Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp2613440imw; Wed, 6 Jul 2022 08:49:55 -0700 (PDT) X-Google-Smtp-Source: AGRyM1tLOQiQFPZL0L7lE8ZtFZ2OvIxg1OehIUQEpIdFBEQie+qYSZqKDQx0eciw5v2RcXmkxdBu X-Received: by 2002:a05:6402:3202:b0:43a:86f5:a930 with SMTP id g2-20020a056402320200b0043a86f5a930mr6414552eda.389.1657122595105; Wed, 06 Jul 2022 08:49:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657122595; cv=none; d=google.com; s=arc-20160816; b=m1WTcSSASdtmeLWBq7ATz6J0onfq1j0iI6IvJwFTHaREpHlKg2Y/dugo7sv0bdHWHr TINZ2vux3rRwB83QDaL+oplFIS2o2jrawSn9aGK/CUJ3OiuKnJt/VcVZkxmtLS0618Qu DisKnp+L8ITfGGaBmsAMQvt85dvSTwNL1LwAPu1UgCGP6VDEhtuceK80NmeJTVvL5tA8 wKTHtVlerVhiAuMl6Gam97kj4GS2DjL9X4+RPdXxIUuYHV7cDaGmY4WgX5j+VQKQpU12 cS8e+CagWWkxlECIDe4cevG2Ov/Bi6y32zHWuy5XoYlC5EOPYOmX1Z6bfz68c+cELJ7I kFew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :in-reply-to:from:references:cc:to:content-language:subject :user-agent:date:message-id:dkim-signature; bh=iOFSCddeYP0NRq1hBk2lyEdWsIVwq2ii0hv96zIjyL4=; b=Fz3dcBiqWO2evWOT37Ra5MXF9YnzC+EfSC3b8MJ3Sg8i/FgWEhv7bjerP/tNeRL71n XLRIVqehCG6bUI6wZiL2SjPAGIYnT5skl7LYJIMx5DhR3KVFi15ToJyZXR2qeBbVigIz vTTneVibRgYovFrtfnnrTlvT34iw03RjA7wnVQM5YovlkT/xq7GrgWmLgmncTRE/RJuG SNU8g5KciszU6iTffNaJCb6o28FleE7OU+G4nXix8bTiNnhUdU7X+vmyy4ARXn5z6La5 mHJq11nfSr7ICkcuE8Yw8TQwUwb0Ui2PK9I8hDkhmpaGvNP8EPD+URp4nJT/cfCvy8sC mm3A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=clkBz2AB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id dm10-20020a170907948a00b006fed02b6307si9135212ejc.44.2022.07.06.08.49.28; Wed, 06 Jul 2022 08:49:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=clkBz2AB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232606AbiGFPHd (ORCPT + 99 others); Wed, 6 Jul 2022 11:07:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51552 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233705AbiGFPHZ (ORCPT ); Wed, 6 Jul 2022 11:07:25 -0400 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 37CF1220C1; Wed, 6 Jul 2022 08:07:24 -0700 (PDT) Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 266EkUmb006315; Wed, 6 Jul 2022 15:06:54 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : date : subject : to : cc : references : from : in-reply-to : content-type : content-transfer-encoding : mime-version; s=pp1; bh=iOFSCddeYP0NRq1hBk2lyEdWsIVwq2ii0hv96zIjyL4=; b=clkBz2AB1UInrpZYgMF/fb32FaRkc6qO4HLPqCinqLAjdMlAQamTWHN+vGGNSOoBcG28 Mpf6+YMxYo1kKOnLsNio2UtoISNECQoc+yUrLbXw/rDs6xeaNaqAnG5j5b/9RrnDiPcI HB3w5IBdBYCcQdFEqhm5yj3sZxENh0pRnlfNOVEnzA8Q0ugMtoze3ZvnR9rlsZRgSpRt 7llkVDwVBgyE5dOPKYR1FBqbf0zVZA+TAdUF6acnKuaQHxA1eNShGEeUY8HCXJMWlExr 8dyOBzb0mupFYRxRxpE7e69yu5+rKw2FrPaHNK03n2QuqI6lQiQpgwujxg+fFoJuG/5K Og== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3h55gjumr6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 06 Jul 2022 15:06:54 +0000 Received: from m0098404.ppops.net (m0098404.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 266EqMOq020411; Wed, 6 Jul 2022 15:06:53 GMT Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com [169.47.144.27]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3h55gjumqk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 06 Jul 2022 15:06:53 +0000 Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1]) by ppma05wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 266F6RUZ017600; Wed, 6 Jul 2022 15:06:52 GMT Received: from b01cxnp22033.gho.pok.ibm.com (b01cxnp22033.gho.pok.ibm.com [9.57.198.23]) by ppma05wdc.us.ibm.com with ESMTP id 3h4v4yvvwu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 06 Jul 2022 15:06:52 +0000 Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com [9.57.199.111]) by b01cxnp22033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 266F6ppK17957124 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 6 Jul 2022 15:06:51 GMT Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A9AA1AC05B; Wed, 6 Jul 2022 15:06:51 +0000 (GMT) Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 64F16AC05E; Wed, 6 Jul 2022 15:06:51 +0000 (GMT) Received: from [9.47.158.152] (unknown [9.47.158.152]) by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTP; Wed, 6 Jul 2022 15:06:51 +0000 (GMT) Message-ID: Date: Wed, 6 Jul 2022 11:06:51 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.0 Subject: Re: [PATCH v4 4/5] of: kexec: Refactor IMA buffer related functions to make them reusable Content-Language: en-US To: Jonathan McDowell Cc: Mimi Zohar , "kexec@lists.infradead.org" , "devicetree@vger.kernel.org" , "linux-integrity@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "linuxppc-dev@lists.ozlabs.org" , "nayna@linux.ibm.com" , "nasastry@in.ibm.com" , "mpe@ellerman.id.au" , Rob Herring , Frank Rowand , Borislav Petkov References: <20220701022603.31076-1-stefanb@linux.ibm.com> <20220701022603.31076-5-stefanb@linux.ibm.com> <47256afac54d68c23f0bdec257ffa26ddf1eb25d.camel@linux.ibm.com> From: Stefan Berger In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: bem9dv8dbDupPbUjLWLZ739719llTQyH X-Proofpoint-GUID: FfM4LJWSvx1JLRlrx0arsH8QFKs5qhuF Content-Transfer-Encoding: 7bit X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-07-06_09,2022-06-28_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1011 impostorscore=0 malwarescore=0 suspectscore=0 bulkscore=0 phishscore=0 priorityscore=1501 spamscore=0 lowpriorityscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2206140000 definitions=main-2207060057 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 7/6/22 10:00, Jonathan McDowell wrote: > On Tue, Jul 05, 2022 at 06:46:54PM -0400, Mimi Zohar wrote: >> [Cc'ing Borislav Petkov , Jonathan McDowell >> ] >> >> Hi Stefan, >> >> On Thu, 2022-06-30 at 22:26 -0400, Stefan Berger wrote: >>> Refactor IMA buffer related functions to make them reusable for carrying >>> TPM logs across kexec. >>> >>> Signed-off-by: Stefan Berger >>> Cc: Rob Herring >>> Cc: Frank Rowand >>> Cc: Mimi Zohar >> >> Refactoring the ima_get_kexec_buffer sounds good, but there's a merge >> conflict with Jonathan McDowell's commit "b69a2afd5afc x86/kexec: Carry >> forward IMA measurement log on kexec". >> https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/drivers/of/kexec.c > > None of this looks difficult to re-do on top of my changes that are in > -next; the only thing to watch out for is a couple of functions have > moved into the __init section but that looks appropriate for your TPM > log carry-over too. Yes, I am rebasing my series now and will post v5 of this series with your patch prepended as well. Stefan > >>> --- >>> v4: >>> - Move debug output into setup_buffer() >>> --- >>> drivers/of/kexec.c | 131 ++++++++++++++++++++++++++------------------- >>> 1 file changed, 76 insertions(+), 55 deletions(-) >>> >>> diff --git a/drivers/of/kexec.c b/drivers/of/kexec.c >>> index c4f9b6655a2e..0710703acfb0 100644 >>> --- a/drivers/of/kexec.c >>> +++ b/drivers/of/kexec.c >>> @@ -115,48 +115,59 @@ static int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr, >>> return 0; >>> } >>> >>> -/** >>> - * ima_get_kexec_buffer - get IMA buffer from the previous kernel >>> - * @addr: On successful return, set to point to the buffer contents. >>> - * @size: On successful return, set to the buffer size. >>> - * >>> - * Return: 0 on success, negative errno on error. >>> - */ >>> -int ima_get_kexec_buffer(void **addr, size_t *size) >>> +static int get_kexec_buffer(const char *name, unsigned long *addr, size_t *size) >>> { >>> int ret, len; >>> - unsigned long tmp_addr; >>> unsigned long start_pfn, end_pfn; >>> - size_t tmp_size; >>> const void *prop; >>> >>> - if (!IS_ENABLED(CONFIG_HAVE_IMA_KEXEC)) >>> - return -ENOTSUPP; >>> - >>> - prop = of_get_property(of_chosen, "linux,ima-kexec-buffer", &len); >>> + prop = of_get_property(of_chosen, name, &len); >>> if (!prop) >>> return -ENOENT; >>> >>> - ret = do_get_kexec_buffer(prop, len, &tmp_addr, &tmp_size); >>> + ret = do_get_kexec_buffer(prop, len, addr, size); >>> if (ret) >>> return ret; >>> >>> - /* Do some sanity on the returned size for the ima-kexec buffer */ >>> - if (!tmp_size) >>> + /* Do some sanity on the returned size for the kexec buffer */ >>> + if (!*size) >>> return -ENOENT; >>> >>> /* >>> * Calculate the PFNs for the buffer and ensure >>> * they are with in addressable memory. >>> */ >>> - start_pfn = PHYS_PFN(tmp_addr); >>> - end_pfn = PHYS_PFN(tmp_addr + tmp_size - 1); >>> + start_pfn = PHYS_PFN(*addr); >>> + end_pfn = PHYS_PFN(*addr + *size - 1); >>> if (!page_is_ram(start_pfn) || !page_is_ram(end_pfn)) { >>> - pr_warn("IMA buffer at 0x%lx, size = 0x%zx beyond memory\n", >>> - tmp_addr, tmp_size); >>> + pr_warn("%s buffer at 0x%lx, size = 0x%zx beyond memory\n", >>> + name, *addr, *size); >>> return -EINVAL; >>> } >>> >>> + return 0; >>> +} >>> + >>> +/** >>> + * ima_get_kexec_buffer - get IMA buffer from the previous kernel >>> + * @addr: On successful return, set to point to the buffer contents. >>> + * @size: On successful return, set to the buffer size. >>> + * >>> + * Return: 0 on success, negative errno on error. >>> + */ >>> +int ima_get_kexec_buffer(void **addr, size_t *size) >>> +{ >>> + int ret; >>> + unsigned long tmp_addr; >>> + size_t tmp_size; >>> + >>> + if (!IS_ENABLED(CONFIG_HAVE_IMA_KEXEC)) >>> + return -ENOTSUPP; >>> + >>> + ret = get_kexec_buffer("linux,ima-kexec-buffer", &tmp_addr, &tmp_size); >>> + if (ret) >>> + return ret; >>> + >>> *addr = __va(tmp_addr); >>> *size = tmp_size; >>> >>> @@ -191,72 +202,82 @@ int ima_free_kexec_buffer(void) >>> return memblock_phys_free(addr, size); >>> } >>> >>> -/** >>> - * remove_ima_buffer - remove the IMA buffer property and reservation from @fdt >>> - * >>> - * @fdt: Flattened Device Tree to update >>> - * @chosen_node: Offset to the chosen node in the device tree >>> - * >>> - * The IMA measurement buffer is of no use to a subsequent kernel, so we always >>> - * remove it from the device tree. >>> - */ >>> -static void remove_ima_buffer(void *fdt, int chosen_node) >>> +static int remove_buffer(void *fdt, int chosen_node, const char *name) >>> { >>> int ret, len; >>> unsigned long addr; >>> size_t size; >>> const void *prop; >>> >>> - if (!IS_ENABLED(CONFIG_HAVE_IMA_KEXEC)) >>> - return; >>> - >>> - prop = fdt_getprop(fdt, chosen_node, "linux,ima-kexec-buffer", &len); >>> + prop = fdt_getprop(fdt, chosen_node, name, &len); >>> if (!prop) >>> - return; >>> + return -ENOENT; >>> >>> ret = do_get_kexec_buffer(prop, len, &addr, &size); >>> - fdt_delprop(fdt, chosen_node, "linux,ima-kexec-buffer"); >>> + fdt_delprop(fdt, chosen_node, name); >>> if (ret) >>> - return; >>> + return ret; >>> >>> ret = fdt_find_and_del_mem_rsv(fdt, addr, size); >>> if (!ret) >>> - pr_debug("Removed old IMA buffer reservation.\n"); >>> + pr_debug("Remove old %s buffer reserveration", name); >>> + return ret; >>> } >>> >>> -#ifdef CONFIG_IMA_KEXEC >>> /** >>> - * setup_ima_buffer - add IMA buffer information to the fdt >>> - * @image: kexec image being loaded. >>> - * @fdt: Flattened device tree for the next kernel. >>> - * @chosen_node: Offset to the chosen node. >>> + * remove_ima_buffer - remove the IMA buffer property and reservation from @fdt >>> * >>> - * Return: 0 on success, or negative errno on error. >>> + * @fdt: Flattened Device Tree to update >>> + * @chosen_node: Offset to the chosen node in the device tree >>> + * >>> + * The IMA measurement buffer is of no use to a subsequent kernel, so we always >>> + * remove it from the device tree. >>> */ >>> -static int setup_ima_buffer(const struct kimage *image, void *fdt, >>> - int chosen_node) >>> +static void remove_ima_buffer(void *fdt, int chosen_node) >>> +{ >>> + if (!IS_ENABLED(CONFIG_HAVE_IMA_KEXEC)) >>> + return; >>> + >>> + remove_buffer(fdt, chosen_node, "linux,ima-kexec-buffer"); >>> +} >>> + >>> +#ifdef CONFIG_IMA_KEXEC >>> +static int setup_buffer(void *fdt, int chosen_node, const char *name, >>> + phys_addr_t addr, size_t size) >>> { >>> int ret; >>> >>> - if (!image->ima_buffer_size) >>> + if (!size) >>> return 0; >>> >>> ret = fdt_appendprop_addrrange(fdt, 0, chosen_node, >>> - "linux,ima-kexec-buffer", >>> - image->ima_buffer_addr, >>> - image->ima_buffer_size); >>> + name, addr, size); >>> if (ret < 0) >>> return -EINVAL; >>> >>> - ret = fdt_add_mem_rsv(fdt, image->ima_buffer_addr, >>> - image->ima_buffer_size); >>> + ret = fdt_add_mem_rsv(fdt, addr, size); >>> if (ret) >>> return -EINVAL; >>> >>> - pr_debug("IMA buffer at 0x%pa, size = 0x%zx\n", >>> - &image->ima_buffer_addr, image->ima_buffer_size); >>> + pr_debug("%s at 0x%pa, size = 0x%zx\n", name, &addr, size); >>> >>> return 0; >>> + >>> +} >>> + >>> +/** >>> + * setup_ima_buffer - add IMA buffer information to the fdt >>> + * @image: kexec image being loaded. >>> + * @fdt: Flattened device tree for the next kernel. >>> + * @chosen_node: Offset to the chosen node. >>> + * >>> + * Return: 0 on success, or negative errno on error. >>> + */ >>> +static int setup_ima_buffer(const struct kimage *image, void *fdt, >>> + int chosen_node) >>> +{ >>> + return setup_buffer(fdt, chosen_node, "linux,ima-kexec-buffer", >>> + image->ima_buffer_addr, image->ima_buffer_size); >>> } >>> #else /* CONFIG_IMA_KEXEC */ >>> static inline int setup_ima_buffer(const struct kimage *image, void *fdt,