From: Mimi Zohar <zohar@linux.ibm.com>
To: Tushar Sugandhi <tusharsu@linux.microsoft.com>,
stephen.smalley.work@gmail.com, casey@schaufler-ca.com,
agk@redhat.com, snitzer@redhat.com, gmazyland@gmail.com,
paul@paul-moore.com
Cc: tyhicks@linux.microsoft.com, sashal@kernel.org,
jmorris@namei.org, nramas@linux.microsoft.com,
linux-integrity@vger.kernel.org, selinux@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, dm-devel@redhat.com
Subject: Re: [PATCH v9 3/8] IMA: define a hook to measure kernel integrity critical data
Date: Thu, 24 Dec 2020 08:04:40 -0500 [thread overview]
Message-ID: <5ae72a76664ce7011d3041689efbfe1a2c67d44f.camel@linux.ibm.com> (raw)
In-Reply-To: <20201212180251.9943-4-tusharsu@linux.microsoft.com>
On Sat, 2020-12-12 at 10:02 -0800, Tushar Sugandhi wrote:
> IMA provides capabilities to measure file data, and in-memory buffer
No need for the comma here.
Up to this patch set, all the patches refer to "buffer data", not "in-
memory buffer data". This patch introduces the concept of measuring
"in-memory buffer data". Please remove "in-memory" above.
> data. However, various data structures, policies, and states
Here and everywhere else, there are two blanks after a period.
> stored in kernel memory also impact the integrity of the system.
> Several kernel subsystems contain such integrity critical data. These
> kernel subsystems help protect the integrity of a device. Currently,
^integrity of the system.
> IMA does not provide a generic function for kernel subsystems to measure
> their integrity critical data.
The emphasis should not be on "kernel subsystems". Simplify to "for
measuring kernel integrity critical data".
>
> Define a new IMA hook - ima_measure_critical_data to measure kernel
> integrity critical data.
Either "ima_measure_critical_data" is between hyphens or without any
hyphens. If not hyphenated, then you could say "named
ima_measure_critical_data", but "named" isn't necessary. Or reverse "a
new IMA hook" and "ima_measure_critical_data", adding comma's like:
Define ima_measure_critical_data, a new IMA hook, to ...
Any of the above options work, just not a single hyphen.
>
> Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
> Reviewed-by: Tyler Hicks <tyhicks@linux.microsoft.com>
> ---
<snip>
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index 0f8409d77602..dff4bce4fb09 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -922,6 +922,40 @@ void ima_kexec_cmdline(int kernel_fd, const void *buf, int size)
> fdput(f);
> }
>
> +/**
> + * ima_measure_critical_data - measure kernel integrity critical data
> + * @event_name: event name to be used for the buffer entry
Why future tense? By "buffer entry" do you mean a record in the IMA
measurement list?
> + * @buf: pointer to buffer containing data to measure
^pointer to buffer data
> + * @buf_len: length of buffer(in bytes)
^length of buffer data (in bytes)
> + * @measure_buf_hash: measure buffer hash
As requested in 2/8, please abbreviate the boolean name to "hash".
Refer to section "4) Naming" in Documentation/process/coding-style.rst
for variable naming conventions.
^@hash: measure buffer data hash
> + *
> + * Measure the kernel subsystem data, critical to the integrity of the kernel,
> + * into the IMA log and extend the @pcr.
> + *
> + * Use @event_name to describe the state/buffer data change.
> + * Examples of critical data (@buf) could be various data structures,
> + * policies, and states stored in kernel memory that can impact the integrity
> + * of the system.
> + *
> + * If @measure_buf_hash is set to true - measure hash of the buffer data,
> + * else measure the buffer data itself.
> + * @measure_buf_hash can be used to save space, if the data being measured
> + * is too large.
> + *
> + * The data (@buf) can only be measured, not appraised.
The "/**" is the start of kernel-doc. Have you seen anywhere else in
the kernel using the @<variable name> in the longer function
description? Have you seen this style of longer function
description? Refer to Documentation/doc-guide/kernel-doc.rst and other
code for examples.
> + */
> +void ima_measure_critical_data(const char *event_name,
> + const void *buf, int buf_len,
As "buf_len" should always be >= 0, it should not be defined as a
signed variable.
> + bool measure_buf_hash)
> +{
> + if (!event_name || !buf || !buf_len)
> + return;
> +
> + process_buffer_measurement(NULL, buf, buf_len, event_name,
> + CRITICAL_DATA, 0, NULL,
> + measure_buf_hash);
^hash
thanks,
Mimi
> +}
> +
> static int __init init_ima(void)
> {
> int error;
WARNING: multiple messages have this Message-ID (diff)
From: Mimi Zohar <zohar@linux.ibm.com>
To: Tushar Sugandhi <tusharsu@linux.microsoft.com>,
stephen.smalley.work@gmail.com, casey@schaufler-ca.com,
agk@redhat.com, snitzer@redhat.com, gmazyland@gmail.com,
paul@paul-moore.com
Cc: sashal@kernel.org, dm-devel@redhat.com, selinux@vger.kernel.org,
jmorris@namei.org, linux-kernel@vger.kernel.org,
nramas@linux.microsoft.com,
linux-security-module@vger.kernel.org,
tyhicks@linux.microsoft.com, linux-integrity@vger.kernel.org
Subject: Re: [dm-devel] [PATCH v9 3/8] IMA: define a hook to measure kernel integrity critical data
Date: Thu, 24 Dec 2020 08:04:40 -0500 [thread overview]
Message-ID: <5ae72a76664ce7011d3041689efbfe1a2c67d44f.camel@linux.ibm.com> (raw)
In-Reply-To: <20201212180251.9943-4-tusharsu@linux.microsoft.com>
On Sat, 2020-12-12 at 10:02 -0800, Tushar Sugandhi wrote:
> IMA provides capabilities to measure file data, and in-memory buffer
No need for the comma here.
Up to this patch set, all the patches refer to "buffer data", not "in-
memory buffer data". This patch introduces the concept of measuring
"in-memory buffer data". Please remove "in-memory" above.
> data. However, various data structures, policies, and states
Here and everywhere else, there are two blanks after a period.
> stored in kernel memory also impact the integrity of the system.
> Several kernel subsystems contain such integrity critical data. These
> kernel subsystems help protect the integrity of a device. Currently,
^integrity of the system.
> IMA does not provide a generic function for kernel subsystems to measure
> their integrity critical data.
The emphasis should not be on "kernel subsystems". Simplify to "for
measuring kernel integrity critical data".
>
> Define a new IMA hook - ima_measure_critical_data to measure kernel
> integrity critical data.
Either "ima_measure_critical_data" is between hyphens or without any
hyphens. If not hyphenated, then you could say "named
ima_measure_critical_data", but "named" isn't necessary. Or reverse "a
new IMA hook" and "ima_measure_critical_data", adding comma's like:
Define ima_measure_critical_data, a new IMA hook, to ...
Any of the above options work, just not a single hyphen.
>
> Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
> Reviewed-by: Tyler Hicks <tyhicks@linux.microsoft.com>
> ---
<snip>
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index 0f8409d77602..dff4bce4fb09 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -922,6 +922,40 @@ void ima_kexec_cmdline(int kernel_fd, const void *buf, int size)
> fdput(f);
> }
>
> +/**
> + * ima_measure_critical_data - measure kernel integrity critical data
> + * @event_name: event name to be used for the buffer entry
Why future tense? By "buffer entry" do you mean a record in the IMA
measurement list?
> + * @buf: pointer to buffer containing data to measure
^pointer to buffer data
> + * @buf_len: length of buffer(in bytes)
^length of buffer data (in bytes)
> + * @measure_buf_hash: measure buffer hash
As requested in 2/8, please abbreviate the boolean name to "hash".
Refer to section "4) Naming" in Documentation/process/coding-style.rst
for variable naming conventions.
^@hash: measure buffer data hash
> + *
> + * Measure the kernel subsystem data, critical to the integrity of the kernel,
> + * into the IMA log and extend the @pcr.
> + *
> + * Use @event_name to describe the state/buffer data change.
> + * Examples of critical data (@buf) could be various data structures,
> + * policies, and states stored in kernel memory that can impact the integrity
> + * of the system.
> + *
> + * If @measure_buf_hash is set to true - measure hash of the buffer data,
> + * else measure the buffer data itself.
> + * @measure_buf_hash can be used to save space, if the data being measured
> + * is too large.
> + *
> + * The data (@buf) can only be measured, not appraised.
The "/**" is the start of kernel-doc. Have you seen anywhere else in
the kernel using the @<variable name> in the longer function
description? Have you seen this style of longer function
description? Refer to Documentation/doc-guide/kernel-doc.rst and other
code for examples.
> + */
> +void ima_measure_critical_data(const char *event_name,
> + const void *buf, int buf_len,
As "buf_len" should always be >= 0, it should not be defined as a
signed variable.
> + bool measure_buf_hash)
> +{
> + if (!event_name || !buf || !buf_len)
> + return;
> +
> + process_buffer_measurement(NULL, buf, buf_len, event_name,
> + CRITICAL_DATA, 0, NULL,
> + measure_buf_hash);
^hash
thanks,
Mimi
> +}
> +
> static int __init init_ima(void)
> {
> int error;
--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel
next prev parent reply other threads:[~2020-12-24 13:07 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-12 18:02 [PATCH v9 0/8] IMA: support for measuring kernel integrity critical data Tushar Sugandhi
2020-12-12 18:02 ` [dm-devel] " Tushar Sugandhi
2020-12-12 18:02 ` [PATCH v9 1/8] IMA: generalize keyring specific measurement constructs Tushar Sugandhi
2020-12-12 18:02 ` [dm-devel] " Tushar Sugandhi
2020-12-24 13:06 ` Mimi Zohar
2020-12-24 13:06 ` [dm-devel] " Mimi Zohar
2021-01-05 18:48 ` Tushar Sugandhi
2021-01-05 18:48 ` [dm-devel] " Tushar Sugandhi
2020-12-12 18:02 ` [PATCH v9 2/8] IMA: add support to measure buffer data hash Tushar Sugandhi
2020-12-12 18:02 ` [dm-devel] " Tushar Sugandhi
2020-12-24 0:03 ` Mimi Zohar
2020-12-24 0:03 ` [dm-devel] " Mimi Zohar
2021-01-05 18:53 ` Tushar Sugandhi
2021-01-05 18:53 ` [dm-devel] " Tushar Sugandhi
2021-01-06 5:00 ` Tushar Sugandhi
2021-01-06 5:00 ` [dm-devel] " Tushar Sugandhi
2020-12-12 18:02 ` [PATCH v9 3/8] IMA: define a hook to measure kernel integrity critical data Tushar Sugandhi
2020-12-12 18:02 ` [dm-devel] " Tushar Sugandhi
2020-12-24 13:04 ` Mimi Zohar [this message]
2020-12-24 13:04 ` Mimi Zohar
2021-01-05 20:01 ` Tushar Sugandhi
2021-01-05 20:01 ` [dm-devel] " Tushar Sugandhi
2021-01-05 20:16 ` Mimi Zohar
2021-01-05 20:16 ` [dm-devel] " Mimi Zohar
2021-01-05 20:19 ` Tushar Sugandhi
2021-01-05 20:19 ` [dm-devel] " Tushar Sugandhi
2020-12-12 18:02 ` [PATCH v9 4/8] IMA: add policy rule to measure " Tushar Sugandhi
2020-12-12 18:02 ` [dm-devel] " Tushar Sugandhi
2020-12-12 19:20 ` Tyler Hicks
2020-12-12 19:20 ` [dm-devel] " Tyler Hicks
2020-12-13 1:21 ` Tushar Sugandhi
2020-12-13 1:21 ` [dm-devel] " Tushar Sugandhi
2020-12-24 13:48 ` Mimi Zohar
2020-12-24 13:48 ` [dm-devel] " Mimi Zohar
2021-01-05 20:12 ` Tushar Sugandhi
2021-01-05 20:12 ` [dm-devel] " Tushar Sugandhi
2020-12-12 18:02 ` [PATCH v9 5/8] IMA: limit critical data measurement based on a label Tushar Sugandhi
2020-12-12 18:02 ` [dm-devel] " Tushar Sugandhi
2020-12-12 19:20 ` Tyler Hicks
2020-12-12 19:20 ` [dm-devel] " Tyler Hicks
2020-12-13 1:21 ` Tushar Sugandhi
2020-12-13 1:21 ` [dm-devel] " Tushar Sugandhi
2020-12-24 14:29 ` Mimi Zohar
2020-12-24 14:29 ` [dm-devel] " Mimi Zohar
2021-01-05 20:28 ` Tushar Sugandhi
2021-01-05 20:28 ` [dm-devel] " Tushar Sugandhi
2020-12-12 18:02 ` [PATCH v9 6/8] IMA: extend critical data hook to limit the " Tushar Sugandhi
2020-12-12 18:02 ` [dm-devel] " Tushar Sugandhi
2020-12-12 18:02 ` [PATCH v9 7/8] IMA: define a builtin critical data measurement policy Tushar Sugandhi
2020-12-12 18:02 ` [dm-devel] " Tushar Sugandhi
2020-12-24 14:41 ` Mimi Zohar
2020-12-24 14:41 ` [dm-devel] " Mimi Zohar
2021-01-05 20:30 ` Tushar Sugandhi
2021-01-05 20:30 ` [dm-devel] " Tushar Sugandhi
2020-12-12 18:02 ` [PATCH v9 8/8] selinux: include a consumer of the new IMA critical data hook Tushar Sugandhi
2020-12-12 18:02 ` [dm-devel] " Tushar Sugandhi
2020-12-23 21:10 ` Paul Moore
2020-12-23 21:10 ` [dm-devel] " Paul Moore
2021-01-04 23:30 ` Lakshmi Ramasubramanian
2021-01-04 23:30 ` [dm-devel] " Lakshmi Ramasubramanian
2021-01-05 2:13 ` Paul Moore
2021-01-05 2:13 ` [dm-devel] " Paul Moore
2021-01-05 5:24 ` Lakshmi Ramasubramanian
2021-01-05 5:24 ` [dm-devel] " Lakshmi Ramasubramanian
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5ae72a76664ce7011d3041689efbfe1a2c67d44f.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=agk@redhat.com \
--cc=casey@schaufler-ca.com \
--cc=dm-devel@redhat.com \
--cc=gmazyland@gmail.com \
--cc=jmorris@namei.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=nramas@linux.microsoft.com \
--cc=paul@paul-moore.com \
--cc=sashal@kernel.org \
--cc=selinux@vger.kernel.org \
--cc=snitzer@redhat.com \
--cc=stephen.smalley.work@gmail.com \
--cc=tusharsu@linux.microsoft.com \
--cc=tyhicks@linux.microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.