From: Mimi Zohar <zohar@linux.ibm.com>
To: Paul Moore <paul@paul-moore.com>
Cc: selinux@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
"John Johansen" <john.johansen@canonical.com>,
"Roberto Sassu" <roberto.sassu@huawei.com>,
"Fan Wu" <wufan@kernel.org>, "Mickaël Salaün" <mic@digikod.net>,
"Günther Noack" <gnoack@google.com>,
"Kees Cook" <kees@kernel.org>,
"Micah Morton" <mortonm@chromium.org>,
"Casey Schaufler" <casey@schaufler-ca.com>,
"Tetsuo Handa" <penguin-kernel@i-love.sakura.ne.jp>,
"Nicolas Bouchinet" <nicolas.bouchinet@oss.cyber.gouv.fr>,
"Xiu Jianfeng" <xiujianfeng@huawei.com>
Subject: Re: [PATCH v4 31/34] ima,evm: move initcalls to the LSM framework
Date: Fri, 10 Oct 2025 12:53:28 -0400 [thread overview]
Message-ID: <282070d5c0dd68140ae221833ea8c5ba4baada4f.camel@linux.ibm.com> (raw)
In-Reply-To: <CAHC9VhQCmFJQ1=Eyu1D+Mcg2FVDByrk8QcwV5HaZdB95esiA7Q@mail.gmail.com>
On Tue, 2025-09-30 at 16:11 -0400, Paul Moore wrote:
> On Tue, Sep 16, 2025 at 6:14 PM Paul Moore <paul@paul-moore.com> wrote:
> >
> > From: Roberto Sassu <roberto.sassu@huawei.com>
> >
> > This patch converts IMA and EVM to use the LSM frameworks's initcall
> > mechanism. It moved the integrity_fs_init() call to ima_fs_init() and
> > evm_init_secfs(), to work around the fact that there is no "integrity" LSM,
> > and introduced integrity_fs_fini() to remove the integrity directory, if
> > empty. Both integrity_fs_init() and integrity_fs_fini() support the
> > scenario of being called by both the IMA and EVM LSMs.
> >
> > This patch does not touch any of the platform certificate code that
> > lives under the security/integrity/platform_certs directory as the
> > IMA/EVM developers would prefer to address that in a future patchset.
> >
> > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> > [PM: adjust description as discussed over email]
> > Signed-off-by: Paul Moore <paul@paul-moore.com>
> > ---
> > security/integrity/evm/evm_main.c | 3 +--
> > security/integrity/evm/evm_secfs.c | 11 +++++++++--
> > security/integrity/iint.c | 14 ++++++++++++--
> > security/integrity/ima/ima_fs.c | 11 +++++++++--
> > security/integrity/ima/ima_main.c | 4 ++--
> > security/integrity/integrity.h | 2 ++
> > 6 files changed, 35 insertions(+), 10 deletions(-)
>
> I appreciate you reviewing most (all?) of the other patches in this
> patchset, but any chance you could review the IMA/EVM from Roberto?
> This is the only patch that really needs your review ...
Paul, I'm sorry for the long delay in reviewing and testing this patch set. It
wasn't enough to just review this one patch, but it needed to be reviewed in
context.
The initcall ordering is extremely important for IMA. IMA-measurement needs to
be initialized after the TPM, otherwise IMA goes into TPM-bypass mode. As
expected, the initcall ordering seems to be fine. However this patch set
modifies the initcall debugging.
The kernel boot command line option "initcall_debug" outputs "entering initcall
level:" messages for each of the initcall levels, and "calling ...." and
"initcall ..." messages for the individual initcalls.
For example,
[ 0.896556] entering initcall level: arch
[ 0.896556] calling report_snp_info+0x0/0xd0 @ 1
[ 0.896556] initcall report_snp_info+0x0/0xd0 returned 0 after 0 usecs
With this patch set, the "calling ..." and "initcall ..." messages will not be
emitted for the LSMs. In lieu of these messages, the patch set defines a new
boot command line option "lsm.debug", which outputs "LSM: entering ....
initcall".
For example,
[ 2.225821] calling security_initcall_late+0x0/0xc0 @ 1
[ 2.225825] LSM: running ima late initcall
Regardless as to whether the performance information is actually necessary, the
initcall debugging change should probably be documented. Maybe update
initcall_debug to reference lsm.debug in Documentation/admin-guide/kernel-
parameters.txt.
Mimi
next prev parent reply other threads:[~2025-10-10 16:54 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-16 22:03 [PATCH v4 0/34] Rework the LSM initialization Paul Moore
2025-09-16 22:03 ` [PATCH v4 01/34] lsm: split the notifier code out into lsm_notifier.c Paul Moore
2025-09-19 10:44 ` Mimi Zohar
2025-09-16 22:03 ` [PATCH v4 02/34] lsm: split the init code out into lsm_init.c Paul Moore
2025-09-19 10:45 ` Mimi Zohar
2025-09-16 22:03 ` [PATCH v4 03/34] lsm: consolidate lsm_allowed() and prepare_lsm() into lsm_prepare() Paul Moore
2025-09-19 10:45 ` Mimi Zohar
2025-09-16 22:03 ` [PATCH v4 04/34] lsm: introduce looping macros for the initialization code Paul Moore
2025-09-19 10:45 ` Mimi Zohar
2025-09-16 22:03 ` [PATCH v4 05/34] lsm: integrate report_lsm_order() code into caller Paul Moore
2025-09-19 10:45 ` Mimi Zohar
2025-09-16 22:03 ` [PATCH v4 06/34] lsm: integrate lsm_early_cred() and lsm_early_task() " Paul Moore
2025-09-19 10:45 ` Mimi Zohar
2025-09-16 22:03 ` [PATCH v4 07/34] lsm: rename ordered_lsm_init() to lsm_init_ordered() Paul Moore
2025-09-19 10:45 ` Mimi Zohar
2025-09-16 22:03 ` [PATCH v4 08/34] lsm: replace the name field with a pointer to the lsm_id struct Paul Moore
2025-09-19 19:02 ` Mimi Zohar
2025-09-16 22:03 ` [PATCH v4 09/34] lsm: rename the lsm order variables for consistency Paul Moore
2025-09-19 19:02 ` Mimi Zohar
2025-09-16 22:03 ` [PATCH v4 10/34] lsm: rework lsm_active_cnt and lsm_idlist[] Paul Moore
2025-09-19 19:02 ` Mimi Zohar
2025-09-16 22:03 ` [PATCH v4 11/34] lsm: get rid of the lsm_names list and do some cleanup Paul Moore
2025-09-19 19:15 ` Mimi Zohar
2025-09-21 19:23 ` Paul Moore
2025-09-22 10:52 ` Mimi Zohar
2025-09-22 21:52 ` Paul Moore
2025-09-16 22:03 ` [PATCH v4 12/34] lsm: rework the LSM enable/disable setter/getter functions Paul Moore
2025-09-19 19:04 ` Mimi Zohar
2025-09-16 22:03 ` [PATCH v4 13/34] lsm: rename exists_ordered_lsm() to lsm_order_exists() Paul Moore
2025-09-19 19:05 ` Mimi Zohar
2025-09-16 22:03 ` [PATCH v4 14/34] lsm: rename/rework append_ordered_lsm() into lsm_order_append() Paul Moore
2025-09-16 22:03 ` [PATCH v4 15/34] lsm: rename/rework ordered_lsm_parse() to lsm_order_parse() Paul Moore
2025-09-18 11:29 ` Mimi Zohar
2025-09-18 15:38 ` Paul Moore
2025-09-18 15:55 ` Mimi Zohar
2025-09-16 22:03 ` [PATCH v4 16/34] lsm: cleanup the LSM blob size code Paul Moore
2025-09-18 15:14 ` Mimi Zohar
2025-09-16 22:03 ` [PATCH v4 17/34] lsm: cleanup initialize_lsm() and rename to lsm_init_single() Paul Moore
2025-09-18 15:28 ` Mimi Zohar
2025-09-16 22:03 ` [PATCH v4 18/34] lsm: fold lsm_init_ordered() into security_init() Paul Moore
2025-09-16 22:03 ` [PATCH v4 19/34] lsm: add/tweak function header comment blocks in lsm_init.c Paul Moore
2025-09-16 22:03 ` [PATCH v4 20/34] lsm: cleanup the debug and console output " Paul Moore
2025-09-18 15:50 ` Mimi Zohar
2025-09-18 15:54 ` Paul Moore
2025-09-16 22:03 ` [PATCH v4 21/34] lsm: output available LSMs when debugging Paul Moore
2025-09-18 17:11 ` Mimi Zohar
2025-09-16 22:03 ` [PATCH v4 22/34] lsm: group lsm_order_parse() with the other lsm_order_*() functions Paul Moore
2025-09-18 17:22 ` Mimi Zohar
2025-09-16 22:03 ` [PATCH v4 23/34] lsm: introduce an initcall mechanism into the LSM framework Paul Moore
2025-09-18 17:19 ` Mimi Zohar
2025-09-16 22:03 ` [PATCH v4 24/34] loadpin: move initcalls to " Paul Moore
2025-09-18 11:15 ` Mimi Zohar
2025-09-18 15:27 ` Paul Moore
2025-09-16 22:03 ` [PATCH v4 25/34] ipe: " Paul Moore
2025-09-16 22:03 ` [PATCH v4 26/34] smack: " Paul Moore
2025-09-16 22:03 ` [PATCH v4 27/34] tomoyo: " Paul Moore
2025-09-16 22:03 ` [PATCH v4 28/34] safesetid: " Paul Moore
2025-09-16 22:03 ` [PATCH v4 29/34] apparmor: " Paul Moore
2025-09-16 22:03 ` [PATCH v4 30/34] lockdown: " Paul Moore
2025-09-16 22:03 ` [PATCH v4 31/34] ima,evm: " Paul Moore
2025-09-30 20:11 ` Paul Moore
2025-10-01 17:03 ` Mimi Zohar
2025-10-01 17:23 ` Paul Moore
2025-10-10 16:53 ` Mimi Zohar [this message]
2025-10-10 19:21 ` Paul Moore
2025-10-10 10:19 ` Mimi Zohar
2025-09-16 22:03 ` [PATCH v4 32/34] selinux: " Paul Moore
2025-09-16 22:04 ` [PATCH v4 33/34] lsm: consolidate all of the LSM framework initcalls Paul Moore
2025-09-16 22:04 ` [PATCH v4 34/34] lsm: add a LSM_STARTED_ALL notification event Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=282070d5c0dd68140ae221833ea8c5ba4baada4f.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=casey@schaufler-ca.com \
--cc=gnoack@google.com \
--cc=john.johansen@canonical.com \
--cc=kees@kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=mortonm@chromium.org \
--cc=nicolas.bouchinet@oss.cyber.gouv.fr \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=roberto.sassu@huawei.com \
--cc=selinux@vger.kernel.org \
--cc=wufan@kernel.org \
--cc=xiujianfeng@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).