Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp649464pxu; Fri, 4 Dec 2020 11:57:13 -0800 (PST) X-Google-Smtp-Source: ABdhPJx24GvGCdp8F0SDLgmKMiHlbRVoK+irodffTEhK+ta6SPXe9PiuI9RWJgB3ErFkbfsdIuJa X-Received: by 2002:a05:6402:d09:: with SMTP id eb9mr8977831edb.71.1607111833027; Fri, 04 Dec 2020 11:57:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607111833; cv=none; d=google.com; s=arc-20160816; b=pzA7MZ8GPNcWehh/SL+RqKdK4zv/KB6wBGeQo5gBP0r8APtOvuLOz63Oft2PXBDq0X K4i5Nrgc/AvhWmZScy3qN3ktACryMknZ1TlArnArHMtarx94nq93gUrcsQUrcVmkCzw5 6Hdl3E4w0lKQVjKFIYoeCcA1g/ToZeExRhnuWSeVaAOefsrauWCJhAV+X6+fQUQJ9dcL qSFfvGbPSbzeOvm/s1yyLU1jpY+vn+s+nppTpkn9eoAmSUZzhjpJIRiEvi69GUJKZhZP v1X0jMhH5UalikY6E2nDREaiyaV3DSpCNYToG+ueEorCb3jFfeIzCvN6qt67AF7UwEJZ GP0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:dkim-filter; bh=c9hfHV9xUhOxPKkKCPQSF8NLSo8arbAWLA6eKI8Sitc=; b=pptBHm5sUuHIzLCcgjHFHcuMc9tSzwaOwJ1Anri9uEsWwWwZNOJNm/MgtQ9a60Z1ti YqP0Hq3YQ9G15YSyTjBn4UEf77m7vXZ876ePQdHQwntzt011TSQZDu3eAuTs9i/ZfFp5 auGtoXVfH1dnRXdlhLlU9vz4c3ivTBkuC9caoUUCyYOko2cyTAk1ME75OvY/6BGnvgfc MAyAeN9OXSjGDgpDEQz7lF9CA05ckpeU1vRtt3bs97NJTj0+Zld1SiqxCfOgGGgHwbzS 6DxsgE4A/HAqYIaPFIh1gQAhghcBhprysg5gBjw1FWGn9RPOnmgNzrEvV0qikV4qRaMh x8Aw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=f5rlirFj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l7si3965065edv.409.2020.12.04.11.56.49; Fri, 04 Dec 2020 11:57:13 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=f5rlirFj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388093AbgLDTx1 (ORCPT + 99 others); Fri, 4 Dec 2020 14:53:27 -0500 Received: from linux.microsoft.com ([13.77.154.182]:52956 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730647AbgLDTxS (ORCPT ); Fri, 4 Dec 2020 14:53:18 -0500 Received: from localhost.localdomain (c-73-42-176-67.hsd1.wa.comcast.net [73.42.176.67]) by linux.microsoft.com (Postfix) with ESMTPSA id 3EB2020B718B; Fri, 4 Dec 2020 11:51:59 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 3EB2020B718B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1607111519; bh=c9hfHV9xUhOxPKkKCPQSF8NLSo8arbAWLA6eKI8Sitc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=f5rlirFjXGIEhNFVOMz2N0x0e3iCjqzeaz7YFF+NNooFvETzoWEslCHbtWMMNvY48 7SjCdlZf667+5ps92NgDwTrAfjv8xiW32ofWM4m5ZwmOVxw6A2HxYIOhR32ISkJe4r aGjw4qkUlLEx39fvr6ON190AI5qVnBQzq//YnLec= From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, bauerman@linux.ibm.com, robh@kernel.org, gregkh@linuxfoundation.org, james.morse@arm.com, catalin.marinas@arm.com, sashal@kernel.org, will@kernel.org, mpe@ellerman.id.au, benh@kernel.crashing.org, paulus@samba.org, robh+dt@kernel.org, frowand.list@gmail.com, vincenzo.frascino@arm.com, mark.rutland@arm.com, dmitry.kasatkin@gmail.com, jmorris@namei.org, serge@hallyn.com, pasha.tatashin@soleen.com, allison@lohutok.net, kstewart@linuxfoundation.org, takahiro.akashi@linaro.org, tglx@linutronix.de, masahiroy@kernel.org, bhsharma@redhat.com, mbrugger@suse.com, hsinyi@chromium.org, tao.li@vivo.com, christophe.leroy@c-s.fr Cc: linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, devicetree@vger.kernel.org, prsriva@linux.microsoft.com, balajib@linux.microsoft.com Subject: [PATCH v10 6/8] powerpc: Move ima_get_kexec_buffer() and ima_free_kexec_buffer() to ima Date: Fri, 4 Dec 2020 11:51:47 -0800 Message-Id: <20201204195149.611-7-nramas@linux.microsoft.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201204195149.611-1-nramas@linux.microsoft.com> References: <20201204195149.611-1-nramas@linux.microsoft.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ima_get_kexec_buffer() retrieves the address and size of the buffer used for carrying forward the IMA measurement logs on kexec from the device tree. ima_free_kexec_buffer() removes the chosen node "linux,ima-kexec-buffer" from the device tree, and frees the buffer used for carrying forward the IMA measurement logs on kexec. These functions do not have architecture specific code, but are currently limited to powerpc. Move ima_get_kexec_buffer() and ima_free_kexec_buffer() to ima_kexec.c in IMA so that they are accessible for other architectures as well. With the above change the functions in arch/powerpc/kexec/ima.c are defined only when the kernel config CONFIG_IMA_KEXEC is enabled. Update the Makefile to build arch/powerpc/kexec/ima.c only when CONFIG_IMA_KEXEC is enabled and remove "#ifdef CONFIG_IMA_KEXEC" in arch/powerpc/kexec/ima.c. Co-developed-by: Prakhar Srivastava Signed-off-by: Prakhar Srivastava Signed-off-by: Lakshmi Ramasubramanian Reviewed-by: Mimi Zohar --- arch/powerpc/include/asm/ima.h | 3 -- arch/powerpc/kexec/Makefile | 7 +--- arch/powerpc/kexec/ima.c | 50 ----------------------------- security/integrity/ima/ima_kexec.c | 51 ++++++++++++++++++++++++++++++ 4 files changed, 52 insertions(+), 59 deletions(-) diff --git a/arch/powerpc/include/asm/ima.h b/arch/powerpc/include/asm/ima.h index a2fc71bc3b23..d8444d27f0d8 100644 --- a/arch/powerpc/include/asm/ima.h +++ b/arch/powerpc/include/asm/ima.h @@ -6,9 +6,6 @@ struct kimage; -int ima_get_kexec_buffer(void **addr, size_t *size); -int ima_free_kexec_buffer(void); - #ifdef CONFIG_IMA_KEXEC int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr, size_t size); diff --git a/arch/powerpc/kexec/Makefile b/arch/powerpc/kexec/Makefile index 4aff6846c772..f54a9dbff4c8 100644 --- a/arch/powerpc/kexec/Makefile +++ b/arch/powerpc/kexec/Makefile @@ -9,12 +9,7 @@ obj-$(CONFIG_PPC32) += relocate_32.o obj-$(CONFIG_KEXEC_FILE) += file_load.o ranges.o file_load_$(BITS).o elf_$(BITS).o -ifdef CONFIG_HAVE_IMA_KEXEC -ifdef CONFIG_IMA -obj-y += ima.o -endif -endif - +obj-$(CONFIG_IMA_KEXEC) += ima.o # Disable GCOV, KCOV & sanitizers in odd or sensitive code GCOV_PROFILE_core_$(BITS).o := n diff --git a/arch/powerpc/kexec/ima.c b/arch/powerpc/kexec/ima.c index 68017123b07d..bf7084c0c4da 100644 --- a/arch/powerpc/kexec/ima.c +++ b/arch/powerpc/kexec/ima.c @@ -13,55 +13,6 @@ #include #include -/** - * ima_get_kexec_buffer - get IMA buffer from the previous kernel - * @addr: On successful return, set to point to the buffer contents. - * @size: On successful return, set to the buffer size. - * - * Return: 0 on success, negative errno on error. - */ -int ima_get_kexec_buffer(void **addr, size_t *size) -{ - int ret; - unsigned long tmp_addr; - size_t tmp_size; - - ret = get_ima_kexec_buffer(NULL, 0, &tmp_addr, &tmp_size); - if (ret) - return ret; - - *addr = __va(tmp_addr); - *size = tmp_size; - - return 0; -} - -/** - * ima_free_kexec_buffer - free memory used by the IMA buffer - */ -int ima_free_kexec_buffer(void) -{ - int ret; - unsigned long addr; - size_t size; - struct property *prop; - - prop = of_find_property(of_chosen, "linux,ima-kexec-buffer", NULL); - if (!prop) - return -ENOENT; - - ret = get_ima_kexec_buffer(NULL, 0, &addr, &size); - if (ret) - return ret; - - ret = of_remove_property(of_chosen, prop); - if (ret) - return ret; - - return memblock_free(addr, size); -} - -#ifdef CONFIG_IMA_KEXEC /** * arch_ima_add_kexec_buffer - do arch-specific steps to add the IMA buffer * @@ -154,4 +105,3 @@ int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node) return 0; } -#endif /* CONFIG_IMA_KEXEC */ diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c index 121de3e04af2..4d354593aecf 100644 --- a/security/integrity/ima/ima_kexec.c +++ b/security/integrity/ima/ima_kexec.c @@ -9,7 +9,10 @@ #include #include +#include +#include #include +#include #include "ima.h" #ifdef CONFIG_IMA_KEXEC @@ -133,6 +136,54 @@ void ima_add_kexec_buffer(struct kimage *image) } #endif /* IMA_KEXEC */ +/** + * ima_get_kexec_buffer - get IMA buffer from the previous kernel + * @addr: On successful return, set to point to the buffer contents. + * @size: On successful return, set to the buffer size. + * + * Return: 0 on success, negative errno on error. + */ +static int ima_get_kexec_buffer(void **addr, size_t *size) +{ + int ret; + unsigned long tmp_addr; + size_t tmp_size; + + ret = get_ima_kexec_buffer(NULL, 0, &tmp_addr, &tmp_size); + if (ret) + return ret; + + *addr = __va(tmp_addr); + *size = tmp_size; + + return 0; +} + +/** + * ima_free_kexec_buffer - free memory used by the IMA buffer + */ +static int ima_free_kexec_buffer(void) +{ + int ret; + unsigned long addr; + size_t size; + struct property *prop; + + prop = of_find_property(of_chosen, "linux,ima-kexec-buffer", NULL); + if (!prop) + return -ENOENT; + + ret = get_ima_kexec_buffer(NULL, 0, &addr, &size); + if (ret) + return ret; + + ret = of_remove_property(of_chosen, prop); + if (ret) + return ret; + + return memblock_free(addr, size); +} + /* * Restore the measurement list from the previous kernel. */ -- 2.29.2