diff options
| author |   Steven Chen <chenste@linux.microsoft.com> | 2025-04-21 15:25:13 -0700 |
|---|---|---|
| committer |   Mimi Zohar <zohar@linux.ibm.com> | 2025-04-29 15:54:54 -0400 |
| commit | d0a00ce470e3ea19ba3b9f1c390aee739570a44a (patch) | |
| tree | dc0e448b8342f9ef88b2e7b2c32ae38d9bceba27 /security | |
| parent | ima: kexec: move IMA log copy from kexec load to execute (diff) | |
| download | linux-rng-d0a00ce470e3ea19ba3b9f1c390aee739570a44a.tar.xz linux-rng-d0a00ce470e3ea19ba3b9f1c390aee739570a44a.zip | |
ima: verify if the segment size has changed
kexec 'load' may be called multiple times. Free and realloc the buffer
only if the segment_size is changed from the previous kexec 'load' call.
Signed-off-by: Steven Chen <chenste@linux.microsoft.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Acked-by: Baoquan He <bhe@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com> # ppc64/kvm
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/integrity/ima/ima_kexec.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c index 5c3b3e0b2186..ed867734ee70 100644 --- a/security/integrity/ima/ima_kexec.c +++ b/security/integrity/ima/ima_kexec.c @@ -33,6 +33,14 @@ static void ima_free_kexec_file_buf(struct seq_file *sf) static int ima_alloc_kexec_file_buf(size_t segment_size) { + /* + * kexec 'load' may be called multiple times. + * Free and realloc the buffer only if the segment_size is + * changed from the previous kexec 'load' call. + */ + if (ima_kexec_file.buf && ima_kexec_file.size == segment_size) + goto out; + ima_free_kexec_file_buf(&ima_kexec_file); /* segment size can't change between kexec load and execute */ @@ -41,6 +49,8 @@ static int ima_alloc_kexec_file_buf(size_t segment_size) return -ENOMEM; ima_kexec_file.size = segment_size; + +out: ima_kexec_file.read_pos = 0; ima_kexec_file.count = sizeof(struct ima_kexec_hdr); /* reserved space */ |