Message ID | 20250304190351.96975-5-chenste@linux.microsoft.com (mailing list archive) |
---|---|
State | Handled Elsewhere |
Headers | show |
Series | ima: kexec: measure events between kexec load and execute | expand |
Hi steven, kernel test robot noticed the following build warnings: [auto build test WARNING on zohar-integrity/next-integrity] [also build test WARNING on linus/master v6.14-rc6 next-20250311] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information] url: https://github.com/intel-lab-lkp/linux/commits/steven-chen/ima-copy-only-complete-measurement-records-across-kexec/20250305-031719 base: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity patch link: https://lore.kernel.org/r/20250304190351.96975-5-chenste%40linux.microsoft.com patch subject: [PATCH v9 4/7] ima: kexec: define functions to copy IMA log at soft boot config: powerpc64-randconfig-r133-20250312 (https://download.01.org/0day-ci/archive/20250312/202503121600.IMBKp2gC-lkp@intel.com/config) compiler: powerpc64-linux-gcc (GCC) 14.2.0 reproduce: (https://download.01.org/0day-ci/archive/20250312/202503121600.IMBKp2gC-lkp@intel.com/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp@intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202503121600.IMBKp2gC-lkp@intel.com/ sparse warnings: (new ones prefixed by >>) security/integrity/ima/ima_kexec.c:107:30: sparse: sparse: incorrect type in assignment (different base types) @@ expected unsigned short [addressable] [assigned] [usertype] version @@ got restricted __le16 [usertype] @@ security/integrity/ima/ima_kexec.c:107:30: sparse: expected unsigned short [addressable] [assigned] [usertype] version security/integrity/ima/ima_kexec.c:107:30: sparse: got restricted __le16 [usertype] security/integrity/ima/ima_kexec.c:108:28: sparse: sparse: incorrect type in assignment (different base types) @@ expected unsigned long long [addressable] [assigned] [usertype] count @@ got restricted __le64 [usertype] @@ security/integrity/ima/ima_kexec.c:108:28: sparse: expected unsigned long long [addressable] [assigned] [usertype] count security/integrity/ima/ima_kexec.c:108:28: sparse: got restricted __le64 [usertype] security/integrity/ima/ima_kexec.c:109:34: sparse: sparse: incorrect type in assignment (different base types) @@ expected unsigned long long [addressable] [assigned] [usertype] buffer_size @@ got restricted __le64 [usertype] @@ security/integrity/ima/ima_kexec.c:109:34: sparse: expected unsigned long long [addressable] [assigned] [usertype] buffer_size security/integrity/ima/ima_kexec.c:109:34: sparse: got restricted __le64 [usertype] >> security/integrity/ima/ima_kexec.c:209:23: sparse: sparse: symbol 'update_buffer_nb' was not declared. Should it be static? vim +/update_buffer_nb +209 security/integrity/ima/ima_kexec.c 208 > 209 struct notifier_block update_buffer_nb = { 210 .notifier_call = ima_update_kexec_buffer, 211 .priority = 1, 212 }; 213
diff --git a/include/linux/ima.h b/include/linux/ima.h index 0bae61a15b60..8e29cb4e6a01 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -32,6 +32,9 @@ static inline void ima_appraise_parse_cmdline(void) {} #ifdef CONFIG_IMA_KEXEC extern void ima_add_kexec_buffer(struct kimage *image); +extern void ima_kexec_post_load(struct kimage *image); +#else +static inline void ima_kexec_post_load(struct kimage *image) {} #endif #else diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c index 0465beca8867..074848dcd30f 100644 --- a/security/integrity/ima/ima_kexec.c +++ b/security/integrity/ima/ima_kexec.c @@ -12,10 +12,14 @@ #include <linux/kexec.h> #include <linux/of.h> #include <linux/ima.h> +#include <linux/reboot.h> +#include <asm/page.h> #include "ima.h" #ifdef CONFIG_IMA_KEXEC static struct seq_file ima_kexec_file; +static void *ima_kexec_buffer; +static bool ima_kexec_update_registered; static void ima_reset_kexec_file(struct seq_file *sf) { @@ -192,6 +196,49 @@ void ima_add_kexec_buffer(struct kimage *image) kexec_dprintk("kexec measurement buffer for the loaded kernel at 0x%lx.\n", kbuf.mem); } + +/* + * Called during kexec execute so that IMA can update the measurement list. + */ +static int ima_update_kexec_buffer(struct notifier_block *self, + unsigned long action, void *data) +{ + return NOTIFY_OK; +} + +struct notifier_block update_buffer_nb = { + .notifier_call = ima_update_kexec_buffer, + .priority = 1, +}; + +/* + * Create a mapping for the source pages that contain the IMA buffer + * so we can update it later. + */ +void ima_kexec_post_load(struct kimage *image) +{ + if (ima_kexec_buffer) { + kimage_unmap_segment(ima_kexec_buffer); + ima_kexec_buffer = NULL; + } + + if (!image->ima_buffer_addr) + return; + + ima_kexec_buffer = kimage_map_segment(image, + image->ima_buffer_addr, + image->ima_buffer_size); + if (!ima_kexec_buffer) { + pr_err("Could not map measurements buffer.\n"); + return; + } + + if (!ima_kexec_update_registered) { + register_reboot_notifier(&update_buffer_nb); + ima_kexec_update_registered = true; + } +} + #endif /* IMA_KEXEC */ /*