Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/arch/powerpc/kexec/ima.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  * Copyright (C) 2016 IBM Corporation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  * Authors:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  * Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) #include <linux/kexec.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) #include <linux/of.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) #include <linux/memblock.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) #include <linux/libfdt.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) static int get_addr_size_cells(int *addr_cells, int *size_cells)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) 	struct device_node *root;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) 	root = of_find_node_by_path("/");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) 	if (!root)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) 	*addr_cells = of_n_addr_cells(root);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) 	*size_cells = of_n_size_cells(root);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) 	of_node_put(root);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) static int do_get_kexec_buffer(const void *prop, int len, unsigned long *addr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) 			       size_t *size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) 	int ret, addr_cells, size_cells;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) 	ret = get_addr_size_cells(&addr_cells, &size_cells);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) 	if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) 		return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) 	if (len < 4 * (addr_cells + size_cells))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) 		return -ENOENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) 	*addr = of_read_number(prop, addr_cells);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) 	*size = of_read_number(prop + 4 * addr_cells, size_cells);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50)  * ima_get_kexec_buffer - get IMA buffer from the previous kernel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51)  * @addr:	On successful return, set to point to the buffer contents.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52)  * @size:	On successful return, set to the buffer size.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54)  * Return: 0 on success, negative errno on error.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) int ima_get_kexec_buffer(void **addr, size_t *size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) 	int ret, len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) 	unsigned long tmp_addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) 	size_t tmp_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) 	const void *prop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 	prop = of_get_property(of_chosen, "linux,ima-kexec-buffer", &len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) 	if (!prop)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) 		return -ENOENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) 	ret = do_get_kexec_buffer(prop, len, &tmp_addr, &tmp_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) 	if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) 		return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) 	*addr = __va(tmp_addr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) 	*size = tmp_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78)  * ima_free_kexec_buffer - free memory used by the IMA buffer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) int ima_free_kexec_buffer(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) 	int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) 	unsigned long addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 	size_t size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 	struct property *prop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 	prop = of_find_property(of_chosen, "linux,ima-kexec-buffer", NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) 	if (!prop)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 		return -ENOENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) 	ret = do_get_kexec_buffer(prop->value, prop->length, &addr, &size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 	if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 		return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 	ret = of_remove_property(of_chosen, prop);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 	if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 		return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 	return memblock_free(addr, size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104)  * remove_ima_buffer - remove the IMA buffer property and reservation from @fdt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106)  * The IMA measurement buffer is of no use to a subsequent kernel, so we always
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107)  * remove it from the device tree.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) void remove_ima_buffer(void *fdt, int chosen_node)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 	int ret, len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) 	unsigned long addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) 	size_t size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) 	const void *prop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 	prop = fdt_getprop(fdt, chosen_node, "linux,ima-kexec-buffer", &len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 	if (!prop)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) 		return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 	ret = do_get_kexec_buffer(prop, len, &addr, &size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 	fdt_delprop(fdt, chosen_node, "linux,ima-kexec-buffer");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) 	if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) 		return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) 	ret = delete_fdt_mem_rsv(fdt, addr, size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) 	if (!ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) 		pr_debug("Removed old IMA buffer reservation.\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) #ifdef CONFIG_IMA_KEXEC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132)  * arch_ima_add_kexec_buffer - do arch-specific steps to add the IMA buffer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134)  * Architectures should use this function to pass on the IMA buffer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135)  * information to the next kernel.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137)  * Return: 0 on success, negative errno on error.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 			      size_t size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 	image->arch.ima_buffer_addr = load_addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 	image->arch.ima_buffer_size = size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) static int write_number(void *p, u64 value, int cells)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 	if (cells == 1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 		u32 tmp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 		if (value > U32_MAX)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) 			return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 		tmp = cpu_to_be32(value);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 		memcpy(p, &tmp, sizeof(tmp));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) 	} else if (cells == 2) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) 		u64 tmp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) 		tmp = cpu_to_be64(value);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 		memcpy(p, &tmp, sizeof(tmp));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) 	} else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170)  * setup_ima_buffer - add IMA buffer information to the fdt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171)  * @image:		kexec image being loaded.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172)  * @fdt:		Flattened device tree for the next kernel.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173)  * @chosen_node:	Offset to the chosen node.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175)  * Return: 0 on success, or negative errno on error.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) int setup_ima_buffer(const struct kimage *image, void *fdt, int chosen_node)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) 	int ret, addr_cells, size_cells, entry_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) 	u8 value[16];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) 	remove_ima_buffer(fdt, chosen_node);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) 	if (!image->arch.ima_buffer_size)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) 	ret = get_addr_size_cells(&addr_cells, &size_cells);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) 	if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) 		return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) 	entry_size = 4 * (addr_cells + size_cells);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) 	if (entry_size > sizeof(value))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) 	ret = write_number(value, image->arch.ima_buffer_addr, addr_cells);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) 	if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) 		return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) 	ret = write_number(value + 4 * addr_cells, image->arch.ima_buffer_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) 			   size_cells);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) 	if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) 		return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) 	ret = fdt_setprop(fdt, chosen_node, "linux,ima-kexec-buffer", value,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) 			  entry_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) 	if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) 	ret = fdt_add_mem_rsv(fdt, image->arch.ima_buffer_addr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) 			      image->arch.ima_buffer_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) 	if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) 	pr_debug("IMA buffer at 0x%llx, size = 0x%zx\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) 		 image->arch.ima_buffer_addr, image->arch.ima_buffer_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) #endif /* CONFIG_IMA_KEXEC */
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.