Gentwo Git Trees - linux/.git/commit

author	Steven Chen <chenste@linux.microsoft.com>
	Mon, 21 Apr 2025 22:25:08 +0000 (15:25 -0700)
committer	Mimi Zohar <zohar@linux.ibm.com>
	Tue, 29 Apr 2025 19:54:53 +0000 (15:54 -0400)
commit	c95e1acb6d7f00efab73e41b31e0560751e3f469
tree	d7959774036f09e94f1bae218deeadf31ecdf1d0	tree \| snapshot
parent	cb5052282c65dc998d12e4eea8d5133249826c13	commit \| diff

ima: define and call ima_alloc_kexec_file_buf()

In the current implementation, the ima_dump_measurement_list() API is
called during the kexec "load" phase, where a buffer is allocated and
the measurement records are copied. Due to this, new events added after
kexec load but before kexec execute are not carried over to the new kernel
during kexec operation

Carrying the IMA measurement list across kexec requires allocating a
buffer and copying the measurement records. Separate allocating the
buffer and copying the measurement records into separate functions in
order to allocate the buffer at kexec 'load' and copy the measurements
at kexec 'execute'.

After moving the vfree() here at this stage in the patch set, the IMA
measurement list fails to verify when doing two consecutive "kexec -s -l"
with/without a "kexec -s -u" in between. Only after "ima: kexec: move
IMA log copy from kexec load to execute" the IMA measurement list verifies
properly with the vfree() here.

Co-developed-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
Signed-off-by: Steven Chen <chenste@linux.microsoft.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Acked-by: Baoquan He <bhe@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com> # ppc64/kvm
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>