Linux-Integrity Archive on lore.kernel.org
 help / color / Atom feed
From: Janne Karhunen <janne.karhunen@gmail.com>
To: linux-integrity@vger.kernel.org,
	linux-security-module@vger.kernel.org, zohar@linux.ibm.com
Cc: Janne Karhunen <janne.karhunen@gmail.com>
Subject: [PATCH 0/5] integrity: improve ima measurement accuracy
Date: Mon, 13 May 2019 15:53:49 +0300
Message-ID: <20190513125354.23126-1-janne.karhunen@gmail.com> (raw)

By default the linux integrity subsystem measures a file only
when a file is being closed. While this certainly provides
low overhead as the re-measurements are never done, it also
makes sure the system has zero means to recover from a crash
or a power outage when operating in 'appraise' mode. 

This patch series adds two new IMA api functions to retrigger
the measurements as the files change. Synchronous variant
should be invoked from less performance sensitive locations
such as sync|msync|truncate where the user is expecting some
latency, and the asynchronous variant can be called from
performance sensitive locations such as direct write or mmio.

Asynchronous variant is mostly 'out of the way' on write hot
paths, each file write is only checking that we have a cmwq
work entry pending to re-calculate the file measurement later
on. Re-measurement latencies are build time tunables and the
latencies are automatically raised for very large files.

While this does not provide absolutely perfect tolerance to
system resets, for most reasonable embedded system workloads
it can be tuned to achieve really high measurement accurancy
with the measurements being accurate 99.9%+ of the day.

Janne Karhunen (5):
  integrity: keep the integrity state of open files up to date
  integrity: update the file measurement on truncate
  integrity: update the file measurement on write
  integrity: measure the file on sync
  integrity: measure the file on msync

 fs/namei.c                            |   5 +-
 fs/open.c                             |   3 +
 fs/read_write.c                       |  11 ++-
 fs/sync.c                             |   3 +
 include/linux/ima.h                   |  12 +++
 mm/msync.c                            |   7 ++
 security/integrity/ima/Kconfig        |  20 +++++
 security/integrity/ima/ima_appraise.c |   6 +-
 security/integrity/ima/ima_main.c     | 103 +++++++++++++++++++++++++-
 security/integrity/integrity.h        |   6 ++
 10 files changed, 171 insertions(+), 5 deletions(-)

-- 
2.17.1


             reply index

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-05-13 12:53 Janne Karhunen [this message]
2019-05-13 12:53 ` [PATCH 1/5] integrity: keep the integrity state of open files up to date Janne Karhunen
2019-05-13 12:53 ` [PATCH 2/5] integrity: update the file measurement on truncate Janne Karhunen
2019-05-13 12:53 ` [PATCH 3/5] integrity: update the file measurement on write Janne Karhunen
2019-05-13 12:53 ` [PATCH 4/5] integrity: measure the file on sync Janne Karhunen
2019-05-13 12:53 ` [PATCH 5/5] integrity: measure the file on msync Janne Karhunen

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190513125354.23126-1-janne.karhunen@gmail.com \
    --to=janne.karhunen@gmail.com \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Integrity Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-integrity/0 linux-integrity/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-integrity linux-integrity/ https://lore.kernel.org/linux-integrity \
		linux-integrity@vger.kernel.org linux-integrity@archiver.kernel.org
	public-inbox-index linux-integrity


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-integrity


AGPL code for this site: git clone https://public-inbox.org/ public-inbox