rjmcmahon
/
umber-kernel
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
umber-kernel/security
History
Harshit Mogalapalli 9e1f51c1ad ima: verify the previous kernel's IMA buffer lies in addressable RAM 
[ Upstream commit 10d1c75ed4382a8e79874379caa2ead8952734f9 ]

Patch series "Address page fault in ima_restore_measurement_list()", v3.

When the second-stage kernel is booted via kexec with a limiting command
line such as "mem=<size>" we observe a pafe fault that happens.

    BUG: unable to handle page fault for address: ffff97793ff47000
    RIP: ima_restore_measurement_list+0xdc/0x45a
    #PF: error_code(0x0000)  not-present page

This happens on x86_64 only, as this is already fixed in aarch64 in
commit: cbf9c4b961 ("of: check previous kernel's ima-kexec-buffer
against memory bounds")

This patch (of 3):

When the second-stage kernel is booted with a limiting command line (e.g.
"mem=<size>"), the IMA measurement buffer handed over from the previous
kernel may fall outside the addressable RAM of the new kernel.  Accessing
such a buffer can fault during early restore.

Introduce a small generic helper, ima_validate_range(), which verifies
that a physical [start, end] range for the previous-kernel IMA buffer lies
within addressable memory:
	- On x86, use pfn_range_is_mapped().
	- On OF based architectures, use page_is_ram().

Link: https://lkml.kernel.org/r/20251231061609.907170-1-harshit.m.mogalapalli@oracle.com
Link: https://lkml.kernel.org/r/20251231061609.907170-2-harshit.m.mogalapalli@oracle.com
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Cc: Alexander Graf <graf@amazon.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Borislav Betkov <bp@alien8.de>
Cc: guoweikang <guoweikang.kernel@gmail.com>
Cc: Henry Willard <henry.willard@oracle.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Bohac <jbohac@suse.cz>
Cc: Joel Granados <joel.granados@kernel.org>
Cc: Jonathan McDowell <noodles@fb.com>
Cc: Mike Rapoport <rppt@kernel.org>
Cc: Paul Webb <paul.x.webb@oracle.com>
Cc: Sohil Mehta <sohil.mehta@intel.com>
Cc: Sourabh Jain <sourabhjain@linux.ibm.com>
Cc: Thomas Gleinxer <tglx@linutronix.de>
Cc: Yifei Liu <yifei.l.liu@oracle.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2026-03-04 07:21:17 -05:00
..
apparmor apparmor: fix aa_label to return state from compount and component match 2026-02-26 14:59:42 -08:00
bpf
integrity ima: verify the previous kernel's IMA buffer lies in addressable RAM 2026-03-04 07:21:17 -05:00
ipe ipe/stable-6.17 PR 20250728 2025-07-31 09:42:20 -07:00
keys keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal 2026-01-30 10:32:22 +01:00
landlock landlock: Fix wrong type usage 2026-01-23 11:21:22 +01:00
loadpin
lockdown
safesetid
selinux selinux: rename the cred_security_struct variables to "crsec" 2025-11-20 16:47:50 -05:00
smack smack: /smack/doi: accept previously used values 2026-02-26 14:59:11 -08:00
tomoyo copy_process: pass clone_flags as u64 across calltree 2025-09-01 15:31:34 +02:00
yama
Kconfig lsm: CONFIG_LSM can depend on CONFIG_SECURITY 2025-09-11 16:32:04 -04:00
Kconfig.hardening rust: add bitmap API. 2025-09-22 15:52:44 -04:00
Makefile
commoncap.c exec: Correct the permission check for unsafe exec 2025-06-23 10:38:39 -05:00
device_cgroup.c
inode.c make securityfs_remove() remove the entire subtree 2025-06-11 18:19:46 -04:00
lsm_audit.c
lsm_syscalls.c
min_addr.c security: use umax() to improve code 2025-08-18 15:41:47 -04:00
security.c Simplifying ->d_name audits, easy part. 2025-10-03 11:14:02 -07:00