From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6FB90CA9EA0 for ; Fri, 25 Oct 2019 17:28:00 +0000 (UTC) Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D987821872 for ; Fri, 25 Oct 2019 17:27:59 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D987821872 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.vnet.ibm.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4709zw2n4VzDqnZ for ; Sat, 26 Oct 2019 04:27:56 +1100 (AEDT) Received: from ozlabs.org (bilbo.ozlabs.org [IPv6:2401:3900:2:1::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4709wf43lRzDqlp for ; Sat, 26 Oct 2019 04:25:06 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from ozlabs.org (bilbo.ozlabs.org [203.11.71.1]) by bilbo.ozlabs.org (Postfix) with ESMTP id 4709wf2h31z8xSH for ; Sat, 26 Oct 2019 04:25:06 +1100 (AEDT) Received: by ozlabs.org (Postfix) id 4709wf1xSSz9sPp; Sat, 26 Oct 2019 04:25:06 +1100 (AEDT) Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=linux.vnet.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=nayna@linux.vnet.ibm.com; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4709wd4sd0z9sPV; Sat, 26 Oct 2019 04:25:05 +1100 (AEDT) Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x9PHGptb026689; Fri, 25 Oct 2019 13:24:52 -0400 Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 2vv4b0t3rg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 25 Oct 2019 13:24:52 -0400 Received: from m0098416.ppops.net (m0098416.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.27/8.16.0.27) with SMTP id x9PHHnoQ029356; Fri, 25 Oct 2019 13:24:51 -0400 Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0b-001b2d01.pphosted.com with ESMTP id 2vv4b0t3r2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 25 Oct 2019 13:24:51 -0400 Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id x9PHNsFF009592; Fri, 25 Oct 2019 17:24:51 GMT Received: from b03cxnp08025.gho.boulder.ibm.com (b03cxnp08025.gho.boulder.ibm.com [9.17.130.17]) by ppma03dal.us.ibm.com with ESMTP id 2vqt48a6nx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 25 Oct 2019 17:24:50 +0000 Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237]) by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x9PHOnL462587380 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 25 Oct 2019 17:24:49 GMT Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2C49BC6059; Fri, 25 Oct 2019 17:24:49 +0000 (GMT) Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E7DE4C6057; Fri, 25 Oct 2019 17:24:46 +0000 (GMT) Received: from [9.85.155.79] (unknown [9.85.155.79]) by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 25 Oct 2019 17:24:46 +0000 (GMT) Subject: Re: [PATCH v9 5/8] ima: make process_buffer_measurement() generic To: Lakshmi Ramasubramanian , Nayna Jain , linuxppc-dev@ozlabs.org, linux-efi@vger.kernel.org, linux-integrity@vger.kernel.org References: <20191024034717.70552-1-nayna@linux.ibm.com> <20191024034717.70552-6-nayna@linux.ibm.com> <1ae56786-4d5c-ba8e-e30c-ced1e15ccb9c@linux.microsoft.com> From: Nayna Jain Message-ID: <24cf44d5-a1f0-f59e-9884-c026b1ee2d3b@linux.vnet.ibm.com> Date: Fri, 25 Oct 2019 12:24:45 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <1ae56786-4d5c-ba8e-e30c-ced1e15ccb9c@linux.microsoft.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-10-25_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1910250158 X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ard Biesheuvel , Eric Ricther , Prakhar Srivastava , linux-kernel@vger.kernel.org, Mimi Zohar , Claudio Carvalho , Matthew Garret , Greg Kroah-Hartman , Paul Mackerras , Jeremy Kerr , Elaine Palmer , Oliver O'Halloran , George Wilson Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" On 10/24/19 10:20 AM, Lakshmi Ramasubramanian wrote: > On 10/23/19 8:47 PM, Nayna Jain wrote: > > Hi Nayna, > >> +void process_buffer_measurement(const void *buf, int size, >> +                const char *eventname, enum ima_hooks func, >> +                int pcr) >>   { >>       int ret = 0; >>       struct ima_template_entry *entry = NULL; > >> +    if (func) { >> +        security_task_getsecid(current, &secid); >> +        action = ima_get_action(NULL, current_cred(), secid, 0, func, >> +                    &pcr, &template); >> +        if (!(action & IMA_MEASURE)) >> +            return; >> +    } > > In your change set process_buffer_measurement is called with NONE for > the parameter func. So ima_get_action (the above if block) will not be > executed. > > Wouldn't it better to update ima_get_action (and related functions) to > handle the ima policy (func param)? The idea is to use ima-buf template for the auxiliary measurement record. The auxiliary measurement record is an additional record to the one already created based on the existing policy. When func is passed as NONE, it represents it is an additional record. I am not sure what you mean by updating ima_get_action, it is already handling the ima policy. Thanks & Regards,     - Nayna