On Tue, 2026-05-26 at 10:02 -0400, Mimi Zohar wrote: > On Wed, 2026-04-29 at 18:03 +0200, Roberto Sassu wrote: > > From: Roberto Sassu <[email protected]> > > > > Refuse to delete staged or active list measurements, if a kexec racing with > > the deletion already copied those measurements in the kexec buffer. In this > > way, user space becomes aware that those measurements are going to appear > > in the secondary kernel, and thus they don't have to be saved twice. > > There are two reboot notifiers: one to prevent additional measurements > extending > the TPM, while the other copies the measurements for kexec. This patch > prevents > deleting the staged measurements after the latter notifier. > > Instead of introducing a specific method for detecting whether the measurement > list has been copied, rely on one of the two existing reboot notifiers. The > simplest method would test "ima_measurements_suspended", which would prevent > deleting the staged measurements a bit earlier.
Testing that the reboot notifier fired (with the ima_measurements_suspended variable) is not enough to know whether the measurements dump took place or not. We need a flag (one is enough) protected by ima_extend_list_mutex, so that we know reliably which event occurred first, or the dump or the staging/delete (which are also protected by ima_extend_list_mutex). Roberto
