Re: [PATCH v13 2/6] powerpc: Move arch independent ima kexec functions to drivers/of/kexec.c

[Lakshmi Ramasubramanian]

On 12/22/20 4:19 PM, Thiago Jung Bauermann wrote:
> Lakshmi Ramasubramanian <nramas@xxxxxxxxxxxxxxxxxxx> writes:
>
> > The functions defined in "arch/powerpc/kexec/ima.c" handle setting up
> > and freeing the resources required to carry over the IMA measurement
> > list from the current kernel to the next kernel across kexec system call.
> > These functions do not have architecture specific code, but are
> > currently limited to powerpc.
> >
> > Move setup_ima_buffer() call into of_kexec_setup_new_fdt() defined in
> > "drivers/of/kexec.c".
> >
> > Move the remaining architecture independent functions from
> > "arch/powerpc/kexec/ima.c" to "drivers/of/kexec.c".
> > Delete "arch/powerpc/kexec/ima.c" and "arch/powerpc/include/asm/ima.h".
> > Remove references to the deleted files in powerpc and in ima.
> >
> > Co-developed-by: Prakhar Srivastava <prsriva@xxxxxxxxxxxxxxxxxxx>
> > Signed-off-by: Prakhar Srivastava <prsriva@xxxxxxxxxxxxxxxxxxx>
> > Signed-off-by: Lakshmi Ramasubramanian <nramas@xxxxxxxxxxxxxxxxxxx>
> > ---
> >   arch/powerpc/include/asm/ima.h     |  27 ----
> >   arch/powerpc/kexec/Makefile        |   7 -
> >   arch/powerpc/kexec/file_load.c     |   7 -
> >   arch/powerpc/kexec/ima.c           | 202 -------------------------
> >   drivers/of/kexec.c                 | 235 +++++++++++++++++++++++++++++
> >   include/linux/of.h                 |   2 +
> >   security/integrity/ima/ima.h       |   4 -
> >   security/integrity/ima/ima_kexec.c |   1 +
> >   8 files changed, 238 insertions(+), 247 deletions(-)
> >   delete mode 100644 arch/powerpc/include/asm/ima.h
> >   delete mode 100644 arch/powerpc/kexec/ima.c
>
> This looks good, provided the changes from the discussion with Mimi are
> made. Also, minor nits below.

I will address the changes Mimi had stated.

> > diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
> > index 6ebefec616e4..7c3947ad3773 100644
> > --- a/security/integrity/ima/ima.h
> > +++ b/security/integrity/ima/ima.h
> > @@ -24,10 +24,6 @@
> >   
> >   #include "../integrity.h"
> >   
> > -#ifdef CONFIG_HAVE_IMA_KEXEC
> > -#include <asm/ima.h>
> > -#endif
> > -
> >   enum ima_show_type { IMA_SHOW_BINARY, IMA_SHOW_BINARY_NO_FIELD_LEN,
> >   		     IMA_SHOW_BINARY_OLD_STRING_FMT, IMA_SHOW_ASCII };
> >   enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8, TPM_PCR10 = 10 };
>
> This belongs in patch 1.

No - the reference to "asm/ima.h" cannot be removed in Patch #1 since 
ima_get_kexec_buffer() and ima_free_kexec_buffer() are still declared in 
this header. They are moved in this patch only (Patch #2).

> > diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
> > index 38bcd7543e27..8a6712981dee 100644
> > --- a/security/integrity/ima/ima_kexec.c
> > +++ b/security/integrity/ima/ima_kexec.c
> > @@ -10,6 +10,7 @@
> >   #include <linux/seq_file.h>
> >   #include <linux/vmalloc.h>
> >   #include <linux/kexec.h>
> > +#include <linux/of.h>
> >   #include <linux/ima.h>
> >   #include "ima.h"
>
> This include isn't necessary.

This change is necessary because ima_get_kexec_buffer() and 
ima_free_kexec_buffer() are now declared in "linux/of.h".

 -lakshmi