1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2016 IBM Corporation 4 * 5 * Authors: 6 * Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com> 7 * Mimi Zohar <zohar@linux.vnet.ibm.com> 8 */ 9 10 #include <linux/seq_file.h> 11 #include <linux/vmalloc.h> 12 #include <linux/kexec.h> 13 #include <linux/of.h> 14 #include <linux/ima.h> 15 #include <linux/reboot.h> 16 #include <asm/page.h> 17 #include "ima.h" 18 19 #ifdef CONFIG_IMA_KEXEC 20 #define IMA_KEXEC_EVENT_LEN 256 21 22 static bool ima_kexec_update_registered; 23 static struct seq_file ima_kexec_file; 24 static size_t kexec_segment_size; 25 static void *ima_kexec_buffer; 26 27 static void ima_free_kexec_file_buf(struct seq_file *sf) 28 { 29 vfree(sf->buf); 30 sf->buf = NULL; 31 sf->size = 0; 32 sf->read_pos = 0; 33 sf->count = 0; 34 } 35 36 void ima_measure_kexec_event(const char *event_name) 37 { 38 char ima_kexec_event[IMA_KEXEC_EVENT_LEN]; 39 size_t buf_size = 0; 40 long len; 41 int n; 42 43 buf_size = ima_get_binary_runtime_size(); 44 len = atomic_long_read(&ima_htable.len); 45 46 n = scnprintf(ima_kexec_event, IMA_KEXEC_EVENT_LEN, 47 "kexec_segment_size=%lu;ima_binary_runtime_size=%lu;" 48 "ima_runtime_measurements_count=%ld;", 49 kexec_segment_size, buf_size, len); 50 51 ima_measure_critical_data("ima_kexec", event_name, ima_kexec_event, n, false, NULL, 0); 52 } 53 54 static int ima_alloc_kexec_file_buf(size_t segment_size) 55 { 56 /* 57 * kexec 'load' may be called multiple times. 58 * Free and realloc the buffer only if the segment_size is 59 * changed from the previous kexec 'load' call. 60 */ 61 if (ima_kexec_file.buf && ima_kexec_file.size == segment_size) 62 goto out; 63 64 ima_free_kexec_file_buf(&ima_kexec_file); 65 66 /* segment size can't change between kexec load and execute */ 67 ima_kexec_file.buf = vmalloc(segment_size); 68 if (!ima_kexec_file.buf) 69 return -ENOMEM; 70 71 ima_kexec_file.size = segment_size; 72 73 out: 74 ima_kexec_file.read_pos = 0; 75 ima_kexec_file.count = sizeof(struct ima_kexec_hdr); /* reserved space */ 76 ima_measure_kexec_event("kexec_load"); 77 78 return 0; 79 } 80 81 static int ima_dump_measurement_list(unsigned long *buffer_size, void **buffer, 82 unsigned long segment_size) 83 { 84 struct ima_queue_entry *qe; 85 struct ima_kexec_hdr khdr; 86 int ret = 0; 87 88 /* segment size can't change between kexec load and execute */ 89 if (!ima_kexec_file.buf) { 90 pr_err("Kexec file buf not allocated\n"); 91 return -EINVAL; 92 } 93 94 memset(&khdr, 0, sizeof(khdr)); 95 khdr.version = 1; 96 /* This is an append-only list, no need to hold the RCU read lock */ 97 list_for_each_entry_rcu(qe, &ima_measurements, later, true) { 98 if (ima_kexec_file.count < ima_kexec_file.size) { 99 khdr.count++; 100 ima_measurements_show(&ima_kexec_file, qe); 101 } else { 102 ret = -EINVAL; 103 break; 104 } 105 } 106 107 /* 108 * fill in reserved space with some buffer details 109 * (eg. version, buffer size, number of measurements) 110 */ 111 khdr.buffer_size = ima_kexec_file.count; 112 if (ima_canonical_fmt) { 113 khdr.version = cpu_to_le16(khdr.version); 114 khdr.count = cpu_to_le64(khdr.count); 115 khdr.buffer_size = cpu_to_le64(khdr.buffer_size); 116 } 117 memcpy(ima_kexec_file.buf, &khdr, sizeof(khdr)); 118 119 print_hex_dump_debug("ima dump: ", DUMP_PREFIX_NONE, 16, 1, 120 ima_kexec_file.buf, ima_kexec_file.count < 100 ? 121 ima_kexec_file.count : 100, 122 true); 123 124 *buffer_size = ima_kexec_file.count; 125 *buffer = ima_kexec_file.buf; 126 127 return ret; 128 } 129 130 /* 131 * Called during kexec_file_load so that IMA can add a segment to the kexec 132 * image for the measurement list for the next kernel. 133 * 134 * This function assumes that kexec_lock is held. 135 */ 136 void ima_add_kexec_buffer(struct kimage *image) 137 { 138 struct kexec_buf kbuf = { .image = image, .buf_align = PAGE_SIZE, 139 .buf_min = 0, .buf_max = ULONG_MAX, 140 .top_down = true }; 141 unsigned long binary_runtime_size; 142 unsigned long extra_memory; 143 144 /* use more understandable variable names than defined in kbuf */ 145 size_t kexec_buffer_size = 0; 146 void *kexec_buffer = NULL; 147 int ret; 148 149 if (image->type == KEXEC_TYPE_CRASH) 150 return; 151 152 /* 153 * Reserve extra memory for measurements added during kexec. 154 */ 155 if (CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB <= 0) 156 extra_memory = PAGE_SIZE / 2; 157 else 158 extra_memory = CONFIG_IMA_KEXEC_EXTRA_MEMORY_KB * 1024; 159 160 binary_runtime_size = ima_get_binary_runtime_size() + extra_memory; 161 162 if (binary_runtime_size >= ULONG_MAX - PAGE_SIZE) 163 kexec_segment_size = ULONG_MAX; 164 else 165 kexec_segment_size = ALIGN(binary_runtime_size, PAGE_SIZE); 166 167 if ((kexec_segment_size == ULONG_MAX) || 168 ((kexec_segment_size >> PAGE_SHIFT) > totalram_pages() / 2)) { 169 pr_err("Binary measurement list too large.\n"); 170 return; 171 } 172 173 ret = ima_alloc_kexec_file_buf(kexec_segment_size); 174 if (ret < 0) { 175 pr_err("Not enough memory for the kexec measurement buffer.\n"); 176 return; 177 } 178 179 kbuf.buffer = kexec_buffer; 180 kbuf.bufsz = kexec_buffer_size; 181 kbuf.memsz = kexec_segment_size; 182 image->is_ima_segment_index_set = false; 183 ret = kexec_add_buffer(&kbuf); 184 if (ret) { 185 pr_err("Error passing over kexec measurement buffer.\n"); 186 vfree(kexec_buffer); 187 return; 188 } 189 190 image->ima_buffer_addr = kbuf.mem; 191 image->ima_buffer_size = kexec_segment_size; 192 image->ima_buffer = kexec_buffer; 193 image->ima_segment_index = image->nr_segments - 1; 194 image->is_ima_segment_index_set = true; 195 196 kexec_dprintk("kexec measurement buffer for the loaded kernel at 0x%lx.\n", 197 kbuf.mem); 198 } 199 200 /* 201 * Called during kexec execute so that IMA can update the measurement list. 202 */ 203 static int ima_update_kexec_buffer(struct notifier_block *self, 204 unsigned long action, void *data) 205 { 206 size_t buf_size = 0; 207 int ret = NOTIFY_OK; 208 void *buf = NULL; 209 210 if (!kexec_in_progress) { 211 pr_info("No kexec in progress.\n"); 212 return ret; 213 } 214 215 if (!ima_kexec_buffer) { 216 pr_err("Kexec buffer not set.\n"); 217 return ret; 218 } 219 220 ret = ima_dump_measurement_list(&buf_size, &buf, kexec_segment_size); 221 222 if (ret) 223 pr_err("Dump measurements failed. Error:%d\n", ret); 224 225 if (buf_size != 0) 226 memcpy(ima_kexec_buffer, buf, buf_size); 227 228 kimage_unmap_segment(ima_kexec_buffer); 229 ima_kexec_buffer = NULL; 230 231 return ret; 232 } 233 234 static struct notifier_block update_buffer_nb = { 235 .notifier_call = ima_update_kexec_buffer, 236 .priority = INT_MIN 237 }; 238 239 /* 240 * Create a mapping for the source pages that contain the IMA buffer 241 * so we can update it later. 242 */ 243 void ima_kexec_post_load(struct kimage *image) 244 { 245 if (ima_kexec_buffer) { 246 kimage_unmap_segment(ima_kexec_buffer); 247 ima_kexec_buffer = NULL; 248 } 249 250 if (!image->ima_buffer_addr) 251 return; 252 253 ima_kexec_buffer = kimage_map_segment(image, 254 image->ima_buffer_addr, 255 image->ima_buffer_size); 256 if (!ima_kexec_buffer) { 257 pr_err("Could not map measurements buffer.\n"); 258 return; 259 } 260 261 if (!ima_kexec_update_registered) { 262 register_reboot_notifier(&update_buffer_nb); 263 ima_kexec_update_registered = true; 264 } 265 } 266 267 #endif /* IMA_KEXEC */ 268 269 /* 270 * Restore the measurement list from the previous kernel. 271 */ 272 void __init ima_load_kexec_buffer(void) 273 { 274 void *kexec_buffer = NULL; 275 size_t kexec_buffer_size = 0; 276 int rc; 277 278 rc = ima_get_kexec_buffer(&kexec_buffer, &kexec_buffer_size); 279 switch (rc) { 280 case 0: 281 rc = ima_restore_measurement_list(kexec_buffer_size, 282 kexec_buffer); 283 if (rc != 0) 284 pr_err("Failed to restore the measurement list: %d\n", 285 rc); 286 287 ima_free_kexec_buffer(); 288 break; 289 case -ENOTSUPP: 290 pr_debug("Restoring the measurement list not supported\n"); 291 break; 292 case -ENOENT: 293 pr_debug("No measurement list to restore\n"); 294 break; 295 default: 296 pr_debug("Error restoring the measurement list: %d\n", rc); 297 } 298 } 299