Presently ima_get_kexec_buffer() doesn't check if the previous kernel's
ima-kexec-buffer lies outside the addressable memory range. This can result
in a kernel panic if the new kernel is booted with 'mem=X' arg and the
ima-kexec-buffer was allocated beyond that range by the previous kernel.
The pan
Hi Vaibhav,
On 5/18/2022 1:05 PM, Vaibhav Jain wrote:
Presently ima_get_kexec_buffer() doesn't check if the previous kernel's
ima-kexec-buffer lies outside the addressable memory range. This can result
in a kernel panic if the new kernel is booted with 'mem=X' arg and the
ima-kexec-buffer was al
Vaibhav Jain writes:
>
> [PATCH] powerpc: check previous kernel's ima-kexec-buffer against memory
> bounds
This isn't a powerpc patch, the subject should start with "of:".
> Presently ima_get_kexec_buffer() doesn't check if the previous kernel's
>
On Thu, May 19, 2022 at 01:35:47AM +0530, Vaibhav Jain wrote:
> Presently ima_get_kexec_buffer() doesn't check if the previous kernel's
> ima-kexec-buffer lies outside the addressable memory range. This can result
> in a kernel panic if the new kernel is booted with 'mem=X' arg and the
> ima-kexec-
Rob Herring writes:
> On Thu, May 19, 2022 at 01:35:47AM +0530, Vaibhav Jain wrote:
>> Presently ima_get_kexec_buffer() doesn't check if the previous kernel's
>> ima-kexec-buffer lies outside the addressable memory range. This can result
>> in a kernel panic if the new kernel is booted with 'mem=
Vaibhav Jain writes:
> Rob Herring writes:
>> On Thu, May 19, 2022 at 01:35:47AM +0530, Vaibhav Jain wrote:
>>> Presently ima_get_kexec_buffer() doesn't check if the previous kernel's
>>> ima-kexec-buffer lies outside the addressable memory range. This can result
>>> in a kernel panic if the new
Michael Ellerman writes:
>
> Rob's point is that commit fee3ff99bc67 only moved existing code, the
> bug already existed.
>
> The function was introduced in:
>
> 467d27824920 ("powerpc: ima: get the kexec buffer passed by the previous
> kernel")
>
> So that's where the Fixes tag should poin
