* [PATCH v4] ima: silence measurement list hexdump during kexec
@ 2021-12-29 2:03 Bruno Meneguele
2022-01-05 13:35 ` Mimi Zohar
0 siblings, 1 reply; 2+ messages in thread
From: Bruno Meneguele @ 2021-12-29 2:03 UTC (permalink / raw)
To: zohar; +Cc: linux-integrity, linux-kernel, Bruno Meneguele
Direclty calling print_hex_dump() dumps the IMA measurement list on soft
resets (kexec) straight to the syslog (kmsg/dmesg) without considering the
DEBUG flag or the dynamic debug state, causing the output to be always
printed, including during boot time.
Since this output is only valid for IMA debugging, but not necessary on
normal kexec operation, print_hex_dump_debug() adheres to the pr_debug()
behavior: the dump is only printed to syslog when DEBUG is defined or when
explicitly requested by the user through dynamic debugging.
Signed-off-by: Bruno Meneguele <bmeneg@redhat.com>
---
Changelog:
- v3:
- after more in depth testing it was defined that v1 and v2 solution
matches with the expected behavior instead of the one proposed on v3.
- clarify/simplify the patch description.
- v2: guard call with #ifdef instead of using print_hex_dump_debug, which
would not completely solve the case.
- v1: update commit log with more information.
security/integrity/ima/ima_kexec.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
index f799cc278a9a..13753136f03f 100644
--- a/security/integrity/ima/ima_kexec.c
+++ b/security/integrity/ima/ima_kexec.c
@@ -61,9 +61,9 @@ static int ima_dump_measurement_list(unsigned long *buffer_size, void **buffer,
}
memcpy(file.buf, &khdr, sizeof(khdr));
- print_hex_dump(KERN_DEBUG, "ima dump: ", DUMP_PREFIX_NONE,
- 16, 1, file.buf,
- file.count < 100 ? file.count : 100, true);
+ print_hex_dump_debug("ima dump: ", DUMP_PREFIX_NONE, 16, 1,
+ file.buf, file.count < 100 ? file.count : 100,
+ true);
*buffer_size = file.count;
*buffer = file.buf;
--
2.33.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v4] ima: silence measurement list hexdump during kexec
2021-12-29 2:03 [PATCH v4] ima: silence measurement list hexdump during kexec Bruno Meneguele
@ 2022-01-05 13:35 ` Mimi Zohar
0 siblings, 0 replies; 2+ messages in thread
From: Mimi Zohar @ 2022-01-05 13:35 UTC (permalink / raw)
To: Bruno Meneguele; +Cc: linux-integrity, linux-kernel
On Tue, 2021-12-28 at 23:03 -0300, Bruno Meneguele wrote:
> Direclty calling print_hex_dump() dumps the IMA measurement list on soft
^Directly
> resets (kexec) straight to the syslog (kmsg/dmesg) without considering the
> DEBUG flag or the dynamic debug state, causing the output to be always
> printed, including during boot time.
>
> Since this output is only valid for IMA debugging, but not necessary on
> normal kexec operation, print_hex_dump_debug() adheres to the pr_debug()
> behavior: the dump is only printed to syslog when DEBUG is defined or when
> explicitly requested by the user through dynamic debugging.
>
> Signed-off-by: Bruno Meneguele <bmeneg@redhat.com>
Thanks, Bruno. This patch is now queued in #next-integrity-testing.
Mimi
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-01-05 13:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-29 2:03 [PATCH v4] ima: silence measurement list hexdump during kexec Bruno Meneguele
2022-01-05 13:35 ` Mimi Zohar
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.