On 05/02/25 at 09:25am, steven chen wrote: > On 4/24/2025 7:37 AM, Baoquan He wrote: > > Hi Steven, > > > > Could you test below code and post a formal patch to not copy > > measurement list buffer to kdump kernel? Below log is just for your > > reference, please feel free to modify or rephrase. > > > > === > > Kdump kernel doesn't need IMA to do integrity measurement. > > Hence the measurement list in 1st kernel doesn't need to be copied to > > kdump kenrel. > > > > Here skip allocating buffer for measurement list copying if loading > > kdump kernel. Then there won't be the later handling related to > > ima_kexec_buffer. > > === > > > > diff --git a/security/integrity/ima/ima_kexec.c > > b/security/integrity/ima/ima_kexec.c > > index 38cb2500f4c3..7362f68f2d8b 100644 > > --- a/security/integrity/ima/ima_kexec.c > > +++ b/security/integrity/ima/ima_kexec.c > > @@ -146,6 +146,9 @@ void ima_add_kexec_buffer(struct kimage *image) > > void *kexec_buffer = NULL; > > int ret; > > + if (image->type == KEXEC_TYPE_CRASH) > > + return; > > + > > /* > > * Reserve extra memory for measurements added during kexec. > > */ > > > Hi Baoquan, > > I tested the kernel with above change. Normal soft reboot works fine. > > I will post the patch for review.
Just come back from Labor Day public holiday. I went through the code flow, the code should be fine. I will test it by checking the setup_data if IMA data is excluded in kdump case.
