Merge branch 'ima-kexec-fixes' into next-integrity

2024-11-23 20:24:12 +08:00 · 2021-02-10 16:34:06 -05:00 · 2021-02-10 16:34:06 -05:00 · cccb0efdef
commit cccb0efdef
parent b3f82afc10 f31e3386a4
3 changed files with 13 additions and 0 deletions
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@ -300,6 +300,11 @@ struct kimage {
 	/* Information for loading purgatory */
 	struct purgatory_info purgatory_info;
 #endif
+
+#ifdef CONFIG_IMA_KEXEC
+	/* Virtual address of IMA measurement buffer for kexec syscall */
+	void *ima_buffer;
+#endif
 };

 /* kexec interface functions */
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@ -166,6 +166,11 @@ void kimage_file_post_load_cleanup(struct kimage *image)
 	vfree(pi->sechdrs);
 	pi->sechdrs = NULL;

+#ifdef CONFIG_IMA_KEXEC
+	vfree(image->ima_buffer);
+	image->ima_buffer = NULL;
+#endif /* CONFIG_IMA_KEXEC */
+
 	/* See if architecture has anything to cleanup post load */
 	arch_kimage_file_post_load_cleanup(image);

--- a/security/integrity/ima/ima_kexec.c
+++ b/security/integrity/ima/ima_kexec.c
@ -119,6 +119,7 @@ void ima_add_kexec_buffer(struct kimage *image)
 	ret = kexec_add_buffer(&kbuf);
 	if (ret) {
 		pr_err("Error passing over kexec measurement buffer.\n");
+		vfree(kexec_buffer);
 		return;
 	}

@ -128,6 +129,8 @@ void ima_add_kexec_buffer(struct kimage *image)
 		return;
 	}

+	image->ima_buffer = kexec_buffer;
+
 	pr_debug("kexec measurement buffer for the loaded kernel at 0x%lx.\n",
 		 kbuf.mem);
 }