Merge branch 'ima-kexec-fixes' into next-integrity

cccb0efd · Mimi Zohar · b3f82afc · f31e3386 · cccb0efd · cccb0efd
Commit cccb0efd authored Feb 10, 2021 by Mimi Zohar
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 0 deletions

include/linux/kexec.h include/linux/kexec.h +5 -0

kernel/kexec_file.c kernel/kexec_file.c +5 -0

security/integrity/ima/ima_kexec.c security/integrity/ima/ima_kexec.c +3 -0

No files found.
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@@ -300,6 +300,11 @@ struct kimage {
 	/* Information for loading purgatory */
 	struct purgatory_info purgatory_info;
 #endif
+#ifdef CONFIG_IMA_KEXEC
+	/* Virtual address of IMA measurement buffer for kexec syscall */
+	void *ima_buffer;
+#endif
 };
 /* kexec interface functions */

--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -166,6 +166,11 @@ void kimage_file_post_load_cleanup(struct kimage *image)
 	vfree(pi->sechdrs);
 	pi->sechdrs = NULL;
+#ifdef CONFIG_IMA_KEXEC
+	vfree(image->ima_buffer);
+	image->ima_buffer = NULL;
+#endif /* CONFIG_IMA_KEXEC */
 	/* See if architecture has anything to cleanup post load */
 	arch_kimage_file_post_load_cleanup(image);

--- a/security/integrity/ima/ima_kexec.c
+++ b/security/integrity/ima/ima_kexec.c
@@ -119,6 +119,7 @@ void ima_add_kexec_buffer(struct kimage *image)
 	ret = kexec_add_buffer(&kbuf);
 	if (ret) {
 		pr_err("Error passing over kexec measurement buffer.\n");
+		vfree(kexec_buffer);
 		return;
 	}
@@ -128,6 +129,8 @@ void ima_add_kexec_buffer(struct kimage *image)
 		return;
 	}
+	image->ima_buffer = kexec_buffer;
 	pr_debug("kexec measurement buffer for the loaded kernel at 0x%lx.\n",
 		 kbuf.mem);
 }