From: Roberto Sassu <roberto.sassu@huawei.com>
To: Linus Torvalds <torvalds@linux-foundation.org>,
Mimi Zohar <zohar@linux.ibm.com>
Cc: linux-integrity <linux-integrity@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
Silviu Vlasceanu <Silviu.Vlasceanu@huawei.com>
Subject: RE: [GIT PULL] integrity subsystem updates for v5.8
Date: Sun, 7 Jun 2020 20:14:28 +0000 [thread overview]
Message-ID: <7ebbfdc6a5ca447c9b19231da6e2fc9f@huawei.com> (raw)
In-Reply-To: <CAHk-=whV2B4fPSkHA1Z6qEbwRTcJF0gYWBfAuqSGG+p-05HtfQ@mail.gmail.com>
> From: linux-integrity-owner@vger.kernel.org [mailto:linux-integrity-
> owner@vger.kernel.org] On Behalf Of Linus Torvalds
> Sent: Sunday, June 7, 2020 9:59 PM
> On Fri, Jun 5, 2020 at 10:03 AM Mimi Zohar <zohar@linux.ibm.com> wrote:
> >
> > The main changes are extending the TPM 2.0 PCR banks with bank
> > specific file hashes, calculating the "boot_aggregate" based on other
> > TPM PCR banks, using the default IMA hash algorithm, instead of SHA1,
> > as the basis for the cache hash table key, and preventing the mprotect
> > syscall to circumvent an IMA mmap appraise policy rule.
>
> I'm not sure why I didn't notice this during my test builds, but this
> results in a new warning:
>
> WARNING: modpost: vmlinux.o(.text+0x496264): Section mismatch in
> reference from the function ima_calc_boot_aggregate() to the function
> .init.text:ima_pcrread()
> The function ima_calc_boot_aggregate() references
> the function __init ima_pcrread().
> This is often because ima_calc_boot_aggregate lacks a __init
> annotation or the annotation of ima_pcrread is wrong.
>
> and I think the warning is real - and the problem is real, not just a
> missing annotation.
>
> It looks like ima_calc_boot_aggregate() may be called not only at init
> time (ima_eventdigest_init() is referenced from "struct
> ima_template_field supported_fields[]", for example)
>
> So calling an __init function would be very wrong, because it might be
> gone by that time.
>
> Hmm?
Right, I also missed it. Will send a patch soon.
Roberto
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Li Peng, Li Jian, Shi Yanli
prev parent reply other threads:[~2020-06-07 20:14 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-05 17:02 [GIT PULL] integrity subsystem updates for v5.8 Mimi Zohar
2020-06-06 17:15 ` pr-tracker-bot
2020-06-07 19:59 ` Linus Torvalds
2020-06-07 20:14 ` Roberto Sassu [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7ebbfdc6a5ca447c9b19231da6e2fc9f@huawei.com \
--to=roberto.sassu@huawei.com \
--cc=Silviu.Vlasceanu@huawei.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.