Re: [dm-devel] [PATCH 0/6] updates to device mapper target measurement using ima

From: Mike Snitzer <snitzer@redhat.com>
To: Tushar Sugandhi <tusharsu@linux.microsoft.com>
Cc: sfr@canb.auug.org.au, zohar@linux.ibm.com,
	linux-block@vger.kernel.org, nramas@linux.microsoft.com,
	dm-devel@redhat.com, public@thson.de,
	linux-integrity@vger.kernel.org, agk@redhat.com
Subject: Re: [dm-devel] [PATCH 0/6] updates to device mapper target measurement using ima
Date: Fri, 20 Aug 2021 16:19:25 -0400	[thread overview]
Message-ID: <YSAOTX+TQwaCUeCn@redhat.com> (raw)
In-Reply-To: <20210813213801.297051-1-tusharsu@linux.microsoft.com>

On Fri, Aug 13 2021 at  5:37P -0400,
Tushar Sugandhi <tusharsu@linux.microsoft.com> wrote:

> 
> There were several improvements suggested for the original device mapper
> target measurement patch series [1].
> 
> Those improvement suggestions include: 
>  - Prefixing hashes for the DM tables being measured in ima log with the
>    hash algorithm.
>  - Adding version information for DM related events being measured in the
>    ima log.
>  - Prefixing DM related event names with "dm_".
>  - Including the verity target attribute - "root_hash_sig_key_desc"
>    in the ima measurement log.
> 
> This series incorporates the above suggestions.
> 
> This series also has the following fixes:
>  - Adding a one-time warning to dmesg during dm_init if
>    CONFIG_IMA_DISABLE_HTABLE is set to 'n'.
>  - Updating 'integrity' target to remove the duplicate measurement of
>    the attribute "mode=%c".
>  - Indexing various attributes in 'multipath' target, and adding
>    "nr_priority_groups=%u" attribute to the measurements.
>  - Fixing 'make htmldocs' warnings in dm-ima.rst.
>  - Adding missing documentation for the targets - 'cache', 'integrity',
>    'multipath', and 'snapshot' in dm-ima.rst.
>  - Updating dm-ima.rst documentation with the grammar for various DM
>    events and targets in Backus Naur form.
>  - Updating dm-ima.rst documentation to be consistent with the code
>    changes described above.
> 
> This series is based on top of the following git repo/branch/commit:
>  Repo: https://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm.git
>  Branch: dm-5.15
>  Commit: commit 5a2a33884f0b ("dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()")
> 
> 
> [1] https://patchwork.kernel.org/project/dm-devel/cover/20210713004904.8808-1-tusharsu@linux.microsoft.com/
> 
> Tushar Sugandhi (6):
>   dm ima: prefix dm table hashes in ima log with hash algorithm
>   dm ima: add version info to dm related events in ima log
>   dm ima: prefix ima event name related to device mapper with dm_
>   dm ima: add a warning in dm_init if duplicate ima events are not
>     measured
>   dm ima: update dm target attributes for ima measurements
>   dm ima: update dm documentation for ima measurement support

Hi,

I reviewed and staged these changes in dm-5.15 (and for-next) with
minimal tweaks. Really just some whitespace and a simplification of
the conditional for the warning in dm_init().

Please make sure that you manually apply Christoph's fix for the issue
you reported earlier in the week, you were cc'd on the ultimate fix
which has a different patch header than this patch but on a code level
it is identical (and only patch that landed on a public mailing list
due to typo in linux-block email address when hch sent the final fix):
https://listman.redhat.com/archives/dm-devel/2021-August/msg00154.html

It is an issue that'll linger in the dm-5.15 because I cannot rebase
at this late hour even once Jens picks the fix up into the
linux-block tree.

Thanks,
Mike

--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel