Re: [PATCH v7 1/7] ima: define and call ima_alloc_kexec_file_buf

[PATCH v7 0/7] ima: kexec: measure events between kexec load and excute · steven chen <hidden> · 2025-02-03
[PATCH v7 3/7] ima: kexec: skip IMA segment validation after kexec soft reboot · steven chen <hidden> · 2025-02-03
Re: [PATCH v7 3/7] ima: kexec: skip IMA segment validation after kexec soft reboot · Stefan Berger <stefanb@linux.ibm.com> · 2025-02-04
Re: [PATCH v7 3/7] ima: kexec: skip IMA segment validation after kexec soft reboot · steven chen <hidden> · 2025-02-04
Re: [PATCH v7 3/7] ima: kexec: skip IMA segment validation after kexec soft reboot · Stefan Berger <stefanb@linux.ibm.com> · 2025-02-04
Re: [PATCH v7 3/7] ima: kexec: skip IMA segment validation after kexec soft reboot · steven chen <hidden> · 2025-02-07
[PATCH v7 4/7] ima: kexec: define functions to copy IMA log at soft boot · steven chen <hidden> · 2025-02-03
[PATCH v7 2/7] kexec: define functions to map and unmap segments · steven chen <hidden> · 2025-02-03
Re: [PATCH v7 2/7] kexec: define functions to map and unmap segments · Mimi Zohar <zohar@linux.ibm.com> · 2025-02-07
Re: [PATCH v7 2/7] kexec: define functions to map and unmap segments · steven chen <hidden> · 2025-02-10
Re: [PATCH v7 2/7] kexec: define functions to map and unmap segments · Mimi Zohar <zohar@linux.ibm.com> · 2025-02-12
Re: [PATCH v7 2/7] kexec: define functions to map and unmap segments · Baoquan He <hidden> · 2025-02-18
[PATCH v7 1/7] ima: define and call ima_alloc_kexec_file_buf · steven chen <hidden> · 2025-02-03
Re: [PATCH v7 1/7] ima: define and call ima_alloc_kexec_file_buf · Mimi Zohar <zohar@linux.ibm.com> · 2025-02-06
Re: [PATCH v7 1/7] ima: define and call ima_alloc_kexec_file_buf · steven chen <hidden> · 2025-02-07
Re: [PATCH v7 1/7] ima: define and call ima_alloc_kexec_file_buf · Mimi Zohar <zohar@linux.ibm.com> · 2025-02-07
Re: [PATCH v7 1/7] ima: define and call ima_alloc_kexec_file_buf · Mimi Zohar <zohar@linux.ibm.com> · 2025-02-07
Re: [PATCH v7 1/7] ima: define and call ima_alloc_kexec_file_buf · steven chen <hidden> · 2025-02-07
[PATCH v7 7/7] ima: measure kexec load and exec events as critical data · steven chen <hidden> · 2025-02-03
Re: [PATCH v7 7/7] ima: measure kexec load and exec events as critical data · Mimi Zohar <zohar@linux.ibm.com> · 2025-02-07
Re: [PATCH v7 7/7] ima: measure kexec load and exec events as critical data · Mimi Zohar <zohar@linux.ibm.com> · 2025-02-07
Re: [PATCH v7 7/7] ima: measure kexec load and exec events as critical data · Stefan Berger <stefanb@linux.ibm.com> · 2025-02-07
Re: [PATCH v7 7/7] ima: measure kexec load and exec events as critical data · steven chen <hidden> · 2025-02-07
[PATCH v7 6/7] ima: make the kexec extra memory configurable · steven chen <hidden> · 2025-02-03
Re: [PATCH v7 6/7] ima: make the kexec extra memory configurable · Mimi Zohar <zohar@linux.ibm.com> · 2025-02-07
[PATCH v7 5/7] ima: kexec: move IMA log copy from kexec load to execute · steven chen <hidden> · 2025-02-03
[PATCH v7 4/7] ima: kexec: define functions to copy IMA log at soft boot · steven chen <hidden> · 2025-02-03

From: Mimi Zohar <zohar@linux.ibm.com>
Date: 2025-02-06 16:51:23
Also in: kexec, linux-integrity, lkml

Thanks, Steven, for picking up and working on Tushar's patch set.

I normally finish reviewing the patch set, before commenting.  In this case, there's
a generic comment that relates to all of the patches.  It's also a way of letting you
know that I've started reviewing the patch set.  The remaining comments will come
after I finish reviewing the patch set.

On Mon, 2025-02-03 at 15:20 -0800, steven chen wrote:

Carrying the IMA measurement list across kexec requires allocating a
buffer and copying the measurement records.  Separate allocating the
buffer and copying the measurement records into separate functions in
order to allocate the buffer at kexec 'load' and copy the measurements
at kexec 'execute'.

This patch includes the following changes:
 - Refactor ima_dump_measurement_list() to move the memory allocation
   to a separate function ima_alloc_kexec_file_buf() which allocates
   buffer of size 'kexec_segment_size' at kexec 'load'.
 - Make the local variable ima_kexec_file in ima_dump_measurement_list()
   a local static to the file, so that it can be accessed from 
   ima_alloc_kexec_file_buf(). Compare actual memory required to ensure 
   there is enough memory for the entire measurement record.
 - Copy as many measurement events as possible.
 - Make necessary changes to the function ima_add_kexec_buffer() to call
   the above two functions.
 - Compared the memory size allocated with memory size of the entire 
   measurement record. If there is not enough memory, it will copy as many
   IMA measurement records as possible, and this situation will result
   in a failure of remote attestation.

Author: Tushar Sugandhi [off-list ref]

I understand you want to credit Tushar for the patch, but the mechanism is described
in Documentation/process/submitting-patches.rst.  Refer to the paragraph on "Co-
developed-by".  There is no tag named "Author".

Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Suggested-by: Mimi Zohar <zohar@linux.ibm.com>

"Suggested-by" goes before the Signed-off-by tag(s). "Reviewed-by" tag goes after
your and/or Tushar's Signed-off-tag.

Signed-off-by: Tushar Sugandhi <redacted>
Signed-off-by: steven chen <redacted>

Before the "Co-developed-by" tag was defined, it was implied simply by this ordering
of the "Signed-off-by" tags.

For those patches you didn't modify, simply import Tushar's patch with him as the
author and add your Signed-off-by tag after his.

thanks,

Mimi

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help