Re: [dm-devel] [PATCH 0/6] updates to device mapper target measurement using ima

From: Tushar Sugandhi <tusharsu@linux.microsoft.com>
To: Mike Snitzer <snitzer@redhat.com>
Cc: sfr@canb.auug.org.au, zohar@linux.ibm.com,
	linux-block@vger.kernel.org, nramas@linux.microsoft.com,
	dm-devel@redhat.com, public@thson.de,
	linux-integrity@vger.kernel.org, agk@redhat.com
Subject: Re: [dm-devel] [PATCH 0/6] updates to device mapper target measurement using ima
Date: Mon, 23 Aug 2021 10:18:17 -0700	[thread overview]
Message-ID: <d68666b2-7ae7-3932-e86e-abab0a2255ee@linux.microsoft.com> (raw)
In-Reply-To: <YSAOTX+TQwaCUeCn@redhat.com>

Hello Mike,

On 8/20/21 1:19 PM, Mike Snitzer wrote:
> On Fri, Aug 13 2021 at  5:37P -0400,
> Tushar Sugandhi <tusharsu@linux.microsoft.com> wrote:
> 
>>
>> There were several improvements suggested for the original device mapper
>> target measurement patch series [1].
>>
>> Those improvement suggestions include:
>>   - Prefixing hashes for the DM tables being measured in ima log with the
>>     hash algorithm.
>>   - Adding version information for DM related events being measured in the
>>     ima log.
>>   - Prefixing DM related event names with "dm_".
>>   - Including the verity target attribute - "root_hash_sig_key_desc"
>>     in the ima measurement log.
>>
>> This series incorporates the above suggestions.
>>
>> This series also has the following fixes:
>>   - Adding a one-time warning to dmesg during dm_init if
>>     CONFIG_IMA_DISABLE_HTABLE is set to 'n'.
>>   - Updating 'integrity' target to remove the duplicate measurement of
>>     the attribute "mode=%c".
>>   - Indexing various attributes in 'multipath' target, and adding
>>     "nr_priority_groups=%u" attribute to the measurements.
>>   - Fixing 'make htmldocs' warnings in dm-ima.rst.
>>   - Adding missing documentation for the targets - 'cache', 'integrity',
>>     'multipath', and 'snapshot' in dm-ima.rst.
>>   - Updating dm-ima.rst documentation with the grammar for various DM
>>     events and targets in Backus Naur form.
>>   - Updating dm-ima.rst documentation to be consistent with the code
>>     changes described above.
>>
>> This series is based on top of the following git repo/branch/commit:
>>   Repo: https://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm.git
>>   Branch: dm-5.15
>>   Commit: commit 5a2a33884f0b ("dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()")
>>
>>
>> [1] https://patchwork.kernel.org/project/dm-devel/cover/20210713004904.8808-1-tusharsu@linux.microsoft.com/
>>
>> Tushar Sugandhi (6):
>>    dm ima: prefix dm table hashes in ima log with hash algorithm
>>    dm ima: add version info to dm related events in ima log
>>    dm ima: prefix ima event name related to device mapper with dm_
>>    dm ima: add a warning in dm_init if duplicate ima events are not
>>      measured
>>    dm ima: update dm target attributes for ima measurements
>>    dm ima: update dm documentation for ima measurement support
> 
> Hi,
> 
> I reviewed and staged these changes in dm-5.15 (and for-next) with
> minimal tweaks. Really just some whitespace and a simplification of
> the conditional for the warning in dm_init().
> 
> Please make sure that you manually apply Christoph's fix for the issue
> you reported earlier in the week, you were cc'd on the ultimate fix
> which has a different patch header than this patch but on a code level
> it is identical (and only patch that landed on a public mailing list
> due to typo in linux-block email address when hch sent the final fix):
> https://listman.redhat.com/archives/dm-devel/2021-August/msg00154.html
> 
> It is an issue that'll linger in the dm-5.15 because I cannot rebase
> at this late hour even once Jens picks the fix up into the
> linux-block tree.
> 
Thank you. I will apply Christoph's fix at my end and test the scenario 
again.

Thanks,
Tushar
> Thanks,
> Mike
> 

--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel