tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

powerpc: Move ima buffer fields to struct kimage

The fields ima_buffer_addr and ima_buffer_size in "struct kimage_arch"
for powerpc are used to carry forward the IMA measurement list across
kexec system call. These fields are not architecture specific, but are
currently limited to powerpc.

arch_ima_add_kexec_buffer() defined in "arch/powerpc/kexec/ima.c"
sets ima_buffer_addr and ima_buffer_size for the kexec system call.
This function does not have architecture specific code, but is
currently limited to powerpc.

Move ima_buffer_addr and ima_buffer_size to "struct kimage".
Set ima_buffer_addr and ima_buffer_size in ima_add_kexec_buffer()
in security/integrity/ima/ima_kexec.c.

Co-developed-by: Prakhar Srivastava <prsriva@linux.microsoft.com>
Signed-off-by: Prakhar Srivastava <prsriva@linux.microsoft.com>
Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Suggested-by: Will Deacon <will@kernel.org>
Reviewed-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Link: https://lore.kernel.org/r/20210221174930.27324-9-nramas@linux.microsoft.com

authored by

Lakshmi Ramasubramanian and committed by
Rob Herring 0c605158 3c985d31

+11 -37
-3
arch/powerpc/include/asm/ima.h
··· 14 14 #endif 15 15 16 16 #ifdef CONFIG_IMA_KEXEC 17 - int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr, 18 - size_t size); 19 - 20 17 int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node); 21 18 #else 22 19 static inline int setup_ima_buffer(const struct kimage *image, void *fdt,
-5
arch/powerpc/include/asm/kexec.h
··· 108 108 unsigned long backup_start; 109 109 void *backup_buf; 110 110 void *fdt; 111 - 112 - #ifdef CONFIG_IMA_KEXEC 113 - phys_addr_t ima_buffer_addr; 114 - size_t ima_buffer_size; 115 - #endif 116 111 }; 117 112 118 113 char *setup_kdump_cmdline(struct kimage *image, char *cmdline,
+6 -23
arch/powerpc/kexec/ima.c
··· 128 128 } 129 129 130 130 #ifdef CONFIG_IMA_KEXEC 131 - /** 132 - * arch_ima_add_kexec_buffer - do arch-specific steps to add the IMA buffer 133 - * 134 - * Architectures should use this function to pass on the IMA buffer 135 - * information to the next kernel. 136 - * 137 - * Return: 0 on success, negative errno on error. 138 - */ 139 - int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr, 140 - size_t size) 141 - { 142 - image->arch.ima_buffer_addr = load_addr; 143 - image->arch.ima_buffer_size = size; 144 - 145 - return 0; 146 - } 147 - 148 131 static int write_number(void *p, u64 value, int cells) 149 132 { 150 133 if (cells == 1) { ··· 163 180 u8 value[16]; 164 181 165 182 remove_ima_buffer(fdt, chosen_node); 166 - if (!image->arch.ima_buffer_size) 183 + if (!image->ima_buffer_size) 167 184 return 0; 168 185 169 186 ret = get_addr_size_cells(&addr_cells, &size_cells); ··· 175 192 if (entry_size > sizeof(value)) 176 193 return -EINVAL; 177 194 178 - ret = write_number(value, image->arch.ima_buffer_addr, addr_cells); 195 + ret = write_number(value, image->ima_buffer_addr, addr_cells); 179 196 if (ret) 180 197 return ret; 181 198 182 - ret = write_number(value + 4 * addr_cells, image->arch.ima_buffer_size, 199 + ret = write_number(value + 4 * addr_cells, image->ima_buffer_size, 183 200 size_cells); 184 201 if (ret) 185 202 return ret; ··· 189 206 if (ret < 0) 190 207 return -EINVAL; 191 208 192 - ret = fdt_add_mem_rsv(fdt, image->arch.ima_buffer_addr, 193 - image->arch.ima_buffer_size); 209 + ret = fdt_add_mem_rsv(fdt, image->ima_buffer_addr, 210 + image->ima_buffer_size); 194 211 if (ret) 195 212 return -EINVAL; 196 213 197 214 pr_debug("IMA buffer at 0x%llx, size = 0x%zx\n", 198 - image->arch.ima_buffer_addr, image->arch.ima_buffer_size); 215 + image->ima_buffer_addr, image->ima_buffer_size); 199 216 200 217 return 0; 201 218 }
+3
include/linux/kexec.h
··· 304 304 #ifdef CONFIG_IMA_KEXEC 305 305 /* Virtual address of IMA measurement buffer for kexec syscall */ 306 306 void *ima_buffer; 307 + 308 + phys_addr_t ima_buffer_addr; 309 + size_t ima_buffer_size; 307 310 #endif 308 311 309 312 /* Core ELF header buffer */
+2 -6
security/integrity/ima/ima_kexec.c
··· 123 123 return; 124 124 } 125 125 126 - ret = arch_ima_add_kexec_buffer(image, kbuf.mem, kexec_segment_size); 127 - if (ret) { 128 - pr_err("Error passing over kexec measurement buffer.\n"); 129 - return; 130 - } 131 - 126 + image->ima_buffer_addr = kbuf.mem; 127 + image->ima_buffer_size = kexec_segment_size; 132 128 image->ima_buffer = kexec_buffer; 133 129 134 130 pr_debug("kexec measurement buffer for the loaded kernel at 0x%lx.\n",