The kexec_file_load() syscall is used to load a new Kernel for kexec. The syscall needs to be updated to call ima_kexec_post_load(), which was implemented in a previous patch. ima_kexec_post_load() should take care of mapping the IMA log buffer segment into the next Kernel. It should also register a reboot notifier which would call a function to dump the IMA measurements into IMA log buffer segment during kexec soft reboot.
Modify the kexec_file_load() syscall to call ima_kexec_post_load() after the image has been loaded and prepared for kexec. This ensures that the IMA measurement list will be available to the next Kernel after a kexec soft reboot. This also ensures the measurements taken in the window between kexec 'load' and 'execute' are captured and passed to the next Kernel. Signed-off-by: Tushar Sugandhi <[email protected]> --- kernel/kexec_file.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index f989f5f1933b..617dbbb6e46d 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -184,6 +184,11 @@ kimage_validate_signature(struct kimage *image) } #endif +void kimage_file_post_load(struct kimage *image) +{ + ima_kexec_post_load(image); +} + /* * In file mode list of segments is prepared by kernel. Copy relevant * data from user space, do error checking, prepare segment list @@ -399,6 +404,9 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd, kimage_terminate(image); + if (!(flags & KEXEC_FILE_ON_CRASH)) + kimage_file_post_load(image); + ret = machine_kexec_post_load(image); if (ret) goto out; -- 2.25.1
