1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2016 IBM Corporation 4 * 5 * Authors: 6 * Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com> 7 * Mimi Zohar <zohar@linux.vnet.ibm.com> 8 */ 9 10 #include <linux/seq_file.h> 11 #include <linux/vmalloc.h> 12 #include <linux/kexec.h> 13 #include <linux/of.h> 14 #include <linux/ima.h> 15 #include <linux/reboot.h> 16 #include <asm/page.h> 17 #include "ima.h" 18 19 #ifdef CONFIG_IMA_KEXEC 20 #define IMA_KEXEC_EVENT_LEN 256 21 22 static bool ima_kexec_update_registered; 23 static struct seq_file ima_kexec_file; 24 static size_t kexec_segment_size; 25 static void *ima_kexec_buffer; 26 27 static void ima_free_kexec_file_buf(struct seq_file *sf) 28 { 29 vfree(sf->buf); 30 sf->buf = NULL; 31 sf->size = 0; 32 sf->read_pos = 0; 33 sf->count = 0; 34 } 35 36 void ima_measure_kexec_event(const char *event_name) 37 { 38 char ima_kexec_event[IMA_KEXEC_EVENT_LEN]; 39 size_t buf_size = 0; 40 long len; 41 int n; 42 43 buf_size = ima_get_binary_runtime_size(); 44 len = atomic_long_read(&ima_htable.len); 45 46 n = scnprintf(ima_kexec_event, IMA_KEXEC_EVENT_LEN, 47 "kexec_segment_size=%lu;ima_binary_runtime_size=%lu;" 48 "ima_runtime_measurements_count=%ld;", 49 kexec_segment_size, buf_size, len); 50 51 ima_measure_critical_data("ima_kexec", event_name, ima_kexec_event, n, false, NULL, 0); 52 } 53 54 static int ima_alloc_kexec_file_buf(size_t segment_size) 55 { 56 /* 57 * kexec 'load' may be called multiple times. 58 * Free and realloc the buffer only if the segment_size is 59 * changed from the previous kexec 'load' call. 60 */ 61 if (ima_kexec_file.buf && ima_kexec_file.size == segment_size) 62 goto out; 63 64 ima_free_kexec_file_buf(&ima_kexec_file); 65 66 /* segment size can't change between kexec load and execute */ 67 ima_kexec_file.buf = vmalloc(segment_size); 68 if (!ima_kexec_file.buf) 69 return -ENOMEM; 70 71 ima_kexec_file.size = segment_size; 72 73 out: 74 ima_kexec_file.read_pos = 0; 75 ima_kexec_file.count = sizeof(struct ima_kexec_hdr); /* reserved space */ 76 ima_measure_kexec_event("kexec_load"); 77 78 return 0; 79 } 80 81 static int ima_dump_measurement_list(unsigned long *buffer_size, void **buffer, 82 unsigned long segment_size) 83 { 84 struct ima_queue_entry *qe; 85 struct ima_kexec_hdr khdr; 86 int ret = 0; 87 88 /* segment size can't change between kexec load and execute */ 89 if (!ima_kexec_file.buf) { 90 pr_err("Kexec file buf not allocated\n"); 91 return -EINVAL; 92 } 93 94 memset(&khdr, 0, sizeof(khdr)); 95 khdr.version = 1; 96 /* This is an append-only list, no need to hold the RCU read lock */ 97 list_for_each_entry_rcu(qe, &ima_measurements, later, true) { 98 if (ima_kexec_file.count < ima_kexec_file.size) { 99 khdr.count++; 100 ima_measurements_show(&ima_kexec_file, qe); 101 } else { 102 ret = -EINVAL; 103 break; 104 } 105 } 106 107 /* 108 * fill in reserved space with some buffer details 109 * (eg. version, buffer size, number of measurements) 110 */ 111 khdr.buffer_size = ima_kexec_file.count; 112 if (ima_canonical_fmt) { 113 khdr.version = cpu_to_le16(khdr.version); 114 khdr.count = cpu_to_le64(khdr.count); 115 khdr.buffer_size = cpu_to_le64(khdr.buffer_size); 116 } 117 memcpy(ima_kexec_file.buf, &khdr, sizeof(khdr)); 118 119 print_hex_dump_debug("ima dump: ", DUMP_PREFIX_NONE, 16, 1, 120 ima_kexec_file.buf, ima_kexec_file.count < 100 ? 121 ima_kexec_file.count : 100, 122 true); 123 124 *buffer_size = ima_kexec_file.count; 125 *buffer = ima_kexec_file.buf; 126 127 return ret; 128 } 129 130 /* 131 * Called during kexec_file_load so that IMA can add a segment to the kexec 132 * image for the measurement list for the next kernel. 133 * 134 * This function assumes that kexec_lock is held. 135 */ 136 void ima_add_kexec_buffer(struct kimage *image) 137 { 138 struct kexec_buf kbuf = { .image = image, .buf_align = PAGE_SIZE, 139 .buf_min = 0, .buf_max = ULONG_MAX, 140 .top_down = true }; 141 unsigned long binary_runtime_size; 142 unsigned long extra_memory; 143 144 /* use more understandable variable names than defined in kbuf */ 145 size_t kexec_buffer_size = 0; 146 void *kexec_buffer = NULL; 147 int ret; 148 149 if (image->type == KEXEC_TYPE_CRASH) 150 return; 151 152 /* 153 * Reserve extra memory for measurements added during kexec. 154 */ 155 if (CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB <= 0) 156 extra_memory = PAGE_SIZE / 2; 157 else 158 extra_memory = CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB * 1024; 159 160 binary_runtime_size = ima_get_binary_runtime_size() + extra_memory; 161 162 if (binary_runtime_size >= ULONG_MAX - PAGE_SIZE) 163 kexec_segment_size = ULONG_MAX; 164 else 165 kexec_segment_size = ALIGN(binary_runtime_size, PAGE_SIZE); 166 167 if ((kexec_segment_size == ULONG_MAX) || 168 ((kexec_segment_size >> PAGE_SHIFT) > totalram_pages() / 2)) { 169 pr_err("Binary measurement list too large.\n"); 170 return; 171 } 172 173 ret = ima_alloc_kexec_file_buf(kexec_segment_size); 174 if (ret < 0) { 175 pr_err("Not enough memory for the kexec measurement buffer.\n"); 176 return; 177 } 178 179 kbuf.buffer = kexec_buffer; 180 kbuf.bufsz = kexec_buffer_size; 181 kbuf.memsz = kexec_segment_size; 182 image->is_ima_segment_index_set = false; 183 ret = kexec_add_buffer(&kbuf); 184 if (ret) { 185 pr_err("Error passing over kexec measurement buffer.\n"); 186 vfree(kexec_buffer); 187 return; 188 } 189 190 image->ima_buffer_addr = kbuf.mem; 191 image->ima_buffer_size = kexec_segment_size; 192 image->ima_buffer = kexec_buffer; 193 image->ima_segment_index = image->nr_segments - 1; 194 image->is_ima_segment_index_set = true; 195 196 kexec_dprintk("kexec measurement buffer for the loaded kernel at 0x%lx.\n", 197 kbuf.mem); 198 } 199 200 /* 201 * Called during kexec execute so that IMA can update the measurement list. 202 */ 203 static int ima_update_kexec_buffer(struct notifier_block *self, 204 unsigned long action, void *data) 205 { 206 size_t buf_size = 0; 207 int ret = NOTIFY_OK; 208 void *buf = NULL; 209 210 if (!kexec_in_progress) { 211 pr_info("No kexec in progress.\n"); 212 return ret; 213 } 214 215 if (!ima_kexec_buffer) { 216 pr_err("Kexec buffer not set.\n"); 217 return ret; 218 } 219 220 ret = ima_dump_measurement_list(&buf_size, &buf, kexec_segment_size); 221 222 if (ret) 223 pr_err("Dump measurements failed. Error:%d\n", ret); 224 225 if (buf_size != 0) 226 memcpy(ima_kexec_buffer, buf, buf_size); 227 228 kimage_unmap_segment(ima_kexec_buffer); 229 ima_kexec_buffer = NULL; 230 231 return ret; 232 } 233 234 static struct notifier_block update_buffer_nb = { 235 .notifier_call = ima_update_kexec_buffer, 236 .priority = INT_MIN 237 }; 238 239 /* 240 * Create a mapping for the source pages that contain the IMA buffer 241 * so we can update it later. 242 */ 243 void ima_kexec_post_load(struct kimage *image) 244 { 245 if (ima_kexec_buffer) { 246 kimage_unmap_segment(ima_kexec_buffer); 247 ima_kexec_buffer = NULL; 248 } 249 250 if (!image->ima_buffer_addr) 251 return; 252 253 ima_kexec_buffer = kimage_map_segment(image, image->ima_segment_index); 254 if (!ima_kexec_buffer) { 255 pr_err("Could not map measurements buffer.\n"); 256 return; 257 } 258 259 if (!ima_kexec_update_registered) { 260 register_reboot_notifier(&update_buffer_nb); 261 ima_kexec_update_registered = true; 262 } 263 } 264 265 #endif /* IMA_KEXEC */ 266 267 /* 268 * Restore the measurement list from the previous kernel. 269 */ 270 void __init ima_load_kexec_buffer(void) 271 { 272 void *kexec_buffer = NULL; 273 size_t kexec_buffer_size = 0; 274 int rc; 275 276 rc = ima_get_kexec_buffer(&kexec_buffer, &kexec_buffer_size); 277 switch (rc) { 278 case 0: 279 rc = ima_restore_measurement_list(kexec_buffer_size, 280 kexec_buffer); 281 if (rc != 0) 282 pr_err("Failed to restore the measurement list: %d\n", 283 rc); 284 285 ima_free_kexec_buffer(); 286 break; 287 case -ENOTSUPP: 288 pr_debug("Restoring the measurement list not supported\n"); 289 break; 290 case -ENOENT: 291 pr_debug("No measurement list to restore\n"); 292 break; 293 default: 294 pr_debug("Error restoring the measurement list: %d\n", rc); 295 } 296 } 297