b4 is now widely used and is quite helpful for a lot of the things that
submitting-patches covers, let's advertise it to submitters to try to make
their lives easier and reduce the number of procedural issues maintainers
see.
Reviewed-by: Shuah Khan
Signed-off-by: Mark Brown
---
Changes in v2:
-
On Thu, Sep 05, 2024 at 01:33:33PM GMT, Mark Brown wrote:
> b4 is now widely used and is quite helpful for a lot of the things that
> submitting-patches covers, let's advertise it to submitters to try to make
> their lives easier and reduce the number of procedural issues maintainers
> see.
I cons
From: Roberto Sassu
Integrity detection and protection has long been a desirable feature, to
reach a large user base and mitigate the risk of flaws in the software
and attacks.
However, while solutions exist, they struggle to reach a large user base,
due to requiring higher than desired constrai
From: Roberto Sassu
Introduce digest_cache_init() to initialize created digest caches. Since
initialization happens after releasing both the dig_owner_mutex and
dig_user_mutex locks (to avoid a lock inversion with VFS locks), any caller
of digest_cache_get() can potentially be in charge of initia
From: Roberto Sassu
Create the digest_cache directory in /integrity, and add the
default_path file, to let root change/read the default path (file or
directory) from where digest lists are looked up.
An RW semaphore prevents the default path from changing while
digest_list_new() and read_default
From: Roberto Sassu
Add a linked list of hash tables to the digest cache, one per algorithm,
containing the digests extracted from digest lists.
The number of hash table slots is determined by dividing the number of
digests to add to the average depth of the collision list defined with
CONFIG_DI
From: Roberto Sassu
Introduce digest_cache_populate() to populate the digest cache from a
digest list. Call it from digest_cache_init() if the inode is a regular
file.
It opens the file and then schedules a work to read the content (with new
file type READING_DIGEST_LIST). Scheduling a work solv
From: Roberto Sassu
Add digest_list_parse_tlv(), to parse TLV-formatted (Type Length Value)
digest lists. Their structure is:
[header: DIGEST_LIST_FILE, num fields, total len]
[field: DIGEST_LIST_ALGO, length, value]
[field: DIGEST_LIST_ENTRY#1, length, value (below)]
|- [header: DIGEST_LIST_EN
From: Roberto Sassu
Add a parser of a generic Type-Length-Value (TLV) format:
+-+--+-+
| data type (u64) | num fields (u64) | total len (u64) | # header
+--+--+-++-+---+
| field1 (u64) | len1 (u64) | value1 (
From: Roberto Sassu
The Integrity Digest Cache can support other LSMs in their decisions of
granting access to file data and metadata.
However, the information alone about whether a digest was found in a digest
cache might not be sufficient, because for example those LSMs wouldn't know
about the
From: Roberto Sassu
In the environments where xattrs are not available (e.g. in the initial ram
disk), the Integrity Digest Cache cannot precisely determine which digest
list in a directory contains the desired reference digest. However,
although slower, it would be desirable to search the digest
From: Roberto Sassu
Register six new LSM hooks on behalf of the IMA LSM, path_truncate,
file_release, inode_unlink, inode_rename, inode_post_setxattr and
inode_post_removexattr, to monitor digest lists/parent directory
modifications.
If an action affects a digest list or the parent directory, th
From: Roberto Sassu
A desirable goal when doing integrity measurements is that they are done
always in the same order across boots, so that the resulting PCR value
becomes predictable and suitable for sealing policies. However, due to
parallel execution of system services at boot, a deterministic
From: Roberto Sassu
Add tests to verify the correctness of the Integrity Digest Cache, in
all_test.c.
Add the kernel module digest_cache_kern.ko, to let all_test call the API
of the Integrity Digest Cache through the newly introduced
digest_cache_test file in /integrity/digest_cache.
Test cover
From: Roberto Sassu
Implement a simple parser of RPM headers, that extracts the digest and the
algorithm of the packaged files from the RPMTAG_FILEDIGESTS and
RPMTAG_FILEDIGESTALGO section, and adds them to the digest cache.
The rpm digest list parser has been verified with Frama-C
(https://fram
From: Roberto Sassu
Add the documentation of the Integrity Digest Cache in
Documentation/security.
Signed-off-by: Roberto Sassu
---
Documentation/security/digest_cache.rst | 814
Documentation/security/index.rst| 1 +
MAINTAINERS |
From: Roberto Sassu
Introduce the Integrity Digest Cache, to collect digests from various
sources (called digest lists), and to store them in kernel memory, in a set
of hash tables forming a digest cache. Extracted digests can be used as
reference values for integrity verification of file data or
From: Roberto Sassu
Add the 'digest_cache=' policy keyword, to enable the usage of digest
caches for specific IMA actions and purpose.
At the moment, it accepts only 'data' as value, as digest caches can be
used only for measurement and appraisal of file data. In the future, it
might be possible
From: Roberto Sassu
One of the IMA shortcomings over the years has been the availability of
reference digest values for appraisal. Recently, the situation improved
and some Linux distributions are including file signatures, such as
Fedora 39.
The Integrity Digest Cache takes a different approach
From: Roberto Sassu
Specify the 'digest_cache_measure' boot-time policy with 'ima_policy=' in
the kernel command line to add the following rule at the beginning of the
IMA policy, before other rules:
measure func=DIGEST_LIST_CHECK pcr=12
which will measure digest lists into PCR 12 (or the value
From: Roberto Sassu
Invoking digest_cache_get() inside the iint->mutex critical region can
cause deadlocks due to the fact that IMA can be recursively invoked for
reading the digest list. The deadlock would occur if the Integrity Digest
Cache attempts to read the same inode that is already locked
From: Roberto Sassu
Setting the boot-time built-in policies 'digest_cache_measure' and
'digest_cache_appraise' is not sufficient to use the Integrity Digest Cache
to measure and appraise files, since their effect is only to measure and
appraise digest lists.
Modify existing measurement rules if
From: Roberto Sassu
Introduce a new hook to check the integrity of digest lists.
The new hook is invoked during a kernel read with file type
READING_DIGEST LIST, which is done by the Integrity Digest Cache when it is
populating a digest cache with a digest list.
Signed-off-by: Roberto Sassu
--
From: Roberto Sassu
Add a digest cache pointer to the ima_iint_cache structure and introduce
ima_digest_cache_get_check() to retrieve a fresh digest cache and compare
with the pointer stored in the previous calls (if digest cache was enabled
in the IMA policy).
If the pointers don't match, reset
From: Roberto Sassu
The Integrity Digest Cache allows integrity providers to record how the
digest list being used to populate the digest cache was verified.
Integrity providers can register a kernel_post_read_file LSM hook
implementation, and call digest_cache_verif_set() providing the result o
From: Roberto Sassu
Introduce a new measurement style using digest caches, which can be
performed exclusively on non-standard PCRs, to avoid ambiguity.
While a measurement on the standard PCR means that a file was accessed and
had the measured data, a measurement with the digest cache means only
From: Roberto Sassu
Similarly to measurement, enable the new appraisal style too using digest
caches.
It allows files to be verified by only checking the signature of the
package they belong to (as opposed to checking individual file signatures),
and by doing a digest lookup in the digest cache.
From: Roberto Sassu
Introduce ima_digest_cache_load_verified_usage() to retrieve the verified
usage from the digest cache returned from the lookup of the digest
calculated by IMA on a file being accessed.
Verified usage cannot be loaded from the digest cache returned by
digest_cache_get() since
On 9/5/24 08:05, Roberto Sassu wrote:
...
> +module_init(digest_cache_test_init);
> +module_exit(digest_cache_test_fini);
> +MODULE_LICENSE("GPL");
Missing MODULE_DESCRIPTION()
Since commit 1fffe7a34c89 ("script: modpost: emit a warning when the
description is missing"), a module without a MODULE
On Thu, 2024-09-05 at 10:02 -0700, Jeff Johnson wrote:
> On 9/5/24 08:05, Roberto Sassu wrote:
> ...
> > +module_init(digest_cache_test_init);
> > +module_exit(digest_cache_test_fini);
> > +MODULE_LICENSE("GPL");
>
> Missing MODULE_DESCRIPTION()
>
> Since commit 1fffe7a34c89 ("script: modpost: em
On 6/12/2024 2:32 PM, Sean Christopherson wrote:
On Fri, Apr 19, 2024, Chao Gao wrote:
On Wed, Feb 07, 2024 at 09:26:27AM -0800, Xin Li wrote:
Add FRED MSRs to the valid passthrough MSR list and set FRED MSRs intercept
based on FRED enumeration.
This needs a *much* more verbose explanation.
> On Sep 3, 2024, at 22:27, Palmer Dabbelt wrote:
>
> On Mon, 26 Aug 2024 19:24:38 PDT (-0700), c...@cyyself.name wrote:
>>
>>
>>> On Aug 27, 2024, at 00:36, Charlie Jenkins wrote:
>>> The hint address should not forcefully restrict the addresses returned
>>> by mmap as this causes mmap to
On Thu, 05 Sep 2024, Roberto Sassu wrote:
> From: Roberto Sassu
>
> Add a parser of a generic Type-Length-Value (TLV) format:
>
> +-+--+-+
> | data type (u64) | num fields (u64) | total len (u64) | # header
> +--+--+-++--
Mark Brown writes:
> b4 is now widely used and is quite helpful for a lot of the things that
> submitting-patches covers, let's advertise it to submitters to try to make
> their lives easier and reduce the number of procedural issues maintainers
> see.
>
> Reviewed-by: Shuah Khan
> Signed-off-by
Amit Vadhavana writes:
> Correct spelling mistakes in the documentation to improve readability.
>
> Signed-off-by: Amit Vadhavana
> ---
> V1: https://lore.kernel.org/all/20240810183238.34481-1-av2082...@gmail.com
> V1 -> V2:
> - Write the commit description in imperative mode.
> - Fix grammer mi
Christoph Hellwig writes:
>> diff --git a/drivers/dax/device.c b/drivers/dax/device.c
>> index eb61598..b7a31ae 100644
>> --- a/drivers/dax/device.c
>> +++ b/drivers/dax/device.c
>> @@ -126,11 +126,11 @@ static vm_fault_t __dev_dax_pte_fault(struct dev_dax
>> *dev_dax,
>> return V
Jan Kara writes:
> On Thu 27-06-24 10:54:21, Alistair Popple wrote:
>> Currently to map a DAX page the DAX driver calls vmf_insert_pfn. This
>> creates a special devmap PTE entry for the pfn but does not take a
>> reference on the underlying struct page for the mapping. This is
>> because DAX p
37 matches
Mail list logo
