kernel command line and /chosen properties.
Therefore change kexec_fdt_totalsize_ppc64() to calculate just the extra
space needed by the kdump kernel, and change the function name so that it
better reflects what the function is now doing.
Signed-off-by: Thiago Jung Bauermann
Reviewed-by: Lak
On 3/8/21 4:42 PM, Paul Moore wrote:
On Fri, Mar 5, 2021 at 2:29 PM Lakshmi Ramasubramanian
wrote:
On 3/5/21 11:22 AM, Paul Moore wrote:
Hi Paul,
On Fri, Mar 5, 2021 at 12:57 PM James Bottomley
wrote:
On Fri, 2021-03-05 at 12:52 -0500, Paul Moore wrote:
[...]
This draft seems fine to me
On 3/5/21 11:22 AM, Paul Moore wrote:
Hi Paul,
On Fri, Mar 5, 2021 at 12:57 PM James Bottomley
wrote:
On Fri, 2021-03-05 at 12:52 -0500, Paul Moore wrote:
[...]
This draft seems fine to me, but there is a small logistical blocker
at the moment which means I can't merge this until -rc2 is
On 3/4/21 5:45 PM, Paul Moore wrote:
On Thu, Mar 4, 2021 at 2:20 PM Lakshmi Ramasubramanian
wrote:
On 2/12/21 8:37 AM, Lakshmi Ramasubramanian wrote:
Hi Paul,
SELinux stores the configuration state and the policy capabilities
in kernel memory. Changes to this data at runtime would have
On 2/12/21 8:37 AM, Lakshmi Ramasubramanian wrote:
Hi Paul,
SELinux stores the configuration state and the policy capabilities
in kernel memory. Changes to this data at runtime would have an impact
on the security guarantees provided by SELinux. Measuring this data
through IMA subsystem
On 3/2/21 7:06 AM, Rob Herring wrote:
On Sun, Feb 21, 2021 at 11:49 AM Lakshmi Ramasubramanian
wrote:
On kexec file load Integrity Measurement Architecture (IMA) subsystem
may verify the IMA signature of the kernel and initramfs, and measure
it. The command line parameters passed
On 2/23/21 5:20 PM, Thiago Jung Bauermann wrote:
Lakshmi Ramasubramanian writes:
From: Rob Herring
Both arm64 and powerpc do essentially the same FDT /chosen setup for
kexec. The differences are either omissions that arm64 should have
or additional properties that will be ignored
On 2/21/21 5:32 PM, Guenter Roeck wrote:
Hi Guenter,
On Sat, Feb 13, 2021 at 08:10:41AM -0800, Lakshmi Ramasubramanian wrote:
From: Rob Herring
Both arm64 and powerpc do essentially the same FDT /chosen setup for
kexec. The differences are either omissions that arm64 should have
evice tree
and update the memory reservation for kexec for arm64.
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiago Jung Bauermann
---
arch/arm64/kernel/machine_kexec_file.c | 180 ++---
1 file changed, 8 insertions(+), 172 deletions(-)
diff --
evice tree
and update the memory reservation for kexec for powerpc.
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/kexec.h | 1 +
arch/powerpc/kexec/elf_64.c | 30 ---
arch/powerpc/kexec/file_load.
arm64, in
of_kexec_alloc_and_setup_fdt() and move it to "drivers/of/kexec.c".
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
Fixes: 33488dc4d61f ("of: Add a common kexec FDT setup function")
Reported-by: kernel t
t;arch/powerpc/kexec/ima.c" and "arch/powerpc/include/asm/ima.h".
Remove references to the deleted files and functions in powerpc and
in ima.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiago Jung Ba
information is
present in the device tree for powerpc.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Thiago Jung Bauermann
Reviewed-by: Thiago Jung Bauermann
---
arch/powerpc/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/Kconfig b/arch/powerpc
e next kernel across kexec system call.
Remove custom code that is used in setup_ima_buffer() to add
"linux,ima-kexec-buffer" property to the device tree.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiag
Update CONFIG_KEXEC_FILE to select CONFIG_HAVE_IMA_KEXEC, if CONFIG_IMA
is enabled, to indicate that the IMA measurement log information is
present in the device tree for ARM64.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
r_size in ima_add_kexec_buffer()
in security/integrity/ima/ima_kexec.c.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Will Deacon
Reviewed-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/ima.h | 3 ---
ar
ELF related fields elf_headers, elf_headers_sz, and elfcorehdr_addr
have been moved from 'struct kimage_arch' to 'struct kimage' as
elf_headers, elf_headers_sz, and elf_load_addr respectively.
Use the ELF fields defined in 'struct kimage'.
Signed-off-by: Lakshmi Ramasubramanian
Suggested
ELF related fields elf_headers, elf_headers_sz, and elf_headers_mem
have been moved from 'struct kimage_arch' to 'struct kimage' as
elf_headers, elf_headers_sz, and elf_load_addr respectively.
Use the ELF fields defined in 'struct kimage'.
Signed-off-by: Lakshmi Ramasubramanian
Suggested
ELF related fields elf_headers, elf_headers_sz, and elf_load_addr
have been moved from 'struct kimage_arch' to 'struct kimage'.
Use the ELF fields defined in 'struct kimage'.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Rob Herring
Fixes: 33488dc4d61f ("of: Add a common kexec FDT
Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/kexec.h | 1 -
arch/powerpc/kexec/file_load.c | 32
2 files changed, 33 deletions(-)
diff --git a/arch/powerpc/include/asm/kexec.h b/ar
c-buffer node in the chosen
node documentation
v0:
Add a layer of abstraction to use the memory reserved by device tree
for ima buffer pass.
Add support for ima buffer pass using reserved memory for arm64 kexec.
Update the arch sepcific code path in kexec file load to store the
ima
system call.
Move the ELF fields to 'struct kimage' defined in include/linux/kexec.h
so common code can use it.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Rob Herring
Fixes: 33488dc4d61f ("of: Add a common kexec FDT setup function")
Reported-by: kernel test robot
---
inc
On 2/19/21 10:09 AM, Thiago Jung Bauermann wrote:
Mimi Zohar writes:
On Fri, 2021-02-19 at 11:43 -0600, Rob Herring wrote:
On Fri, Feb 19, 2021 at 10:57 AM Lakshmi Ramasubramanian
wrote:
On 2/19/21 6:16 AM, Rob Herring wrote:
On Thu, Feb 18, 2021 at 8:53 PM Lakshmi Ramasubramanian
On 2/19/21 6:16 AM, Rob Herring wrote:
On Thu, Feb 18, 2021 at 8:53 PM Lakshmi Ramasubramanian
wrote:
On 2/18/21 5:13 PM, Thiago Jung Bauermann wrote:
Lakshmi Ramasubramanian writes:
On 2/18/21 4:07 PM, Mimi Zohar wrote:
Hi Mimi,
On Thu, 2021-02-18 at 14:33 -0800, Lakshmi
On 2/19/21 6:25 AM, Thiago Jung Bauermann wrote:
One small nit in the function header (please see below), but otherwise
the change looks good.
Reviewed-by: Lakshmi Ramasubramanian
Commit 2377c92e37fe ("powerpc/kexec_file: fix FDT size estimation for kdump
kernel") fixed how
On 2/18/21 5:13 PM, Thiago Jung Bauermann wrote:
Lakshmi Ramasubramanian writes:
On 2/18/21 4:07 PM, Mimi Zohar wrote:
Hi Mimi,
On Thu, 2021-02-18 at 14:33 -0800, Lakshmi Ramasubramanian wrote:
of_kexec_alloc_and_setup_fdt() defined in drivers/of/kexec.c builds
a new device tree object
On 2/18/21 4:07 PM, Mimi Zohar wrote:
Hi Mimi,
On Thu, 2021-02-18 at 14:33 -0800, Lakshmi Ramasubramanian wrote:
of_kexec_alloc_and_setup_fdt() defined in drivers/of/kexec.c builds
a new device tree object that includes architecture specific data
for kexec system call. This should be defined
ew boolean config OF_KEXEC that is enabled if
CONFIG_KEXEC_FILE and CONFIG_OF_FLATTREE are enabled, and
the architecture is arm64 or powerpc64. Build drivers/of/kexec.c
if CONFIG_OF_KEXEC is enabled.
Signed-off-by: Lakshmi Ramasubramanian
Fixes: 33488dc4d61f ("of: Add a common kexec FDT
evice tree
and update the memory reservation for kexec for powerpc.
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/kexec.h | 1 +
arch/powerpc/kexec/elf_64.c | 30 ---
arch/powerpc/kexec/file_load.c| 132 +-
ar
t;arch/powerpc/kexec/ima.c" and "arch/powerpc/include/asm/ima.h".
Remove references to the deleted files and functions in powerpc and
in ima.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiago Jung Ba
r_size in ima_add_kexec_buffer()
in security/integrity/ima/ima_kexec.c.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Will Deacon
---
arch/powerpc/include/asm/ima.h | 3 ---
arch/powerpc/include/asm/kexec.h
information is
present in the device tree for powerpc.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Thiago Jung Bauermann
Reviewed-by: Thiago Jung Bauermann
---
arch/powerpc/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/Kconfig b/arch/powerpc
Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/kexec.h | 1 -
arch/powerpc/kexec/file_load.c | 32
2 files changed, 33 deletions(-)
diff --git a/arch/powerpc/include/asm/kexec.h b/ar
e next kernel across kexec system call.
Remove custom code that is used in setup_ima_buffer() to add
"linux,ima-kexec-buffer" property to the device tree.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiag
evice tree
and update the memory reservation for kexec for arm64.
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
---
arch/arm64/kernel/machine_kexec_file.c | 180 ++---
1 file changed, 8 insertions(+), 172 deletions(-)
diff --git a/arch/arm64/kernel/machine_kexec
Update CONFIG_KEXEC_FILE to select CONFIG_HAVE_IMA_KEXEC, if CONFIG_IMA
is enabled, to indicate that the IMA measurement log information is
present in the device tree for ARM64.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
.
Add support for ima buffer pass using reserved memory for arm64 kexec.
Update the arch sepcific code path in kexec file load to store the
ima buffer in the reserved memory. The same reserved memory is read
on kexec or cold boot.
Lakshmi Ramasubramanian (7):
arm64: Rename kexec el
.
Rename elf_headers_mem to elf_load_addr to align with powerpc name so
common code can use it.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Thiago Jung Bauermann
---
arch/arm64/include/asm/kexec.h | 2 +-
arch/arm64/kernel/machine_kexec_file.c | 6 +++---
2 files changed, 4
arm64, in
of_kexec_alloc_and_setup_fdt() and move it to "drivers/of/kexec.c".
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
---
drivers/of/Makefile | 6 +
drivers/of/kexec.c | 265
include/linux/of.h | 5 +
3
for
kexec system call.
Rename elfcorehdr_addr to elf_load_addr to align with x86_64 name so
common code can use it.
Signed-off-by: Rob Herring
Reviewed-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/kexec.h | 2 +-
arch/powerpc/kexec/file_load.c| 4 ++--
arch/powerpc/kexec
On 2/12/21 10:24 AM, Rob Herring wrote:
On Fri, Feb 12, 2021 at 11:19 AM Lakshmi Ramasubramanian
wrote:
On 2/12/21 6:38 AM, Rob Herring wrote:
On Thu, Feb 11, 2021 at 7:17 PM Lakshmi Ramasubramanian
wrote:
On 2/11/21 5:09 PM, Thiago Jung Bauermann wrote:
There's actually a complication
On 2/12/21 6:38 AM, Rob Herring wrote:
On Thu, Feb 11, 2021 at 7:17 PM Lakshmi Ramasubramanian
wrote:
On 2/11/21 5:09 PM, Thiago Jung Bauermann wrote:
There's actually a complication that I just noticed and needs to be
addressed. More below.
<...>
+
+/*
+ * of_kexec_alloc_and_set
n whatever policy capabilities are actually
set in the expected policy (which can be extracted from the policy
itself via seinfo, for example).
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Stephen Smalley
Suggested-by: Paul Moore
---
security/selinux/ima.c | 87 ++
On 2/11/21 5:09 PM, Thiago Jung Bauermann wrote:
There's actually a complication that I just noticed and needs to be
addressed. More below.
<...>
+
+/*
+ * of_kexec_alloc_and_setup_fdt - Alloc and setup a new Flattened Device Tree
+ *
+ * @image: kexec image being loaded.
+ *
On 2/10/21 4:25 PM, Paul Moore wrote:
On Fri, Jan 29, 2021 at 11:49 AM Lakshmi Ramasubramanian
wrote:
SELinux stores the configuration state and the policy capabilities
in kernel memory. Changes to this data at runtime would have an impact
on the security guarantees provided by SELinux
On 2/10/21 5:42 PM, Thiago Jung Bauermann wrote:
Lakshmi Ramasubramanian writes:
From: Rob Herring
The code for setting up the /chosen node in the device tree
and updating the memory reservation for the next kernel has been
moved to of_kexec_alloc_and_setup_fdt() defined in "dr
On 2/10/21 1:39 PM, Mimi Zohar wrote:
On Wed, 2021-02-10 at 15:55 -0500, Mimi Zohar wrote:
On Wed, 2021-02-10 at 14:42 -0600, Rob Herring wrote:
On Wed, Feb 10, 2021 at 11:33 AM Lakshmi Ramasubramanian
Ideally, we don't apply the same patch in 2 branches. It looks like
there's a conflict
On 2/10/21 9:20 AM, Rob Herring wrote:
On Tue, Feb 09, 2021 at 10:21:55AM -0800, Lakshmi Ramasubramanian wrote:
The fields ima_buffer_addr and ima_buffer_size in "struct kimage_arch"
for powerpc are used to carry forward the IMA measurement list across
kexec system call. Th
On 2/10/21 9:23 AM, Rob Herring wrote:
On Tue, Feb 09, 2021 at 10:21:52AM -0800, Lakshmi Ramasubramanian wrote:
From: Rob Herring
Both arm64 and powerpc do essentially the same FDT /chosen setup for
kexec. The differences are either omissions that arm64 should have
or additional properties
On 2/10/21 9:15 AM, Rob Herring wrote:
On Tue, Feb 09, 2021 at 10:21:50AM -0800, Lakshmi Ramasubramanian wrote:
On kexec file load Integrity Measurement Architecture (IMA) subsystem
may verify the IMA signature of the kernel and initramfs, and measure
it. The command line parameters passed
e next kernel across kexec system call.
Remove custom code that is used in setup_ima_buffer() to add
"linux,ima-kexec-buffer" property to the device tree.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiag
Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/kexec.h | 1 -
arch/powerpc/kexec/file_load.c | 32
2 files changed, 33 deletions(-)
diff --git a/arch/powerpc/include/asm/kexec.h b/arch/powerpc/include/asm/kexec.h
in
Update CONFIG_KEXEC_FILE to select CONFIG_HAVE_IMA_KEXEC, if CONFIG_IMA
is enabled, to indicate that the IMA measurement log information is
present in the device tree for ARM64.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
r() to of_ima_add_kexec_buffer()
and move it in drivers/of/kexec.c.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Will Deacon
---
arch/powerpc/include/asm/ima.h | 3 ---
arch/powerpc/include/asm/kexec.h | 5 -
t;arch/powerpc/kexec/ima.c" and "arch/powerpc/include/asm/ima.h".
Remove references to the deleted files and functions in powerpc and
in ima.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/
information is
present in the device tree for powerpc.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Thiago Jung Bauermann
---
arch/powerpc/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index 107bb4319e0e
for
kexec system call.
Rename elfcorehdr_addr to elf_headers_mem to align with arm64 name so
common code can use it.
Signed-off-by: Rob Herring
Reviewed-by: Thiago Jung Bauermann
Reviewed-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/kexec.h | 2 +-
arch/powerpc/kexec/file_load.c
arm64, in
of_kexec_alloc_and_setup_fdt() and move it to "drivers/of/kexec.c".
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
---
drivers/of/Makefile | 6 ++
drivers/of/kexec.c | 258
include/linux/of.h | 13 +++
3
node documentation
v0:
Add a layer of abstraction to use the memory reserved by device tree
for ima buffer pass.
Add support for ima buffer pass using reserved memory for arm64 kexec.
Update the arch sepcific code path in kexec file load to store the
ima buffer in the reserve
evice tree
and update the memory reservation for kexec for arm64.
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
---
arch/arm64/kernel/machine_kexec_file.c | 180 ++---
1 file changed, 8 insertions(+), 172 deletions(-)
diff --git a/arch/arm64/kernel/machine_kexec
evice tree
and update the memory reservation for kexec for powerpc.
Signed-off-by: Rob Herring
Signed-off-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/kexec.h | 1 +
arch/powerpc/kexec/elf_64.c | 29 ---
arch/powerpc/kexec/file_load.c| 132 +-
ar
On 2/5/21 2:05 AM, Greg KH wrote:
On Thu, Feb 04, 2021 at 09:49:50AM -0800, Lakshmi Ramasubramanian wrote:
IMA allocates kernel virtual memory to carry forward the measurement
list, from the current kernel to the next kernel on kexec system call,
in ima_add_kexec_buffer() function. In error
On 2/5/21 9:49 AM, Mimi Zohar wrote:
Hi Mimi,
On Fri, 2021-02-05 at 09:39 -0800, Lakshmi Ramasubramanian wrote:
On 2/5/21 2:05 AM, Greg KH wrote:
On Thu, Feb 04, 2021 at 09:49:50AM -0800, Lakshmi Ramasubramanian wrote:
IMA allocates kernel virtual memory to carry forward the measurement
On 2/4/21 3:36 PM, Rob Herring wrote:
On Thu, Feb 4, 2021 at 5:23 PM Lakshmi Ramasubramanian
wrote:
On 2/4/21 11:26 AM, Rob Herring wrote:
On Thu, Feb 4, 2021 at 10:42 AM Lakshmi Ramasubramanian
wrote:
of_alloc_and_init_fdt() and of_free_fdt() have been defined in
drivers/of/kexec.c
On 2/4/21 11:26 AM, Rob Herring wrote:
On Thu, Feb 4, 2021 at 10:42 AM Lakshmi Ramasubramanian
wrote:
of_alloc_and_init_fdt() and of_free_fdt() have been defined in
drivers/of/kexec.c to allocate and free memory for FDT.
Use of_alloc_and_init_fdt() and of_free_fdt() to allocate
and update the memory reservation for kexec for powerpc.
Signed-off-by: Rob Herring
Reviewed-by: Thiago Jung Bauermann
Reviewed-by: Lakshmi Ramasubramanian
---
arch/powerpc/kexec/file_load.c | 125 ++---
1 file changed, 6 insertions(+), 119 deletions(-)
diff --git a/arch/pow
list in
the error code paths in ima_add_kexec_buffer() function.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Tyler Hicks
Fixes: 7b8589cc29e7 ("ima: on soft reboot, save the measurement list")
---
security/integrity/ima/ima_kexec.c | 1 +
1 file changed, 1 insertion(+)
in "struct kimage" to store the virtual address
of the buffer allocated for the IMA measurement list.
Free the memory allocated for the IMA measurement list in
kimage_file_post_load_cleanup() function.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Tyler Hicks
Reviewed-by: Thiago Jung
kimage_arch" for powerpc to store
the address of FDT, and free the memory in powerpc specific
arch_kimage_file_post_load_cleanup().
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Rob Herring
Suggested-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/kexec.h | 2 ++
arch/pow
Update CONFIG_KEXEC_FILE to select CONFIG_HAVE_IMA_KEXEC, if CONFIG_IMA
is enabled, to indicate that the IMA measurement log information is
present in the device tree for ARM64.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
t functions from
"arch/powerpc/kexec/ima.c" to "drivers/of/kexec.c".
Delete "arch/powerpc/kexec/ima.c" and "arch/powerpc/include/asm/ima.h".
Remove references to the deleted files in powerpc and in ima.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar
Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/kexec.h | 1 -
arch/powerpc/kexec/file_load.c | 32
2 files changed, 33 deletions(-)
diff --git a/arch/powerpc/include/asm/kexec.h b/arch/powerpc/include/asm/kexec.h
in
architecures do not have to duplicate the code.
Define of_alloc_and_init_fdt() and of_free_fdt() in drivers/of/kexec.c
to allocate and initialize FDT, and to free the FDT buffer respectively.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Rob Herring
Suggested-by: Joe Perches
---
drivers/of/kexec.c
e next kernel across kexec system call.
Remove custom code that is used in setup_ima_buffer() to add
"linux,ima-kexec-buffer" property to the device tree.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiag
of_alloc_and_init_fdt() and of_free_fdt() have been defined in
drivers/of/kexec.c to allocate and free memory for FDT.
Use of_alloc_and_init_fdt() and of_free_fdt() to allocate and
initialize the FDT, and to free the FDT respectively.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Rob
r() to of_ima_add_kexec_buffer()
and move it in drivers/of/kexec.c.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Will Deacon
---
arch/powerpc/include/asm/ima.h | 3 ---
arch/powerpc/include/asm/kexec.h | 5 -
and update the memory reservation for kexec for arm64.
Signed-off-by: Rob Herring
Reviewed-by: Thiago Jung Bauermann
Reviewed-by: Lakshmi Ramasubramanian
Acked-by: Will Deacon
---
arch/arm64/kernel/machine_kexec_file.c | 123 +
1 file changed, 3 insertions(+), 120 deletions(-)
pc and arm64, in
of_kexec_setup_new_fdt() and move it to "drivers/of/kexec.c".
Signed-off-by: Rob Herring
Reviewed-by: Thiago Jung Bauermann
Reviewed-by: Lakshmi Ramasubramanian
---
drivers/of/Makefile | 1 +
drivers/of/kexec.c | 236
ss using reserved memory for arm64 kexec.
Update the arch sepcific code path in kexec file load to store the
ima buffer in the reserved memory. The same reserved memory is read
on kexec or cold boot.
Lakshmi Ramasubramanian (8):
powerpc: Move ima buffer fields to struct kimage
p
for
kexec system call.
Rename elfcorehdr_addr to elf_headers_mem to align with arm64 name so
common code can use it.
Signed-off-by: Rob Herring
Reviewed-by: Thiago Jung Bauermann
Reviewed-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/kexec.h | 2 +-
arch/powerpc/kexec/file_load.c
On 1/22/21 2:30 PM, Thiago Jung Bauermann wrote:
Hi Lakshmi,
Lakshmi Ramasubramanian writes:
IMA allocates kernel virtual memory to carry forward the measurement
list, from the current kernel to the next kernel on kexec system call,
in ima_add_kexec_buffer() function. In error code paths
On 1/22/21 2:31 PM, Thiago Jung Bauermann wrote:
Lakshmi Ramasubramanian writes:
IMA allocates kernel virtual memory to carry forward the measurement
list, from the current kernel to the next kernel on kexec system call,
in ima_add_kexec_buffer() function. This buffer is not freed before
n whatever policy capabilities are actually
set in the expected policy (which can be extracted from the policy
itself via seinfo, for example).
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Stephen Smalley
Suggested-by: Paul Moore
---
security/selinux/ima.c | 77 ++
On 1/27/21 8:14 PM, Thiago Jung Bauermann wrote:
Lakshmi Ramasubramanian writes:
On 1/27/21 7:52 PM, Thiago Jung Bauermann wrote:
Will Deacon writes:
On Wed, Jan 27, 2021 at 09:59:38AM -0800, Lakshmi Ramasubramanian wrote:
On 1/27/21 8:52 AM, Will Deacon wrote:
Hi Will,
On Fri, Jan
On 1/27/21 3:13 PM, Will Deacon wrote:
On Wed, Jan 27, 2021 at 01:31:02PM -0500, Mimi Zohar wrote:
On Wed, 2021-01-27 at 10:24 -0800, Lakshmi Ramasubramanian wrote:
On 1/27/21 10:02 AM, Will Deacon wrote:
On Wed, Jan 27, 2021 at 09:56:53AM -0800, Lakshmi Ramasubramanian wrote:
On 1/27/21 8
On 1/27/21 7:52 PM, Thiago Jung Bauermann wrote:
Will Deacon writes:
On Wed, Jan 27, 2021 at 09:59:38AM -0800, Lakshmi Ramasubramanian wrote:
On 1/27/21 8:52 AM, Will Deacon wrote:
Hi Will,
On Fri, Jan 15, 2021 at 09:30:16AM -0800, Lakshmi Ramasubramanian wrote:
create_dtb() function
On 1/27/21 10:02 AM, Will Deacon wrote:
On Wed, Jan 27, 2021 at 09:56:53AM -0800, Lakshmi Ramasubramanian wrote:
On 1/27/21 8:54 AM, Will Deacon wrote:
On Fri, Jan 15, 2021 at 09:30:17AM -0800, Lakshmi Ramasubramanian wrote:
Address and size of the buffer containing the IMA measurement log
On 1/27/21 8:52 AM, Will Deacon wrote:
Hi Will,
On Fri, Jan 15, 2021 at 09:30:16AM -0800, Lakshmi Ramasubramanian wrote:
create_dtb() function allocates kernel virtual memory for
the device tree blob (DTB). This is not consistent with other
architectures, such as powerpc, which calls kmalloc
On 1/27/21 8:54 AM, Will Deacon wrote:
Hi Will,
On Fri, Jan 15, 2021 at 09:30:17AM -0800, Lakshmi Ramasubramanian wrote:
Address and size of the buffer containing the IMA measurement log need
to be passed from the current kernel to the next kernel on kexec.
Add address and size fields
On 1/22/21 1:21 PM, Paul Moore wrote:
Hi Paul,
Thanks for reviewing the changes.
...
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Stephen Smalley
---
This patch is based on
commit e58bb688f2e4 "Merge branch 'measure-critical-data' into next-integrity"
in "next-in
and done on a system other than the measured system, typically
requiring "initialized=1; enabled=1;enforcing=1;checkreqprot=0;" for
a secure state and then whatever policy capabilities are actually set
in the expected policy (which can be extracted from the policy itself
via seinfo, for example
in "struct kimage" to store the virtual address
of the buffer allocated for the IMA measurement list.
Free the memory allocated for the IMA measurement list in
kimage_file_post_load_cleanup() function.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Tyler Hicks
Fixes: 7b8589cc29e7 (&qu
list in
the error code paths in ima_add_kexec_buffer() function.
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Tyler Hicks
Fixes: 7b8589cc29e7 ("ima: on soft reboot, save the measurement list")
---
security/integrity/ima/ima_kexec.c | 2 ++
1 file changed, 2 insertions(+)
e next kernel across kexec system call.
Remove custom code that is used in setup_ima_buffer() to add
"linux,ima-kexec-buffer" property to the device tree.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Thiag
.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
---
arch/arm64/kernel/machine_kexec_file.c | 12 +++-
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/arch/arm64/kernel/machine_kexec_file.c
b/arch/arm64/kernel
rpc.
Move arch_ima_add_kexec_buffer() to ima.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Acked-by: Mimi Zohar
Reviewed-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/ima.h | 3 ---
arch/powerpc/kexec/ima.c
t functions from
"arch/powerpc/kexec/ima.c" to "drivers/of/kexec.c".
Delete "arch/powerpc/kexec/ima.c" and "arch/powerpc/include/asm/ima.h".
Remove references to the deleted files in powerpc and in ima.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar
he memory reserved by device tree
for ima buffer pass.
Add support for ima buffer pass using reserved memory for arm64 kexec.
Update the arch sepcific code path in kexec file load to store the
ima buffer in the reserved memory. The same reserved memory is read
on kexec or cold boot.
KEXEC_FILE to select CONFIG_HAVE_IMA_KEXEC, if CONFIG_IMA
is enabled, to indicate that the IMA measurement log information is
present in the device tree for ARM64.
Co-developed-by: Prakhar Srivastava
Signed-off-by: Prakhar Srivastava
Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: T
pc and arm64, in
of_kexec_setup_new_fdt() and move it to "drivers/of/kexec.c".
Signed-off-by: Rob Herring
Reviewed-by: Thiago Jung Bauermann
Reviewed-by: Lakshmi Ramasubramanian
---
drivers/of/Makefile | 1 +
drivers/of/kexec.c | 236
1 - 100 of 382 matches
Mail list logo
