From 87fd7b7ef7b3936cd454999a26f546d2d1c2f5c0 Mon Sep 17 00:00:00 2001
From: Tushar Sugandhi <tusharsu@linux.microsoft.com>
Date: Mon, 3 Jan 2022 13:59:01 -0800
Subject: [PATCH 1/1] move ima_add_kexec_buffer() from kexec load to execute

Experiment moving ima_add_kexec_buffer() from kexec load to execute.
This logic fails in kexec_add_buffer() - since the control pages are 
already added in kimage_alloc_normal_control_pages(), which get called
during kexec LOAD. 
 E.g. #kexec -s -l /etc/ima/Image.kexec --reuse-cmdline

Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
---
 kernel/kexec_core.c | 5 +++++
 kernel/kexec_file.c | 7 +++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c
index 5a5d192a89ac..7c04203dedef 100644
--- a/kernel/kexec_core.c
+++ b/kernel/kexec_core.c
@@ -39,6 +39,7 @@
 #include <linux/hugetlb.h>
 #include <linux/objtool.h>
 #include <linux/kmsg_dump.h>
+#include <linux/ima.h>
 
 #include <asm/page.h>
 #include <asm/sections.h>
@@ -1166,6 +1167,10 @@ int kernel_kexec(void)
 #endif
 	{
 		kexec_in_progress = true;
+
+		/* IMA needs to pass the measurement list to the next kernel. */
+		ima_add_kexec_buffer(kexec_image);
+
 		kernel_restart_prepare("kexec reboot");
 		migrate_to_reboot_cpu();
 
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index 8347fc158d2b..d6fc28be825c 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -275,8 +275,6 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd,
 				  image->cmdline_buf_len - 1);
 	}
 
-	/* IMA needs to pass the measurement list to the next kernel. */
-	ima_add_kexec_buffer(image);
 
 	/* Call arch image load handlers */
 	ldata = arch_kexec_kernel_image_load(image);
@@ -689,6 +687,11 @@ int kexec_add_buffer(struct kexec_buf *kbuf)
 	 * no destination overlaps.
 	 */
 	if (!list_empty(&kbuf->image->control_pages)) {
+		/* Tushar: This patch fails here,
+		 * since the control pages get added in kimage_alloc_normal_control_pages()
+		 * which get called during kexec LOAD. E.g.
+		 *     kexec -s -l /etc/ima/Image.kexec --reuse-cmdline
+		 */
 		WARN_ON(1);
 		return -EINVAL;
 	}
-- 
2.25.1