diff options
author | Mimi Zohar <zohar@linux.ibm.com> | 2021-02-10 16:34:06 -0500 |
---|---|---|
committer | Mimi Zohar <zohar@linux.ibm.com> | 2021-02-10 16:34:06 -0500 |
commit | cccb0efdef01e8a9f44ac38e081c485f92fac3a4 (patch) | |
tree | 14f523df71288692520ec98cf851330a0431d666 | |
parent | b3f82afc1041a6a7d5347a01883f4aab7ec133b2 (diff) | |
parent | f31e3386a4e92ba6eda7328cb508462956c94c64 (diff) | |
download | lwn-cccb0efdef01e8a9f44ac38e081c485f92fac3a4.tar.gz lwn-cccb0efdef01e8a9f44ac38e081c485f92fac3a4.zip |
Merge branch 'ima-kexec-fixes' into next-integrity
-rw-r--r-- | include/linux/kexec.h | 5 | ||||
-rw-r--r-- | kernel/kexec_file.c | 5 | ||||
-rw-r--r-- | security/integrity/ima/ima_kexec.c | 3 |
3 files changed, 13 insertions, 0 deletions
diff --git a/include/linux/kexec.h b/include/linux/kexec.h index 9e93bef52968..5f61389f5f36 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -300,6 +300,11 @@ struct kimage { /* Information for loading purgatory */ struct purgatory_info purgatory_info; #endif + +#ifdef CONFIG_IMA_KEXEC + /* Virtual address of IMA measurement buffer for kexec syscall */ + void *ima_buffer; +#endif }; /* kexec interface functions */ diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index b02086d70492..5c3447cf7ad5 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -166,6 +166,11 @@ void kimage_file_post_load_cleanup(struct kimage *image) vfree(pi->sechdrs); pi->sechdrs = NULL; +#ifdef CONFIG_IMA_KEXEC + vfree(image->ima_buffer); + image->ima_buffer = NULL; +#endif /* CONFIG_IMA_KEXEC */ + /* See if architecture has anything to cleanup post load */ arch_kimage_file_post_load_cleanup(image); diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c index 121de3e04af2..e29bea3dd4cc 100644 --- a/security/integrity/ima/ima_kexec.c +++ b/security/integrity/ima/ima_kexec.c @@ -119,6 +119,7 @@ void ima_add_kexec_buffer(struct kimage *image) ret = kexec_add_buffer(&kbuf); if (ret) { pr_err("Error passing over kexec measurement buffer.\n"); + vfree(kexec_buffer); return; } @@ -128,6 +129,8 @@ void ima_add_kexec_buffer(struct kimage *image) return; } + image->ima_buffer = kexec_buffer; + pr_debug("kexec measurement buffer for the loaded kernel at 0x%lx.\n", kbuf.mem); } |