On 04/02/25 at 05:47am, steven chen wrote:
> kexec 'load' may be called multiple times. Free and realloc the buffer
> only if the segment_size is changed from the previous kexec 'load' call.
This is a great example demonstrating how patch is nicely split. A
reasonable unit including reasonable code change and log.
Acked-by: Baoquan He <b...@redhat.com>
>
> Signed-off-by: steven chen <chen...@linux.microsoft.com>
> ---
> security/integrity/ima/ima_kexec.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/security/integrity/ima/ima_kexec.c
> b/security/integrity/ima/ima_kexec.c
> index 5c3b3e0b2186..ed867734ee70 100644
> --- a/security/integrity/ima/ima_kexec.c
> +++ b/security/integrity/ima/ima_kexec.c
> @@ -33,6 +33,14 @@ static void ima_free_kexec_file_buf(struct seq_file *sf)
>
> static int ima_alloc_kexec_file_buf(size_t segment_size)
> {
> + /*
> + * kexec 'load' may be called multiple times.
> + * Free and realloc the buffer only if the segment_size is
> + * changed from the previous kexec 'load' call.
> + */
> + if (ima_kexec_file.buf && ima_kexec_file.size == segment_size)
> + goto out;
> +
> ima_free_kexec_file_buf(&ima_kexec_file);
>
> /* segment size can't change between kexec load and execute */
> @@ -41,6 +49,8 @@ static int ima_alloc_kexec_file_buf(size_t segment_size)
> return -ENOMEM;
>
> ima_kexec_file.size = segment_size;
> +
> +out:
> ima_kexec_file.read_pos = 0;
> ima_kexec_file.count = sizeof(struct ima_kexec_hdr); /* reserved
> space */
>
> --
> 2.25.1
>
