From: Mimi Zohar <zohar@linux.ibm.com>
To: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
steven chen <chenste@linux.microsoft.com>,
Roberto Sassu <roberto.sassu@huaweicloud.com>,
corbet@lwn.net, skhan@linuxfoundation.org,
dmitry.kasatkin@gmail.com, eric.snowberg@oracle.com,
paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com
Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
gregorylumen@linux.microsoft.com,
Roberto Sassu <roberto.sassu@huawei.com>
Subject: Re: [PATCH v5 00/13] ima: Introduce staging mechanism
Date: Tue, 26 May 2026 10:10:08 -0400 [thread overview]
Message-ID: <1d32dca26bec72bcfdc326359a17edfeb65b0a3f.camel@linux.ibm.com> (raw)
In-Reply-To: <aaed52cf-26e1-4c40-812d-3788024ce5b5@linux.microsoft.com>
On Mon, 2026-05-11 at 10:29 -0700, Lakshmi Ramasubramanian wrote:
> Roberto, Mimi:
>
> I want to add on to the point Steven has brought up.
>
> With "Stage and Delete N" approach, we have the following sequence of
> tasks for trimming the IMA log:
>
> 1. User mode locks the IMA measurement list through the "write interface".
> a. While this prevents any other user mode process from updating the
> IMA log, kernel can still add new IMA events to the measurement log
> 2. User mode reads the TPM Quote and the IMA measurement events and
> sends it to the remote attestation service
> 3. Once the remote service has successfully processed the IMA events,
> the user mode determines the number of IMA events "N" to be removed from
> the measurement list maintained in the kernel
> 4. User mode provides the value "N" to the kernel
> 5. Kernel now determines the point at which to snap the IMA measurement
> list using "N" - without holding a lock
> 6. Then, the kernel lock is held and the list is snapped at the point
> determined in the previous step thus keeping the kernel lock time to the
> minimum.
> 7. Now, user mode removes the "write" lock on the IMA measurement list
>
> With the above, we believe "Stage and Delete N" alone is sufficient to
> trim IMA log.
Prior versions of removing measurement records (aka "trimming") were rejected
for being overly complicated, locking, requiring a new record type, and code
quality. Patch 11 ("stage and delete N") is much better, but the level of
precision in removing only those measurements records needed for the TPM quote
seems necessary only if the records are not being saved.
The reason for the two methods might be the same — removing measurement records
from the IMA measurement list — but the motivation for the two methods does not
appear to be the same. The motivation for Patch 9 ("stage and delete") is
clearly to free kernel memory by exporting and saving the measurement records.
Remember, the only reason for upstreaming a feature to remove measurement
records from the IMA measurement list is to address the kernel memory issue —
clearly not to drop measurement records and break attestation.
Upstreaming patch 11 (stage and delete N) would be a concession for your
environment, but is definitely not the recommended solution.
Mimi
next prev parent reply other threads:[~2026-05-26 14:10 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-29 16:03 [PATCH v5 00/13] ima: Introduce staging mechanism Roberto Sassu
2026-04-29 16:03 ` [PATCH v5 01/13] ima: Remove ima_h_table structure Roberto Sassu
2026-05-21 2:05 ` Mimi Zohar
2026-04-29 16:03 ` [PATCH v5 02/13] ima: Replace static htable queue with dynamically allocated array Roberto Sassu
2026-05-21 2:05 ` Mimi Zohar
2026-04-29 16:03 ` [PATCH v5 03/13] ima: Introduce per binary measurements list type ima_num_entries counter Roberto Sassu
2026-05-21 2:05 ` Mimi Zohar
2026-04-29 16:03 ` [PATCH v5 04/13] ima: Introduce per binary measurements list type binary_runtime_size value Roberto Sassu
2026-05-21 2:06 ` Mimi Zohar
2026-05-21 7:58 ` Roberto Sassu
2026-04-29 16:03 ` [PATCH v5 05/13] ima: Introduce _ima_measurements_start() and _ima_measurements_next() Roberto Sassu
2026-05-21 2:06 ` Mimi Zohar
2026-04-29 16:03 ` [PATCH v5 06/13] ima: Mediate open/release method of the measurements list Roberto Sassu
2026-05-21 2:07 ` Mimi Zohar
2026-05-21 8:30 ` Roberto Sassu
2026-04-29 16:03 ` [PATCH v5 07/13] ima: Use snprintf() in create_securityfs_measurement_lists Roberto Sassu
2026-05-21 2:07 ` Mimi Zohar
2026-04-29 16:03 ` [PATCH v5 08/13] ima: Introduce ima_dump_measurement() Roberto Sassu
2026-05-21 2:07 ` Mimi Zohar
2026-04-29 16:03 ` [PATCH v5 09/13] ima: Add support for staging measurements with prompt Roberto Sassu
2026-05-04 12:51 ` Roberto Sassu
2026-05-21 15:18 ` Mimi Zohar
2026-04-29 16:03 ` [PATCH v5 10/13] ima: Add support for flushing the hash table when staging measurements Roberto Sassu
2026-05-21 16:06 ` Mimi Zohar
2026-04-29 16:03 ` [PATCH v5 11/13] ima: Support staging and deleting N measurements entries Roberto Sassu
2026-05-05 18:43 ` steven chen
2026-05-26 11:08 ` Mimi Zohar
2026-04-29 16:03 ` [PATCH v5 12/13] ima: Return error on deleting measurements already copied during kexec Roberto Sassu
2026-05-26 14:02 ` Mimi Zohar
2026-04-29 16:03 ` [PATCH v5 13/13] doc: security: Add documentation of the IMA staging mechanism Roberto Sassu
2026-05-26 15:53 ` Mimi Zohar
2026-05-07 16:47 ` [PATCH v5 00/13] ima: Introduce " steven chen
2026-05-11 17:29 ` Lakshmi Ramasubramanian
2026-05-12 8:17 ` Roberto Sassu
2026-05-15 17:37 ` Lakshmi Ramasubramanian
2026-05-19 8:38 ` Roberto Sassu
2026-05-26 14:10 ` Mimi Zohar [this message]
2026-05-21 2:02 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1d32dca26bec72bcfdc326359a17edfeb65b0a3f.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=chenste@linux.microsoft.com \
--cc=corbet@lwn.net \
--cc=dmitry.kasatkin@gmail.com \
--cc=eric.snowberg@oracle.com \
--cc=gregorylumen@linux.microsoft.com \
--cc=jmorris@namei.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=nramas@linux.microsoft.com \
--cc=paul@paul-moore.com \
--cc=roberto.sassu@huawei.com \
--cc=roberto.sassu@huaweicloud.com \
--cc=serge@hallyn.com \
--cc=skhan@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox