From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-11.3 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,NICE_REPLY_A, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7BB11C388F7 for ; Fri, 13 Nov 2020 08:02:51 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E57EF20857 for ; Fri, 13 Nov 2020 08:02:50 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E57EF20857 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: mail.kernel.org; spf=tempfail smtp.mailfrom=dm-devel-bounces@redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-29-KC23KEHRMO64KHFW0DUVhg-1; Fri, 13 Nov 2020 03:02:47 -0500 X-MC-Unique: KC23KEHRMO64KHFW0DUVhg-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7C3C7101962E; Fri, 13 Nov 2020 08:02:42 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5F76A75125; Fri, 13 Nov 2020 08:02:42 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3404758111; Fri, 13 Nov 2020 08:02:42 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 0ACLvZ5v006970 for ; Thu, 12 Nov 2020 16:57:35 -0500 Received: by smtp.corp.redhat.com (Postfix) id 4939B1009B8E; Thu, 12 Nov 2020 21:57:35 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4528B1008B96 for ; Thu, 12 Nov 2020 21:57:33 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 1F9601021F88 for ; Thu, 12 Nov 2020 21:57:33 +0000 (UTC) Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by relay.mimecast.com with ESMTP id us-mta-502-nTM44wQDOca8pWEE_H1WLQ-1; Thu, 12 Nov 2020 16:57:24 -0500 X-MC-Unique: nTM44wQDOca8pWEE_H1WLQ-1 Received: from [192.168.86.31] (c-71-197-163-6.hsd1.wa.comcast.net [71.197.163.6]) by linux.microsoft.com (Postfix) with ESMTPSA id CBA5920C2872; Thu, 12 Nov 2020 13:57:22 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com CBA5920C2872 To: Mimi Zohar , stephen.smalley.work@gmail.com, casey@schaufler-ca.com, agk@redhat.com, snitzer@redhat.com, gmazyland@gmail.com, paul@paul-moore.com References: <20201101222626.6111-1-tusharsu@linux.microsoft.com> <20201101222626.6111-4-tusharsu@linux.microsoft.com> <1f83ec246cb6356c340b379ab00e43f0b5bba0ae.camel@linux.ibm.com> From: Tushar Sugandhi Message-ID: <25622ca6-359d-fa97-c5e6-e314cba51306@linux.microsoft.com> Date: Thu, 12 Nov 2020 13:57:22 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <1f83ec246cb6356c340b379ab00e43f0b5bba0ae.camel@linux.ibm.com> X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 0ACLvZ5v006970 X-loop: dm-devel@redhat.com X-Mailman-Approved-At: Fri, 13 Nov 2020 03:02:15 -0500 Cc: sashal@kernel.org, dm-devel@redhat.com, selinux@vger.kernel.org, jmorris@namei.org, linux-kernel@vger.kernel.org, nramas@linux.microsoft.com, linux-security-module@vger.kernel.org, tyhicks@linux.microsoft.com, linux-integrity@vger.kernel.org Subject: Re: [dm-devel] [PATCH v5 3/7] IMA: add hook to measure critical data X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dm-devel-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8"; Format="flowed" CgpPbiAyMDIwLTExLTA2IDU6MjQgYS5tLiwgTWltaSBab2hhciB3cm90ZToKPiBIaSBUdXNoYXIs Cj4gCj4gT24gU3VuLCAyMDIwLTExLTAxIGF0IDE0OjI2IC0wODAwLCBUdXNoYXIgU3VnYW5kaGkg d3JvdGU6Cj4+IEN1cnJlbnRseSwgSU1BIGRvZXMgbm90IHByb3ZpZGUgYSBnZW5lcmljIGZ1bmN0 aW9uIGZvciBrZXJuZWwgc3Vic3lzdGVtcwo+PiB0byBtZWFzdXJlIHRoZWlyIGNyaXRpY2FsIGRh dGEuIEV4YW1wbGVzIG9mIGNyaXRpY2FsIGRhdGEgaW4gdGhpcyBjb250ZXh0Cj4+IGNvdWxkIGJl IGtlcm5lbCBpbi1tZW1vcnkgci9vIHN0cnVjdHVyZXMsIGhhc2ggb2YgdGhlIG1lbW9yeSBzdHJ1 Y3R1cmVzLAo+PiBvciBkYXRhIHRoYXQgcmVwcmVzZW50cyBhIGxpbnV4IGtlcm5lbCBzdWJzeXN0 ZW0gc3RhdGUgY2hhbmdlLiBUaGUKPj4gY3JpdGljYWwgZGF0YSwgaWYgYWNjaWRlbnRhbGx5IG9y IG1hbGljaW91c2x5IGFsdGVyZWQsIGNhbiBjb21wcm9taXNlCj4+IHRoZSBpbnRlZ3JpdHkgb2Yg dGhlIHN5c3RlbS4KPiAKPiBTdGFydCBvdXQgd2l0aCB3aGF0IElNQSBkb2VzIGRvIChlLmcuIG1l YXN1cmVzIGZpbGVzIGFuZCBtb3JlIHJlY2VudGx5Cj4gYnVmZmVyIGRhdGEpLiAgQWZ0ZXJ3YXJk cyBjb250aW51ZSB3aXRoIGtlcm5lbCBpbnRlZ3JpdHkgY3JpdGljYWwgZGF0YQo+IHNob3VsZCBh bHNvIGJlIG1lYXN1cmVkLiAgUGxlYXNlIGluY2x1ZGUgYSBkZWZpbml0aW9uIG9mIGtlcm5lbAo+ IGludGVncml0eSBjcml0aWNhbCBkYXRhIGhlcmUsIGFzIHdlbGwgYXMgaW4gdGhlIGNvdmVyIGxl dHRlci4KPiAKWWVzLCB3aWxsIGRvLiBJIHdpbGwgYWxzbyBkZXNjcmliZSB3aGF0IGtlcm5lbCBp bnRlZ3JpdHkgY3JpdGljYWwgZGF0YQppcyDigJMgYnkgcHJvdmlkaW5nIGEgZGVmaW5pdGlvbiwg YW5kIG5vdCBieSBleGFtcGxlIC0gIGFzIHlvdSBzdWdnZXN0ZWQuCihoZXJlIGFuZCBpbiB0aGUg Y292ZXIgbGV0dGVyKQoKPj4KPj4gQSBnZW5lcmljIGZ1bmN0aW9uIHByb3ZpZGVkIGJ5IElNQSB0 byBtZWFzdXJlIGNyaXRpY2FsIGRhdGEgd291bGQgZW5hYmxlCj4+IHZhcmlvdXMgc3Vic3lzdGVt cyB3aXRoIGVhc2llciBhbmQgZmFzdGVyIG9uLWJvYXJkaW5nIHRvIHVzZSBJTUEKPj4gaW5mcmFz dHJ1Y3R1cmUgYW5kIHdvdWxkIGFsc28gYXZvaWQgY29kZSBkdXBsaWNhdGlvbi4KPiAKPiBCeSBk ZWZpbml0aW9uIExTTSBhbmQgSU1BIGhvb2tzIGFyZSBnZW5lcmljIHdpdGggY2FsbGVycyBpbiBh cHByb3ByaWF0ZQo+IHBsYWNlcyBpbiB0aGUga2VybmVsLiAgIFRoaXMgcGFyYWdyYXBoIGlzIHJl ZHVuZGFudC4KPiAKU291bmRzIGdvb2QuIEkgd2lsbCByZW1vdmUgdGhpcyBwYXJhZ3JhcGguCj4+ Cj4+IEFkZCBhIG5ldyBJTUEgZnVuYyBDUklUSUNBTF9EQVRBIGFuZCBhIGNvcnJlc3BvbmRpbmcg SU1BIGhvb2sKPj4gaW1hX21lYXN1cmVfY3JpdGljYWxfZGF0YSgpIHRvIHN1cHBvcnQgbWVhc3Vy aW5nIGNyaXRpY2FsIGRhdGEgZm9yCj4+IHZhcmlvdXMga2VybmVsIHN1YnN5c3RlbXMuCj4gCj4g SW5zdGVhZCBvZiB1c2luZyB0aGUgd29yZCAiYWRkIiwgaXQgd291bGQgYmUgbW9yZSBhcHByb3By aWF0ZSB0byB1c2UKPiB0aGUgd29yZCAiZGVmaW5lIi4gICBEZWZpbmUgYSBuZXcgSU1BIGhvb2sg bmFtZWQKPiBpbWFfbWVhc3VyZV9jcml0aWNhbF9kYXRhIHRvIG1lYXN1cmUga2VybmVsIGludGVn cml0eSBjcml0aWNhbCBkYXRhLgo+IFBsZWFzZSBhbHNvIHVwZGF0ZSB0aGUgU3ViamVjdCBsaW5l IGFzIHdlbGwuICAiaW1hOiBkZWZpbmUgYW4gSU1BIGhvb2sKPiB0byBtZWFzdXJlIGtlcm5lbCBp bnRlZ3JpdHkgY3JpdGljYWwgZGF0YSIuCj4gClNvdW5kcyBnb29kLiBXaWxsIGRvLgo+Pgo+PiBT aWduZWQtb2ZmLWJ5OiBUdXNoYXIgU3VnYW5kaGkgPHR1c2hhcnN1QGxpbnV4Lm1pY3Jvc29mdC5j b20+Cj4+IC0tLQo+Pgo+PiBkaWZmIC0tZ2l0IGEvc2VjdXJpdHkvaW50ZWdyaXR5L2ltYS9pbWFf bWFpbi5jIGIvc2VjdXJpdHkvaW50ZWdyaXR5L2ltYS9pbWFfbWFpbi5jCj4+IGluZGV4IDQ0ODVk ODdjMGFhNS4uNmUxYjExZGNiYTUzIDEwMDY0NAo+PiAtLS0gYS9zZWN1cml0eS9pbnRlZ3JpdHkv aW1hL2ltYV9tYWluLmMKPj4gKysrIGIvc2VjdXJpdHkvaW50ZWdyaXR5L2ltYS9pbWFfbWFpbi5j Cj4+IEBAIC05MjEsNiArOTIxLDQ0IEBAIHZvaWQgaW1hX2tleGVjX2NtZGxpbmUoaW50IGtlcm5l bF9mZCwgY29uc3Qgdm9pZCAqYnVmLCBpbnQgc2l6ZSkKPj4gICAJZmRwdXQoZik7Cj4+ICAgfQo+ PiAgIAo+PiArLyoqCj4+ICsgKiBpbWFfbWVhc3VyZV9jcml0aWNhbF9kYXRhIC0gbWVhc3VyZSBr ZXJuZWwgc3Vic3lzdGVtIGRhdGEKPj4gKyAqIGNyaXRpY2FsIHRvIGludGVncml0eSBvZiB0aGUg a2VybmVsCj4gCj4gUGxlYXNlIGNoYW5nZSB0aGlzIHRvICJtZWFzdXJlIGtlcm5lbCBpbnRlZ3Jp dHkgY3JpdGljYWwgZGF0YSIuCj4gCipRdWVzdGlvbioKVGhhbmtzIE1pbWkuIERvIHlvdSB3YW50 IHVzIGp1c3QgdG8gdXBkYXRlIHRoZSBkZXNjcmlwdGlvbiwgb3IgZG8geW91CndhbnQgdXMgdG8g dXBkYXRlIHRoZSBmdW5jdGlvbiBuYW1lIHRvbz8KCkkgYmVsaWV2ZSB5b3UgbWVhbnQganVzdCBk ZXNjcmlwdGlvbiwgYnV0IHN0aWxsIHdhbnQgdG8gY2xhcmlmeS4KCmltYV9tZWFzdXJlX2tlcm5l bF9pbnRlZ3JpdHlfY3JpdGljYWxfZGF0YSgpIHdvdWxkIGJlIHRvbyBsb25nLgpNYXliZSBpbWFf bWVhc3VyZV9pbnRlZ3JpdHlfY3JpdGljYWxfZGF0YSgpPwoKT3IgZG8geW91IHdhbnQgdXMgdG8g a2VlcCB0aGUgZXhpc3RpbmcgaW1hX21lYXN1cmVfY3JpdGljYWxfZGF0YSgpPwpDb3VsZCB5b3Ug cGxlYXNlIGxldCB1cyBrbm93PwoKPj4gKyAqIEBldmVudF9kYXRhX3NvdXJjZTogbmFtZSBvZiB0 aGUgZGF0YSBzb3VyY2UgYmVpbmcgbWVhc3VyZWQ7Cj4+ICsgKiB0eXBpY2FsbHkgaXQgc2hvdWxk IGJlIHRoZSBuYW1lIG9mIHRoZSBrZXJuZWwgc3Vic3lzdGVtIHRoYXQgaXMgc2VuZGluZwo+PiAr ICogdGhlIGRhdGEgZm9yIG1lYXN1cmVtZW50Cj4gCj4gSW5jbHVkaW5nICJkYXRhX3NvdXJjZSIg aGVyZSBpc24ndCBxdWl0ZSByaWdodC4gICJkYXRhIHNvdXJjZSIgc2hvdWxkCj4gb25seSBiZSBh ZGRlZCBpbiB0aGUgZmlyc3QgcGF0Y2ggd2hpY2ggdXNlcyBpdCwgbm90IGhlcmUuICAgV2hlbiBh ZGRpbmcKPiBpdCBwbGVhc2Ugc2hvcnRlbiB0aGUgZmllbGQgZGVzY3JpcHRpb24gdG8gImtlcm5l bCBkYXRhIHNvdXJjZSIuICAgVGhlCj4gbG9uZ2VyIGV4cGxhbmF0aW9uIGNhbiBiZSBpbmNsdWRl ZCBpbiB0aGUgbG9uZ2VyIGZ1bmN0aW9uIGRlc2NyaXB0aW9uLgo+IAoqUXVlc3Rpb24qCkRvIHlv dSBtZWFuIHRoZSBwYXJhbWV0ZXIgQGV2ZW50X2RhdGFfc291cmNlIHNob3VsZCBiZSByZW1vdmVk IGZyb20gdGhpcwpwYXRjaD8gQW5kIHRoZW4gbGF0ZXIgYWRkZWQgaW4gcGF0Y2ggNy83IOKAkyB3 aGVyZSBTZUxpbnV4IHVzZXMgaXQ/CgpCdXQgaW1hX21lYXN1cmVfY3JpdGljYWxfZGF0YSgpIGNh bGxzIHByb2Nlc3NfYnVmZmVyX21lYXN1cmVtZW50KCksIGFuZApwX2JfbSgpIGFjY2VwdHMgaXQg YXMgcGFydCBvZiB0aGUgcGFyYW0gQGZ1bmNfZGF0YS4KCldoYXQgc2hvdWxkIHdlIHBhc3MgdG8g cF9iX20oKSBAZnVuY19kYXRhIGluIHRoaXMgcGF0Y2gsIGlmIHdlIHJlbW92ZQpAZXZlbnRfZGF0 YV9zb3VyY2UgZnJvbSB0aGlzIHBhdGNoPwoKPj4gKyAqIEBldmVudF9uYW1lOiBuYW1lIG9mIGFu IGV2ZW50IGZyb20gdGhlIGtlcm5lbCBzdWJzeXN0ZW0gdGhhdCBpcyBzZW5kaW5nCj4+ICsgKiB0 aGUgZGF0YSBmb3IgbWVhc3VyZW1lbnQKPiAKPiBBcyB0aGlzIGlzIGJlaW5nIHBhc3NlZCB0byBw cm9jZXNzX2J1ZmZlcl9tZWFzdXJlbWVudCgpLCB0aGlzIHNob3VsZCBiZQo+IHRoZSBzYW1lIG9y IHNpbWlsYXIgdG8gdGhlIGV4aXN0aW5nIGRlZmluaXRpb24uCj4gCk9rLiBJIHdpbGwgY2hhbmdl IHRoaXMgdG8gQGV2ZW50bmFtZSB0byBiZSBjb25zaXN0ZW10IHdpdGggcF9iX20oKS4KCj4+ICsg KiBAYnVmOiBwb2ludGVyIHRvIGJ1ZmZlciBjb250YWluaW5nIGRhdGEgdG8gbWVhc3VyZQo+PiAr ICogQGJ1Zl9sZW46IGxlbmd0aCBvZiBidWZmZXIoaW4gYnl0ZXMpCj4+ICsgKiBAbWVhc3VyZV9i dWZfaGFzaDogaWYgc2V0IHRvIHRydWUgLSB3aWxsIG1lYXN1cmUgaGFzaCBvZiB0aGUgYnVmLAo+ PiArICogICAgICAgICAgICAgICAgICAgIGluc3RlYWQgb2YgYnVmCj4gCj4gICBrZXJuZWwgZG9j IHJlcXVpcmVzIGEgc2luZ2xlIGxpbmUuICBJbiB0aGlzIGNhc2UsIHBsZWFzZSBzaG9ydGVuIHRo ZQo+IGFyZ3VtZW50IGRlZmluaXRpb24gdG8gIm1lYXN1cmUgYnVmZmVyIGRhdGEgb3IgYnVmZmVy IGRhdGEgaGFzaCIuICAgVGhlCj4gZGV0YWlscyBjYW4gYmUgaW5jbHVkZWQgaW4gdGhlIGxvbmdl ciBmdW5jdGlvbiBkZXNjcmlwdGlvbi4KPiAKU291bmRzIGdvb2QuIFdpbGwgZG8uCj4+ICsgKgo+ PiArICogQSBnaXZlbiBrZXJuZWwgc3Vic3lzdGVtIChldmVudF9kYXRhX3NvdXJjZSkgbWF5IHNl bmQKPj4gKyAqIGRhdGEgKGJ1ZikgdG8gYmUgbWVhc3VyZWQgd2hlbiB0aGUgZGF0YSBvciB0aGUg c3Vic3lzdGVtIHN0YXRlIGNoYW5nZXMuCj4+ICsgKiBUaGUgc3RhdGUvZGF0YSBjaGFuZ2UgY2Fu IGJlIGRlc2NyaWJlZCBieSBldmVudF9uYW1lLgo+PiArICogRXhhbXBsZXMgb2YgY3JpdGljYWwg ZGF0YSAoYnVmKSBjb3VsZCBiZSBrZXJuZWwgaW4tbWVtb3J5IHIvbyBzdHJ1Y3R1cmVzLAo+PiAr ICogaGFzaCBvZiB0aGUgbWVtb3J5IHN0cnVjdHVyZXMsIG9yIGRhdGEgdGhhdCByZXByZXNlbnRz IHN1YnN5c3RlbQo+PiArICogc3RhdGUgY2hhbmdlLgo+PiArICogbWVhc3VyZV9idWZfaGFzaCBj YW4gYmUgdXNlZCB0byBzYXZlIHNwYWNlLCBpZiB0aGUgZGF0YSBiZWluZyBtZWFzdXJlZAo+PiAr ICogaXMgdG9vIGxhcmdlLgo+PiArICogVGhlIGRhdGEgKGJ1ZikgY2FuIG9ubHkgYmUgbWVhc3Vy ZWQsIG5vdCBhcHByYWlzZWQuCj4+ICsgKi8KPiAKPiBQbGVhc2UgcmVtb3ZlIHRoaXMgbG9uZ2Vy IGZ1bmN0aW9uIGRlc2NyaXB0aW9uLCByZXBsYWNpbmcgaXQgc29tZXRoaW5nCj4gbW9yZSBhcHBy b3ByaWF0ZS4gIFRoZSBzdWJzZXF1ZW50IHBhdGNoIHRoYXQgaW50cm9kdWNlcyB0aGUgImRhdGEK PiBzb3VyY2UiIHBhcmFtZXRlciB3b3VsZCBleHBhbmQgdGhlIGRlc2NyaXB0aW9uLgo+IAo+IHRo YW5rcywKPiAKPiBNaW1pCj4gCipRdWVzdGlvbioKSGkgTWltaSwgd2lsbCBkby4KRG8geW91IHdh bnQgdGhlIGRhdGFfc291cmNlIHRvIGJlIHBhcnQgb2YgU2VMaW51eCBwYXRjaD8gKHBhdGNoIDcv NyBvZgp0aGlzIHNlcmllcykuCk9yIGEgc2VwYXJhdGUgcGF0Y2ggYmVmb3JlIGl0Pwp+VHVzaGFy Cgo+PiArdm9pZCBpbWFfbWVhc3VyZV9jcml0aWNhbF9kYXRhKGNvbnN0IGNoYXIgKmV2ZW50X2Rh dGFfc291cmNlLAo+PiArCQkJICAgICAgIGNvbnN0IGNoYXIgKmV2ZW50X25hbWUsCj4+ICsJCQkg ICAgICAgY29uc3Qgdm9pZCAqYnVmLCBpbnQgYnVmX2xlbiwKPj4gKwkJCSAgICAgICBib29sIG1l YXN1cmVfYnVmX2hhc2gpCj4+ICt7Cj4+ICsJaWYgKCFldmVudF9uYW1lIHx8ICFldmVudF9kYXRh X3NvdXJjZSB8fCAhYnVmIHx8ICFidWZfbGVuKSB7Cj4+ICsJCXByX2VycigiSW52YWxpZCBhcmd1 bWVudHMgcGFzc2VkIHRvICVzKCkuXG4iLCBfX2Z1bmNfXyk7Cj4+ICsJCXJldHVybjsKPj4gKwl9 Cj4+ICsKPj4gKwlwcm9jZXNzX2J1ZmZlcl9tZWFzdXJlbWVudChOVUxMLCBidWYsIGJ1Zl9sZW4s IGV2ZW50X25hbWUsCj4+ICsJCQkJICAgQ1JJVElDQUxfREFUQSwgMCwgZXZlbnRfZGF0YV9zb3Vy Y2UsCj4+ICsJCQkJICAgbWVhc3VyZV9idWZfaGFzaCk7Cj4+ICt9Cj4+ICsKPj4gICBzdGF0aWMg aW50IF9faW5pdCBpbml0X2ltYSh2b2lkKQo+PiAgIHsKPj4gICAJaW50IGVycm9yOwoKCi0tCmRt LWRldmVsIG1haWxpbmcgbGlzdApkbS1kZXZlbEByZWRoYXQuY29tCmh0dHBzOi8vd3d3LnJlZGhh dC5jb20vbWFpbG1hbi9saXN0aW5mby9kbS1kZXZlbA== From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.9 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,NICE_REPLY_A,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A6FFAC5519F for ; Thu, 12 Nov 2020 21:57:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3C74F216FD for ; Thu, 12 Nov 2020 21:57:25 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="pb5+ds9Y" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727175AbgKLV5Y (ORCPT ); Thu, 12 Nov 2020 16:57:24 -0500 Received: from linux.microsoft.com ([13.77.154.182]:54722 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727043AbgKLV5Y (ORCPT ); Thu, 12 Nov 2020 16:57:24 -0500 Received: from [192.168.86.31] (c-71-197-163-6.hsd1.wa.comcast.net [71.197.163.6]) by linux.microsoft.com (Postfix) with ESMTPSA id CBA5920C2872; Thu, 12 Nov 2020 13:57:22 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com CBA5920C2872 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1605218243; bh=PkdjkruNANX8wdTbYPq9U2AHzVXQRRmafd7bWjQQQ9Y=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=pb5+ds9Y1dHnrmNkg9sdbhb7z8gLlGW/fGr6/SoubR2iPOSlWiXvd8Cuj8JRaXBJ+ zCz4CA7hkVKQ/Jxg4W1xa03C7v0iARqYKG8lptnRBYBhctzmlh2naTTJrP/2HwfMVd WM5cawaRS7G50Pc3DbXOkRnm7IH9v2F2XoizC3WY= Subject: Re: [PATCH v5 3/7] IMA: add hook to measure critical data To: Mimi Zohar , stephen.smalley.work@gmail.com, casey@schaufler-ca.com, agk@redhat.com, snitzer@redhat.com, gmazyland@gmail.com, paul@paul-moore.com Cc: tyhicks@linux.microsoft.com, sashal@kernel.org, jmorris@namei.org, nramas@linux.microsoft.com, linux-integrity@vger.kernel.org, selinux@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dm-devel@redhat.com References: <20201101222626.6111-1-tusharsu@linux.microsoft.com> <20201101222626.6111-4-tusharsu@linux.microsoft.com> <1f83ec246cb6356c340b379ab00e43f0b5bba0ae.camel@linux.ibm.com> From: Tushar Sugandhi Message-ID: <25622ca6-359d-fa97-c5e6-e314cba51306@linux.microsoft.com> Date: Thu, 12 Nov 2020 13:57:22 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <1f83ec246cb6356c340b379ab00e43f0b5bba0ae.camel@linux.ibm.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org On 2020-11-06 5:24 a.m., Mimi Zohar wrote: > Hi Tushar, > > On Sun, 2020-11-01 at 14:26 -0800, Tushar Sugandhi wrote: >> Currently, IMA does not provide a generic function for kernel subsystems >> to measure their critical data. Examples of critical data in this context >> could be kernel in-memory r/o structures, hash of the memory structures, >> or data that represents a linux kernel subsystem state change. The >> critical data, if accidentally or maliciously altered, can compromise >> the integrity of the system. > > Start out with what IMA does do (e.g. measures files and more recently > buffer data). Afterwards continue with kernel integrity critical data > should also be measured. Please include a definition of kernel > integrity critical data here, as well as in the cover letter. > Yes, will do. I will also describe what kernel integrity critical data is – by providing a definition, and not by example - as you suggested. (here and in the cover letter) >> >> A generic function provided by IMA to measure critical data would enable >> various subsystems with easier and faster on-boarding to use IMA >> infrastructure and would also avoid code duplication. > > By definition LSM and IMA hooks are generic with callers in appropriate > places in the kernel. This paragraph is redundant. > Sounds good. I will remove this paragraph. >> >> Add a new IMA func CRITICAL_DATA and a corresponding IMA hook >> ima_measure_critical_data() to support measuring critical data for >> various kernel subsystems. > > Instead of using the word "add", it would be more appropriate to use > the word "define". Define a new IMA hook named > ima_measure_critical_data to measure kernel integrity critical data. > Please also update the Subject line as well. "ima: define an IMA hook > to measure kernel integrity critical data". > Sounds good. Will do. >> >> Signed-off-by: Tushar Sugandhi >> --- >> >> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c >> index 4485d87c0aa5..6e1b11dcba53 100644 >> --- a/security/integrity/ima/ima_main.c >> +++ b/security/integrity/ima/ima_main.c >> @@ -921,6 +921,44 @@ void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) >> fdput(f); >> } >> >> +/** >> + * ima_measure_critical_data - measure kernel subsystem data >> + * critical to integrity of the kernel > > Please change this to "measure kernel integrity critical data". > *Question* Thanks Mimi. Do you want us just to update the description, or do you want us to update the function name too? I believe you meant just description, but still want to clarify. ima_measure_kernel_integrity_critical_data() would be too long. Maybe ima_measure_integrity_critical_data()? Or do you want us to keep the existing ima_measure_critical_data()? Could you please let us know? >> + * @event_data_source: name of the data source being measured; >> + * typically it should be the name of the kernel subsystem that is sending >> + * the data for measurement > > Including "data_source" here isn't quite right. "data source" should > only be added in the first patch which uses it, not here. When adding > it please shorten the field description to "kernel data source". The > longer explanation can be included in the longer function description. > *Question* Do you mean the parameter @event_data_source should be removed from this patch? And then later added in patch 7/7 – where SeLinux uses it? But ima_measure_critical_data() calls process_buffer_measurement(), and p_b_m() accepts it as part of the param @func_data. What should we pass to p_b_m() @func_data in this patch, if we remove @event_data_source from this patch? >> + * @event_name: name of an event from the kernel subsystem that is sending >> + * the data for measurement > > As this is being passed to process_buffer_measurement(), this should be > the same or similar to the existing definition. > Ok. I will change this to @eventname to be consistemt with p_b_m(). >> + * @buf: pointer to buffer containing data to measure >> + * @buf_len: length of buffer(in bytes) >> + * @measure_buf_hash: if set to true - will measure hash of the buf, >> + * instead of buf > > kernel doc requires a single line. In this case, please shorten the > argument definition to "measure buffer data or buffer data hash". The > details can be included in the longer function description. > Sounds good. Will do. >> + * >> + * A given kernel subsystem (event_data_source) may send >> + * data (buf) to be measured when the data or the subsystem state changes. >> + * The state/data change can be described by event_name. >> + * Examples of critical data (buf) could be kernel in-memory r/o structures, >> + * hash of the memory structures, or data that represents subsystem >> + * state change. >> + * measure_buf_hash can be used to save space, if the data being measured >> + * is too large. >> + * The data (buf) can only be measured, not appraised. >> + */ > > Please remove this longer function description, replacing it something > more appropriate. The subsequent patch that introduces the "data > source" parameter would expand the description. > > thanks, > > Mimi > *Question* Hi Mimi, will do. Do you want the data_source to be part of SeLinux patch? (patch 7/7 of this series). Or a separate patch before it? ~Tushar >> +void ima_measure_critical_data(const char *event_data_source, >> + const char *event_name, >> + const void *buf, int buf_len, >> + bool measure_buf_hash) >> +{ >> + if (!event_name || !event_data_source || !buf || !buf_len) { >> + pr_err("Invalid arguments passed to %s().\n", __func__); >> + return; >> + } >> + >> + process_buffer_measurement(NULL, buf, buf_len, event_name, >> + CRITICAL_DATA, 0, event_data_source, >> + measure_buf_hash); >> +} >> + >> static int __init init_ima(void) >> { >> int error;