was already done in the new x86
IMA kexec passing functions but not for the pre-existing OF based
functions.

Signed-off-by: Jonathan McDowell <noodles@fb.com>
Reported-by: kernel test robot <lkp@intel.com>
---
 drivers/of/kexec.c  | 4 ++--
 include/linux/ima.h | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

Comments

Borislav Petkov June 29, 2022, 2:01 p.m. UTC | #1 
On Wed, Jun 29, 2022 at 09:52:50AM +0000, Jonathan McDowell wrote:
> Below is on top of what was in tip; I can roll a v7 if preferred but
> I think seeing the fix on its own is clearer.

Yes, and you don't have to base it on top because, as I've said, I've
zapped your other patch there.

Once IMA folks are fine with that fix of yours I can take both, if they
wish so.

> ima_free_kexec_buffer() calls into memblock_phys_free() so must be
> annotated __meminit.

Why __meminit?

The very sparse comment over it says:

/* Used for MEMORY_HOTPLUG */
#define __meminit        __section(".meminit.text") __cold notrace \
                                                  __latent_entropy

so how does ima_free_kexec_buffer() have anything to do with
MEMORY_HOTPLUG?

It calls memblock_phys_free() which is __init_memblock.

Now __init_memblock is defined as

#define __init_memblock __meminit

for some CONFIG_ARCH_KEEP_MEMBLOCK thing so I guess that is the
connection.

But then the couple other functions which call into memblock are all
__init...

IOW, I probably am missing something...

Thx.
Jonathan McDowell June 29, 2022, 5:49 p.m. UTC | #2 
On Wed, Jun 29, 2022 at 04:01:15PM +0200, Borislav Petkov wrote:
> On Wed, Jun 29, 2022 at 09:52:50AM +0000, Jonathan McDowell wrote:
> > Below is on top of what was in tip; I can roll a v7 if preferred but
> > I think seeing the fix on its own is clearer.
> 
> Yes, and you don't have to base it on top because, as I've said, I've
> zapped your other patch there.
> 
> Once IMA folks are fine with that fix of yours I can take both, if they
> wish so.

I'll roll a v7 collapsing them together and moving to __init as per
below.

> > ima_free_kexec_buffer() calls into memblock_phys_free() so must be
> > annotated __meminit.
> 
> Why __meminit?
> 
> The very sparse comment over it says:
> 
> /* Used for MEMORY_HOTPLUG */
> #define __meminit        __section(".meminit.text") __cold notrace \
>                                                   __latent_entropy
> 
> so how does ima_free_kexec_buffer() have anything to do with
> MEMORY_HOTPLUG?
> 
> It calls memblock_phys_free() which is __init_memblock.
> 
> Now __init_memblock is defined as
> 
> #define __init_memblock __meminit
> 
> for some CONFIG_ARCH_KEEP_MEMBLOCK thing so I guess that is the
> connection.
> 
> But then the couple other functions which call into memblock are all
> __init...
> 
> IOW, I probably am missing something...

I think the answer is that __meminit (or __init_memblock) works out as
the minimum required annotation, because memblock_phys_free() has that
annotation, but having looked closer at the call stack all of the usage
is under ima_init() which is marked __init, so it's more appropriate to
use that and discard the code after boot. There's no need for the ima
related functions to stay hanging around in the case memory hotplug is
enabled, because it's purely a boot time mechanism for passing the
buffer over a kexec boundary.

J.
diff mbox series

Patch

diff --git a/drivers/of/kexec.c b/drivers/of/kexec.c
index d3ec430fa403..95cd5532b503 100644
--- a/drivers/of/kexec.c
+++ b/drivers/of/kexec.c
@@ -124,7 +124,7 @@  static int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr,
  *
  * Return: 0 on success, negative errno on error.
  */
-int ima_get_kexec_buffer(void **addr, size_t *size)
+int __init ima_get_kexec_buffer(void **addr, size_t *size)
 {
 	int ret, len;
 	unsigned long tmp_addr;
@@ -148,7 +148,7 @@  int ima_get_kexec_buffer(void **addr, size_t *size)
 /**
  * ima_free_kexec_buffer - free memory used by the IMA buffer
  */
-int ima_free_kexec_buffer(void)
+int __meminit ima_free_kexec_buffer(void)
 {
 	int ret;
 	unsigned long addr;
diff --git a/include/linux/ima.h b/include/linux/ima.h
index ff4bd993e432..8d4698e63190 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -141,8 +141,8 @@  static inline int ima_measure_critical_data(const char *event_label,
 #endif /* CONFIG_IMA */
 
 #ifdef CONFIG_HAVE_IMA_KEXEC
-int ima_free_kexec_buffer(void);
-int ima_get_kexec_buffer(void **addr, size_t *size);
+int __meminit ima_free_kexec_buffer(void);
+int __init ima_get_kexec_buffer(void **addr, size_t *size);
 #endif
 
 #ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT