From: Roberto Sassu <roberto.sassu@huaweicloud.com>
To: Paul Moore <paul@paul-moore.com>,
Mimi Zohar <zohar@linux.ibm.com>,
Roberto Sassu <roberto.sassu@huawei.com>
Cc: linux-security-module@vger.kernel.org,
linux-integrity@vger.kernel.org, selinux@vger.kernel.org,
"John Johansen" <john.johansen@canonical.com>,
"Fan Wu" <wufan@kernel.org>, "Mickaël Salaün" <mic@digikod.net>,
"Günther Noack" <gnoack@google.com>,
"Kees Cook" <kees@kernel.org>,
"Micah Morton" <mortonm@chromium.org>,
"Casey Schaufler" <casey@schaufler-ca.com>,
"Tetsuo Handa" <penguin-kernel@i-love.sakura.ne.jp>,
"Nicolas Bouchinet" <nicolas.bouchinet@oss.cyber.gouv.fr>,
"Xiu Jianfeng" <xiujianfeng@huawei.com>
Subject: Re: [PATCH v3 31/34] ima,evm: move initcalls to the LSM framework
Date: Tue, 02 Sep 2025 14:50:05 +0200 [thread overview]
Message-ID: <9f35539de7188c6b853c55b76958a286131f5928.camel@huaweicloud.com> (raw)
In-Reply-To: <CAHC9VhS3KdVO9n-dgk1qFzTae0i+Oab8atMmt0CAsMEm1D4v5w@mail.gmail.com>
On Fri, 2025-08-22 at 16:45 -0400, Paul Moore wrote:
> On Thu, Aug 14, 2025 at 6:55 PM Paul Moore <paul@paul-moore.com> wrote:
> >
> > This patch converts IMA and EVM to use the LSM frameworks's initcall
> > mechanism. There was a minor challenge in this conversion that wasn't
> > seen when converting the other LSMs brought about by the resource
> > sharing between the two related, yes independent IMA and EVM LSMs.
> > This was resolved by registering the same initcalls for each LSM and
> > including code in each registered initcall to ensure it only executes
> > once during each boot.
> >
> > It is worth mentioning that this patch does not touch any of the
> > "platform certs" code that lives in the security/integrity/platform_certs
> > directory as the IMA/EVM maintainers have assured me that this code is
> > unrelated to IMA/EVM, despite the location, and will be moved to a more
> > relevant subsystem in the future.
> >
> > Signed-off-by: Paul Moore <paul@paul-moore.com>
> > ---
> > security/integrity/Makefile | 2 +-
> > security/integrity/evm/evm_main.c | 6 ++---
> > security/integrity/iint.c | 4 +--
> > security/integrity/ima/ima_main.c | 6 ++---
> > security/integrity/initcalls.c | 41 +++++++++++++++++++++++++++++++
> > security/integrity/initcalls.h | 28 +++++++++++++++++++++
> > 6 files changed, 78 insertions(+), 9 deletions(-)
> > create mode 100644 security/integrity/initcalls.c
> > create mode 100644 security/integrity/initcalls.h
>
> Mimi, Roberto, I believe I've incorporated all of your feedback thus
> far, does this patch look okay to you? If so, can I get an ACK from
> one or both of you?
I just realized that it could be rewritten without exposing the IMA and
EVM init functions. I also added the logic to cleanup the integrity
directory itself.
Sending soon...
Roberto
> > diff --git a/security/integrity/Makefile b/security/integrity/Makefile
> > index 92b63039c654..6ea330ea88b1 100644
> > --- a/security/integrity/Makefile
> > +++ b/security/integrity/Makefile
> > @@ -5,7 +5,7 @@
> >
> > obj-$(CONFIG_INTEGRITY) += integrity.o
> >
> > -integrity-y := iint.o
> > +integrity-y := iint.o initcalls.o
> > integrity-$(CONFIG_INTEGRITY_AUDIT) += integrity_audit.o
> > integrity-$(CONFIG_INTEGRITY_SIGNATURE) += digsig.o
> > integrity-$(CONFIG_INTEGRITY_ASYMMETRIC_KEYS) += digsig_asymmetric.o
> > diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
> > index db8e324ed4e6..823573bcaa27 100644
> > --- a/security/integrity/evm/evm_main.c
> > +++ b/security/integrity/evm/evm_main.c
> > @@ -25,6 +25,7 @@
> > #include <crypto/hash.h>
> > #include <crypto/hash_info.h>
> > #include <crypto/utils.h>
> > +#include "../initcalls.h"
> > #include "evm.h"
> >
> > int evm_initialized;
> > @@ -1112,7 +1113,7 @@ void __init evm_load_x509(void)
> > }
> > #endif
> >
> > -static int __init init_evm(void)
> > +int __init init_evm(void)
> > {
> > int error;
> > struct list_head *pos, *q;
> > @@ -1179,6 +1180,5 @@ DEFINE_LSM(evm) = {
> > .init = init_evm_lsm,
> > .order = LSM_ORDER_LAST,
> > .blobs = &evm_blob_sizes,
> > + .initcall_late = integrity_late_init,
> > };
> > -
> > -late_initcall(init_evm);
> > diff --git a/security/integrity/iint.c b/security/integrity/iint.c
> > index 068ac6c2ae1e..a4b88d67ff43 100644
> > --- a/security/integrity/iint.c
> > +++ b/security/integrity/iint.c
> > @@ -11,6 +11,7 @@
> > */
> > #include <linux/security.h>
> > #include "integrity.h"
> > +#include "initcalls.h"
> >
> > struct dentry *integrity_dir;
> >
> > @@ -42,7 +43,7 @@ void __init integrity_load_keys(void)
> > evm_load_x509();
> > }
> >
> > -static int __init integrity_fs_init(void)
> > +int __init integrity_fs_init(void)
> > {
> > integrity_dir = securityfs_create_dir("integrity", NULL);
> > if (IS_ERR(integrity_dir)) {
> > @@ -58,4 +59,3 @@ static int __init integrity_fs_init(void)
> > return 0;
> > }
> >
> > -late_initcall(integrity_fs_init)
> > diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> > index eade8e1e3cb1..06ae59cd77f4 100644
> > --- a/security/integrity/ima/ima_main.c
> > +++ b/security/integrity/ima/ima_main.c
> > @@ -28,6 +28,7 @@
> > #include <linux/iversion.h>
> > #include <linux/evm.h>
> > #include <linux/crash_dump.h>
> > +#include "../initcalls.h"
> >
> > #include "ima.h"
> >
> > @@ -1202,7 +1203,7 @@ static int ima_kernel_module_request(char *kmod_name)
> >
> > #endif /* CONFIG_INTEGRITY_ASYMMETRIC_KEYS */
> >
> > -static int __init init_ima(void)
> > +int __init init_ima(void)
> > {
> > int error;
> >
> > @@ -1283,6 +1284,5 @@ DEFINE_LSM(ima) = {
> > .init = init_ima_lsm,
> > .order = LSM_ORDER_LAST,
> > .blobs = &ima_blob_sizes,
> > + .initcall_late = integrity_late_init,
> > };
> > -
> > -late_initcall(init_ima); /* Start IMA after the TPM is available */
> > diff --git a/security/integrity/initcalls.c b/security/integrity/initcalls.c
> > new file mode 100644
> > index 000000000000..6afa411068f2
> > --- /dev/null
> > +++ b/security/integrity/initcalls.c
> > @@ -0,0 +1,41 @@
> > +// SPDX-License-Identifier: GPL-2.0+
> > +/*
> > + * IMA/EVM initcalls
> > + *
> > + */
> > +
> > +#include <linux/init.h>
> > +
> > +#include "initcalls.h"
> > +
> > +/**
> > + * integrity_late_init - late_initcalls for IMA/EVM
> > + *
> > + * This helper function wraps all of the late_initcalls for both IMA and EVM.
> > + * It can be called multiple times, e.g. once from IMA and once from EVM,
> > + * without problem as it maintains an internal static state variable which
> > + * ensures that any setup/initialization is only done once.
> > + */
> > +int __init integrity_late_init(void)
> > +{
> > + int rc = 0, rc_tmp;
> > + static bool setup = false;
> > +
> > + if (setup)
> > + return 0;
> > + setup = true;
> > +
> > + rc_tmp = integrity_fs_init();
> > + if (!rc && rc_tmp)
> > + rc = rc_tmp;
> > +
> > + rc_tmp = init_ima();
> > + if (!rc && rc_tmp)
> > + rc = rc_tmp;
> > +
> > + rc_tmp = init_evm();
> > + if (!rc && rc_tmp)
> > + rc = rc_tmp;
> > +
> > + return rc;
> > +}
> > diff --git a/security/integrity/initcalls.h b/security/integrity/initcalls.h
> > new file mode 100644
> > index 000000000000..b56e9c576505
> > --- /dev/null
> > +++ b/security/integrity/initcalls.h
> > @@ -0,0 +1,28 @@
> > +/* SPDX-License-Identifier: GPL-2.0 */
> > +
> > +#ifndef _INTEGRITY_INITCALLS_H
> > +#define _INTEGRITY_INITCALLS_H
> > +
> > +int integrity_fs_init(void);
> > +
> > +#ifdef CONFIG_IMA
> > +int init_ima(void);
> > +#else
> > +static inline int init_ima(void)
> > +{
> > + return 0;
> > +}
> > +#endif
> > +
> > +#ifdef CONFIG_EVM
> > +int init_evm(void);
> > +#else
> > +static inline int init_evm(void)
> > +{
> > + return 0;
> > +}
> > +#endif
> > +
> > +int integrity_late_init(void);
> > +
> > +#endif
> > --
> > 2.50.1
>
next prev parent reply other threads:[~2025-09-02 12:50 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-14 22:50 [RFC PATCH v3 0/34] Rework the LSM initialization Paul Moore
2025-08-14 22:50 ` [PATCH v3 01/34] lsm: split the notifier code out into lsm_notifier.c Paul Moore
2025-08-14 22:50 ` [PATCH v3 02/34] lsm: split the init code out into lsm_init.c Paul Moore
2025-08-14 22:50 ` [PATCH v3 03/34] lsm: consolidate lsm_allowed() and prepare_lsm() into lsm_prepare() Paul Moore
2025-09-02 16:33 ` John Johansen
2025-08-14 22:50 ` [PATCH v3 04/34] lsm: introduce looping macros for the initialization code Paul Moore
2025-09-02 16:37 ` John Johansen
2025-09-03 20:07 ` Paul Moore
2025-08-14 22:50 ` [PATCH v3 05/34] lsm: integrate report_lsm_order() code into caller Paul Moore
2025-09-02 16:53 ` John Johansen
2025-08-14 22:50 ` [PATCH v3 06/34] lsm: integrate lsm_early_cred() and lsm_early_task() " Paul Moore
2025-09-02 16:55 ` John Johansen
2025-08-14 22:50 ` [PATCH v3 07/34] lsm: rename ordered_lsm_init() to lsm_init_ordered() Paul Moore
2025-09-02 16:56 ` John Johansen
2025-08-14 22:50 ` [PATCH v3 08/34] lsm: replace the name field with a pointer to the lsm_id struct Paul Moore
2025-08-14 22:50 ` [PATCH v3 09/34] lsm: rename the lsm order variables for consistency Paul Moore
2025-08-14 22:50 ` [PATCH v3 10/34] lsm: rework lsm_active_cnt and lsm_idlist[] Paul Moore
2025-09-02 17:01 ` John Johansen
2025-08-14 22:50 ` [PATCH v3 11/34] lsm: get rid of the lsm_names list and do some cleanup Paul Moore
2025-08-15 17:00 ` Casey Schaufler
2025-09-02 17:20 ` John Johansen
2025-09-03 20:26 ` Paul Moore
2025-09-03 23:12 ` John Johansen
2025-09-04 8:12 ` Roberto Sassu
2025-09-04 8:48 ` John Johansen
2025-09-04 15:18 ` Paul Moore
2025-09-04 17:52 ` Paul Moore
2025-08-14 22:50 ` [PATCH v3 12/34] lsm: rework the LSM enable/disable setter/getter functions Paul Moore
2025-09-02 17:39 ` John Johansen
2025-08-14 22:50 ` [PATCH v3 13/34] lsm: rename exists_ordered_lsm() to lsm_order_exists() Paul Moore
2025-09-02 17:42 ` John Johansen
2025-08-14 22:50 ` [PATCH v3 14/34] lsm: rename/rework append_ordered_lsm() into lsm_order_append() Paul Moore
2025-09-03 0:17 ` John Johansen
2025-08-14 22:50 ` [PATCH v3 15/34] lsm: rename/rework ordered_lsm_parse() to lsm_order_parse() Paul Moore
2025-09-03 8:40 ` John Johansen
2025-08-14 22:50 ` [PATCH v3 16/34] lsm: cleanup the LSM blob size code Paul Moore
2025-08-14 22:50 ` [PATCH v3 17/34] lsm: cleanup initialize_lsm() and rename to lsm_init_single() Paul Moore
2025-08-15 17:05 ` Casey Schaufler
2025-08-14 22:50 ` [PATCH v3 18/34] lsm: fold lsm_init_ordered() into security_init() Paul Moore
2025-09-03 8:47 ` John Johansen
2025-08-14 22:50 ` [PATCH v3 19/34] lsm: add/tweak function header comment blocks in lsm_init.c Paul Moore
2025-09-03 8:48 ` John Johansen
2025-08-14 22:50 ` [PATCH v3 20/34] lsm: cleanup the debug and console output " Paul Moore
2025-09-03 10:22 ` John Johansen
2025-08-14 22:50 ` [PATCH v3 21/34] lsm: output available LSMs when debugging Paul Moore
2025-09-03 8:49 ` John Johansen
2025-08-14 22:50 ` [PATCH v3 22/34] lsm: group lsm_order_parse() with the other lsm_order_*() functions Paul Moore
2025-09-02 17:46 ` John Johansen
2025-08-14 22:50 ` [PATCH v3 23/34] lsm: introduce an initcall mechanism into the LSM framework Paul Moore
2025-09-02 17:50 ` John Johansen
2025-08-14 22:50 ` [PATCH v3 24/34] loadpin: move initcalls to " Paul Moore
2025-09-02 17:51 ` John Johansen
2025-08-14 22:50 ` [PATCH v3 25/34] ipe: " Paul Moore
2025-09-02 17:52 ` John Johansen
2025-08-14 22:50 ` [PATCH v3 26/34] smack: " Paul Moore
2025-09-02 18:08 ` John Johansen
2025-08-14 22:50 ` [PATCH v3 27/34] tomoyo: " Paul Moore
2025-09-02 18:09 ` John Johansen
2025-09-03 20:32 ` Paul Moore
2025-09-04 9:52 ` Tetsuo Handa
2025-09-04 15:02 ` Paul Moore
2025-08-14 22:50 ` [PATCH v3 28/34] safesetid: " Paul Moore
2025-09-02 18:10 ` John Johansen
2025-08-14 22:50 ` [PATCH v3 29/34] apparmor: " Paul Moore
2025-09-03 20:34 ` Paul Moore
2025-09-03 23:15 ` John Johansen
2025-09-04 1:28 ` Paul Moore
2025-08-14 22:50 ` [PATCH v3 30/34] lockdown: " Paul Moore
2025-09-02 18:12 ` John Johansen
2025-08-14 22:50 ` [PATCH v3 31/34] ima,evm: " Paul Moore
2025-08-22 20:45 ` Paul Moore
2025-09-02 12:50 ` Roberto Sassu [this message]
2025-09-02 12:54 ` [PATCH] " Roberto Sassu
2025-09-03 20:43 ` Paul Moore
2025-08-14 22:50 ` [PATCH v3 32/34] selinux: " Paul Moore
2025-08-14 22:50 ` [PATCH v3 33/34] lsm: consolidate all of the LSM framework initcalls Paul Moore
2025-09-02 18:20 ` John Johansen
2025-08-14 22:50 ` [PATCH v3 34/34] lsm: add a LSM_STARTED_ALL notification event Paul Moore
2025-09-02 18:21 ` John Johansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9f35539de7188c6b853c55b76958a286131f5928.camel@huaweicloud.com \
--to=roberto.sassu@huaweicloud.com \
--cc=casey@schaufler-ca.com \
--cc=gnoack@google.com \
--cc=john.johansen@canonical.com \
--cc=kees@kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=mortonm@chromium.org \
--cc=nicolas.bouchinet@oss.cyber.gouv.fr \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=roberto.sassu@huawei.com \
--cc=selinux@vger.kernel.org \
--cc=wufan@kernel.org \
--cc=xiujianfeng@huawei.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).