From: "H. Peter Anvin" <hpa@zytor.com>
To: John Stoffel <john@stoffel.org>
Cc: Eric Paris <eparis@redhat.com>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-fsdevel@vger.kernel.org, hch@infradead.org,
zohar@us.ibm.com, warthog9@kernel.org, david@fromorbit.com,
jmorris@namei.org, kyle@mcmartin.ca, akpm@linux-foundation.org,
torvalds@linux-foundation.org, mingo@elte.hu,
viro@zeniv.linux.org.uk
Subject: Re: [PATCH 06/11] IMA: use i_writecount rather than a private counter
Date: Tue, 26 Oct 2010 15:08:21 -0700 [thread overview]
Message-ID: <4CC75155.4060807@zytor.com> (raw)
In-Reply-To: <19654.56681.488563.135215@quad.stoffel.home>
On 10/26/2010 06:53 AM, John Stoffel wrote:
>
> No. What I was trying to get at, and probably poorly, was the comment
> you made about having to keep the IMA data structures around, even if
> IMA has been disabled, so that you could continue to claim integrity
> if IMA was re-enabled.
>
> So my question is really about the following situation:
>
> 1. System boots up, IMA is enabled.
> 2. SysAdmin notices and turns it off.
> - does the IMA overhead (not the per-inode 4 bytes) go away?
> - do the various in memory data structures get freed?
> - does the pointer in the inode get null'ed?
>
I think it's reasonable to require a reboot in this case.
-hpa
next prev parent reply other threads:[~2010-10-26 22:09 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-25 18:41 [PATCH 01/11] IMA: use rbtree instead of radix tree for inode information cache Eric Paris
2010-10-25 18:41 ` [PATCH 02/11] IMA: drop the inode opencount since it isn't needed for operation Eric Paris
2010-10-25 18:41 ` [PATCH 03/11] IMA: use unsigned int instead of long for counters Eric Paris
2010-10-25 18:41 ` [PATCH 04/11] IMA: convert internal flags from long to char Eric Paris
2010-10-25 18:41 ` [PATCH 05/11] IMA: use inode->i_lock to protect read and write counters Eric Paris
2010-10-25 18:41 ` [PATCH 06/11] IMA: use i_writecount rather than a private counter Eric Paris
2010-10-25 19:27 ` John Stoffel
2010-10-25 21:52 ` Eric Paris
2010-10-25 22:25 ` H. Peter Anvin
2010-10-25 22:29 ` Eric Paris
2010-10-26 13:57 ` John Stoffel
2010-10-26 13:53 ` John Stoffel
2010-10-26 22:08 ` H. Peter Anvin [this message]
2010-10-25 18:41 ` [PATCH 07/11] IMA: move read counter into struct inode Eric Paris
2010-10-25 18:42 ` [PATCH 08/11] IMA: only allocate iint when needed Eric Paris
2010-10-25 18:42 ` [PATCH 09/11] IMA: drop refcnt from ima_iint_cache since it isn't needed Eric Paris
2010-10-25 18:42 ` [PATCH 10/11] IMA: explicit IMA i_flag to remove global lock on inode_delete Eric Paris
2010-10-25 18:42 ` [PATCH 11/11] IMA: fix the ToMToU logic Eric Paris
2010-10-25 19:21 ` [PATCH 01/11] IMA: use rbtree instead of radix tree for inode information cache John Stoffel
2010-10-25 19:38 ` J.H.
2010-10-25 20:55 ` Linus Torvalds
2010-10-25 20:57 ` Christoph Hellwig
2010-10-25 21:11 ` Linus Torvalds
2010-10-26 14:01 ` John Stoffel
2010-10-26 15:22 ` Linus Torvalds
2010-10-26 15:30 ` Eric Paris
2010-10-26 15:53 ` John Stoffel
2010-10-26 18:13 ` Al Viro
2010-10-27 13:35 ` James Morris
2010-10-26 14:07 ` John Stoffel
2010-10-25 21:34 ` Eric Paris
2010-10-26 13:45 ` John Stoffel
2010-10-25 23:22 ` Dave Chinner
2010-10-26 0:12 ` Eric Paris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CC75155.4060807@zytor.com \
--to=hpa@zytor.com \
--cc=akpm@linux-foundation.org \
--cc=david@fromorbit.com \
--cc=eparis@redhat.com \
--cc=hch@infradead.org \
--cc=jmorris@namei.org \
--cc=john@stoffel.org \
--cc=kyle@mcmartin.ca \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=warthog9@kernel.org \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).