[PATCH 01/10] ima: implement function to allocate buffer at kexec load

[Tushar Sugandhi]

Adding Eric to cc.

On 7/7/23 06:00, Mimi Zohar wrote:
> Hi Tushar,
>
> On Mon, 2023-07-03 at 14:57 -0700, Tushar Sugandhi wrote:
>> IMA does not provide a mechanism to allocate memory for IMA log storage
>> during kexec operation.
> The IMA measurement list is currently being carried across kexec, so
> obviously a buffer is being allocated for it.  IMA not allocating
> memory for the measurment list is not the problem statement.  Please
> concisely provide the problem statement, explaining why IMA needs to
> allocate the buffer.
>
I meant IMA does not provide separate functions to allocate buffer and
populate measurements.  Both operations are wrapped in an atomic
ima_dump_measurement_list().

As I mentioned in the comment in the cover letter, if there is no such
technical limitation to allocate the buffer and copy the measurements at
kexec ‘execute’ – I will make the necessary code changes and update the
above line in the patch description accordingly.
>> The function should handle the scenario where
>> the kexec load is called multiple times.
> Currently the buffer is being freed with the kexec 'unload'.  With this
> patch IMA is allocating a buffer for the measurement list, which needs
> to be freed independently of the kexec 'unload'.
If we end up allocating the buffer at kexec ‘execute’ (which results in
soft boot to next Kernel) – is it technically possible that
kexec ‘unload’ being called after calling kexec ‘execute’?

If not, should I still free the buffer at kexec ‘unload’ in this
scenario?

~Tushar


>> Implement a function to allocate buffer of size kexec_segment_size at
>> kexec load.  If the buffer was already allocated, free that buffer and
>> reallocate.  Finally, initialihze ima_khdr struct.
>>
>> The patch operates under the assumption that the segment size does not
>> change between kexec load and execute.
>>
>> Signed-off-by: Tushar Sugandhi <tusharsu at linux.microsoft.com>