On 06/19/23 at 01:59pm, Baoquan He wrote:
> In the current arm64, crashkernel=,high support has been finished after
> several rounds of posting and careful reviewing. The code in arm64 which
> parses crashkernel kernel parameters firstly, then reserve memory can be
> a good example for other ARCH
On Fri, 2023-07-07 at 11:01 -0400, Mimi Zohar wrote:
> Hi Tushar,
>
> On Mon, 2023-07-03 at 14:57 -0700, Tushar Sugandhi wrote:
>
> > +/*
> > + * Called during kexec execute so that IMA can update the measurement list.
> > + */
> > +static int ima_update_kexec_buffer(struct notifier_block *self,
On 6/16/23 16:15, Matthew Garrett wrote:
On Fri, Jun 16, 2023 at 04:01:09PM -0400, Daniel P. Smith wrote:
On 5/15/23 21:43, Matthew Garrett wrote:
On Mon, May 15, 2023 at 08:41:00PM -0400, Daniel P. Smith wrote:
On 5/15/23 17:22, Matthew Garrett wrote:
What if I don't use grub, but use
On Fri, Jul 07, 2023 at 10:25:15AM -0500, Michael Roth wrote:
> ...
> It would be unfortunate if we finally abandoned this path because of the
> issue being hit here though. I think the patch posted here is the proper
> resolution to the issue being hit, and I'm hoping at this point we've
>
On Mon, 2023-07-03 at 14:56 -0700, Tushar Sugandhi wrote:
> The current Kernel behavior is IMA measurements snapshot is taken at
> kexec 'load' and not at kexec 'execute'. IMA log is then carried
> over to the new Kernel after kexec 'execute'.
>
> Some devices can be configured to call kexec
On 7/7/23 03:22, Joerg Roedel wrote:
On Fri, Jul 07, 2023 at 12:23:59PM +0800, Baoquan He wrote:
I am wondering why we don't detect the cpu type and return early inside
sev_enable() if it's Intel cpu.
We can't rely on CONFIG_AMD_MEM_ENCRYPT to decide if the code need be
executed or not because
On Fri, Jul 07, 2023 at 10:57:12AM +0200, Borislav Petkov wrote:
> On Fri, Jul 07, 2023 at 10:22:56AM +0200, Joerg Roedel wrote:
> > On Fri, Jul 07, 2023 at 12:23:59PM +0800, Baoquan He wrote:
> > > I am wondering why we don't detect the cpu type and return early inside
> > > sev_enable() if it's
Hi Tushar,
On Mon, 2023-07-03 at 14:57 -0700, Tushar Sugandhi wrote:
> +/*
> + * Called during kexec execute so that IMA can update the measurement list.
> + */
> +static int ima_update_kexec_buffer(struct notifier_block *self,
> +unsigned long action, void *data)
Hi Tushar,
On Mon, 2023-07-03 at 14:57 -0700, Tushar Sugandhi wrote:
> The ima_dump_measurement_list function was designed to iterate over the
> IMA measurement list and store each entry into a buffer. The buffer,
> along with its size, would be returned to the caller. However, the
> function
Hi Tushar,
On Mon, 2023-07-03 at 14:57 -0700, Tushar Sugandhi wrote:
> There is no existing IMA functionality to just populate the buffer at
> kexec execute with IMA measurements.
The same function that copies the measurement list at kexec 'load',
could be re-used at kexec 'exec'. Why is a new
Hi Tushar,
The function to "ima: allocate buffer at kexec load to hold ima
measurements" already exists. Please update the Subject line to
indicate increasing the IMA kexec buffer size.
On Mon, 2023-07-03 at 14:57 -0700, Tushar Sugandhi wrote:
> The IMA subsystem needs a dedicated mechanism to
Hi Tushar,
On Mon, 2023-07-03 at 14:57 -0700, Tushar Sugandhi wrote:
> IMA does not provide a mechanism to allocate memory for IMA log storage
> during kexec operation.
The IMA measurement list is currently being carried across kexec, so
obviously a buffer is being allocated for it. IMA not
On 2023/7/7 18:18, Thomas Gleixner wrote:
On Thu, Jul 06 2023 at 14:44, Baokun Li wrote:
On 2023/7/5 16:59, Thomas Gleixner wrote:
+ /*
+* If this is a crash stop which does not execute on the boot CPU,
+* then this cannot use the INIT mechanism because INIT to the boot
+
On 7/3/23 17:57, Tushar Sugandhi wrote:
Currently, there's no mechanism to map and unmap segments to the kimage
structure. This functionality is needed when dealing with memory segments
in the context of a kexec operation.
The patch adds two new functions: kimage_map_segment() and
On Thu, Jul 06 2023 at 14:44, Baokun Li wrote:
> On 2023/7/5 16:59, Thomas Gleixner wrote:
>> +/*
>> + * If this is a crash stop which does not execute on the boot CPU,
>> + * then this cannot use the INIT mechanism because INIT to the boot
>> + * CPU will reset the machine.
>> +
On Fri, Jul 07, 2023 at 10:22:56AM +0200, Joerg Roedel wrote:
> On Fri, Jul 07, 2023 at 12:23:59PM +0800, Baoquan He wrote:
> > I am wondering why we don't detect the cpu type and return early inside
> > sev_enable() if it's Intel cpu.
> >
> > We can't rely on CONFIG_AMD_MEM_ENCRYPT to decide if
On 07/07/23 at 10:22am, Joerg Roedel wrote:
> On Fri, Jul 07, 2023 at 12:23:59PM +0800, Baoquan He wrote:
> > I am wondering why we don't detect the cpu type and return early inside
> > sev_enable() if it's Intel cpu.
> >
> > We can't rely on CONFIG_AMD_MEM_ENCRYPT to decide if the code need be
>
On Fri, Jul 07, 2023 at 12:23:59PM +0800, Baoquan He wrote:
> I am wondering why we don't detect the cpu type and return early inside
> sev_enable() if it's Intel cpu.
>
> We can't rely on CONFIG_AMD_MEM_ENCRYPT to decide if the code need be
> executed or not because we usually enable them all in
On Tue, 4 Jul 2023 at 05:58, Tushar Sugandhi
wrote:
>
> The kexec_file_load syscall is used to load a new kernel for kexec.
> The syscall needs to update its function to call ima_kexec_post_load, which
> was implemented in a previous patch. ima_kexec_post_load takes care of
> mapping the
[Add Eric in cc]
On Tue, 4 Jul 2023 at 05:58, Tushar Sugandhi
wrote:
>
> The current Kernel behavior is IMA measurements snapshot is taken at
> kexec 'load' and not at kexec 'execute'. IMA log is then carried
> over to the new Kernel after kexec 'execute'.
>
> Some devices can be configured to
20 matches
Mail list logo
