Commit d0a00ce4 authored by Steven Chen's avatar Steven Chen Committed by Mimi Zohar
Browse files

ima: verify if the segment size has changed 



kexec 'load' may be called multiple times. Free and realloc the buffer
only if the segment_size is changed from the previous kexec 'load' call.

Signed-off-by: default avatarSteven Chen <chenste@linux.microsoft.com>
Reviewed-by: default avatarStefan Berger <stefanb@linux.ibm.com>
Acked-by: default avatarBaoquan He <bhe@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com> # ppc64/kvm
Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
parent 9f0ec4b1

security/integrity/ima/ima_kexec.c

+10 −0
Original line number Diff line number Diff line
@@ -33,6 +33,14 @@ static void ima_free_kexec_file_buf(struct seq_file *sf) 


static int ima_alloc_kexec_file_buf(size_t segment_size)

{

	/*

	 * kexec 'load' may be called multiple times.

	 * Free and realloc the buffer only if the segment_size is

	 * changed from the previous kexec 'load' call.

	 */

	if (ima_kexec_file.buf && ima_kexec_file.size == segment_size)

		goto out;



	ima_free_kexec_file_buf(&ima_kexec_file);



	/* segment size can't change between kexec load and execute */
@@ -41,6 +49,8 @@ static int ima_alloc_kexec_file_buf(size_t segment_size) 
		return -ENOMEM;



	ima_kexec_file.size = segment_size;



out:

	ima_kexec_file.read_pos = 0;

	ima_kexec_file.count = sizeof(struct ima_kexec_hdr);	/* reserved space */